pub/compliance-scan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add SSH scan support with BSI TR-02102-4 compliance

Browse Source 
- SSH scanning via ssh-audit (KEX, encryption, MAC, host keys)
- BSI TR-02102-4 and IANA compliance validation for SSH
- CSV/Markdown/reST reports for SSH results
- Unified compliance schema and database views
- Code optimization: modular query/writer architecture
This commit is contained in:
Heiko
2026-01-23 11:05:01 +01:00
parent 2b27138b2a
commit f60de7c2da
68 changed files with 7189 additions and 2835 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tests/conftest.py
View File

@@ -201,7 +201,7 @@ def temp_output_dir(tmp_path: Path) -> Path:
# SQL for database views
VIEWS_SQL = """
-- View: Cipher suites with compliance information
CREATE VIEW IF NOT EXISTS v_cipher_suites_with_compliance AS
CREATE VIEW IF NOT EXISTS v_compliance_tls_cipher_suites AS
SELECT
scs.scan_id,
scs.port,
@@ -241,7 +241,7 @@ LEFT JOIN bsi_tr_02102_2_tls bsi
AND bsi.category = 'cipher_suite';
-- View: Supported groups with compliance information
CREATE VIEW IF NOT EXISTS v_supported_groups_with_compliance AS
CREATE VIEW IF NOT EXISTS v_compliance_tls_supported_groups AS
SELECT
ssg.scan_id,
ssg.port,
@@ -260,7 +260,7 @@ LEFT JOIN scan_compliance_status sc
AND ssg.group_name = sc.item_name;
-- View: Certificates with compliance information
CREATE VIEW IF NOT EXISTS v_certificates_with_compliance AS
CREATE VIEW IF NOT EXISTS v_compliance_tls_certificates AS
SELECT
c.scan_id,
c.port,
@@ -287,7 +287,7 @@ GROUP BY c.scan_id, c.port, c.position, c.subject, c.issuer, c.serial_number,
c.signature_algorithm, c.fingerprint_sha256;
-- View: Port compliance summary
CREATE VIEW IF NOT EXISTS v_port_compliance_summary AS
CREATE VIEW IF NOT EXISTS v_summary_port_compliance AS
SELECT
scan_id,
port,
@@ -299,7 +299,7 @@ FROM scan_compliance_status
GROUP BY scan_id, port, check_type;
-- View: Missing BSI-approved groups
CREATE VIEW IF NOT EXISTS v_missing_bsi_groups AS
CREATE VIEW IF NOT EXISTS v_summary_missing_bsi_groups AS
SELECT
s.scan_id,
s.ports,
@@ -320,7 +320,7 @@ WHERE NOT EXISTS (
);
-- View: Missing IANA-recommended groups
CREATE VIEW IF NOT EXISTS v_missing_iana_groups AS
CREATE VIEW IF NOT EXISTS v_summary_missing_iana_groups AS
SELECT
s.scan_id,
s.ports,