added docker compose

Author: EL BADOURI Youssef

README.md

@@ -79,20 +79,9 @@ Before you begin, ensure you have met the following requirements:
    git clone https://github.com/MonsefRH/SafeOps
    ```
 
-2. **Install dependencies**
-   ```bash
-   # Install frontend dependencies
-   cd frontend
-
-   npm install
-   
-   # Install Python backend dependencies
-   cd backend
 
-   pip install -r requirements.txt
-   ```
 
-3. **Environment setup**
+2. **Environment setup in the backend**
    ```bash
    # Copy environment template
    cp .env.example .env
@@ -101,59 +90,18 @@ Before you begin, ensure you have met the following requirements:
    nano .env
    ```
 
- 4. **Database Setup**
-
- ***Step 1: Connect to PostgreSQL***
-```bash
-psql -U postgres
-```
-
-***Step 2: Create Database***
-```sql
--- In the psql terminal
-CREATE DATABASE safeops;
-\q
-```
-
-***Step 3: Create the admin user***
-```bash
-psql -U postgres -d safeops -f base.sql
-
-```
-***Step 4: Import Database Schema***
-```bash
-psql -U postgres
-
--- In the psql terminal
-
-INSERT INTO users  (name, email, password, role)
-VALUES (
-    'Admin ',
-    '[email protected]',
-    '$2b$12$YOUR_HASHED_PASSWORD', -- Replace with a bcrypt hashed password
-    'admin'
-);
-\q
-```
----
-
-**Note:** Replace `postgres` with your actual PostgreSQL username.
-
 ## Usage
 
-### Development Mode
+
+Start the full application (backend, frontend, and database) with:
 
 1. **Start the backend server**
    ```bash
-   python app.py
-   ```
+   docker compose up -d --build
 
-2. **Start the frontend development server**
-   ```bash
-   npm start
    ```
 
-3. **Access the application**
+2. **Access the application**
    - Frontend: `http://localhost:3000`
    - API: `http://localhost:5000`
 

backend/Dockerfile

@@ -0,0 +1,16 @@
+FROM python:3.12-slim
+
+WORKDIR /app
+
+# + git pour GitPython
+RUN apt-get update && apt-get install -y \
+    build-essential libpq-dev git \
+  && rm -rf /var/lib/apt/lists/*
+
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY . .
+
+EXPOSE 5000
+CMD ["flask", "run", "--host=0.0.0.0", "--port=5000"]

backend/requirements.txt

@@ -19,6 +19,9 @@ transformers
 torch
 flask_sqlalchemy
 semgrep
-check
+checkov
 flasgger
-apispec-pydantic-plugin
+apispec-pydantic-plugin
+flasgger
+apispec
+apispec_pydantic_plugin

backend/services/report_service.py

@@ -157,6 +157,7 @@ def send_csv_report_email(
     csv_path: str,
     csv_filename: str,
     user_name: str | None = None,
+    download_url: str | None = None,
 ):
     """Send an HTML email with SafeOps blue style and attach the CSV report."""
     msg = EmailMessage()

backend/services/risks_service.py

@@ -1,23 +1,74 @@
 from utils.db import db
 from models.scan_history import ScanHistory
 import logging
+import json
 
-# Configure logging
+# Configure logging (keep yours)
 logging.basicConfig(
     level=logging.DEBUG,
     format='%(asctime)s %(levelname)s:%(name)s: %(message)s',
     handlers=[logging.FileHandler('risks_app.log'), logging.StreamHandler()]
 )
 logger = logging.getLogger(__name__)
 
+# Map various tool severities to your 3 buckets
+def _normalize_severity(raw: str) -> str:
+    if not raw:
+        return "INFO"
+    s = str(raw).strip().upper()
+    # Checkov: CRITICAL/HIGH/MEDIUM/LOW/INFO
+    # Semgrep: ERROR/WARNING/INFO
+    if s in {"CRITICAL", "HIGH", "ERROR"}:
+        return "ERROR"
+    if s in {"MEDIUM", "WARNING"}:
+        return "WARNING"
+    return "INFO"
+
+def _ensure_dict(obj):
+    # Accept dict or JSON string
+    if obj is None:
+        return {}
+    if isinstance(obj, dict):
+        return obj
+    if isinstance(obj, str):
+        try:
+            return json.loads(obj)
+        except json.JSONDecodeError:
+            logger.warning("scan_result is a non-JSON string; ignoring.")
+            return {}
+    # Unexpected type
+    logger.warning(f"scan_result has unexpected type: {type(obj)}")
+    return {}
+
+def _extract_checkov_failed_checks(sr: dict):
+    """
+    Checkov commonly returns either:
+    - {"failed_checks": [...]}
+    - {"results": {"failed_checks": [...], "parsing_errors": [...], ...}}
+    """
+    if "failed_checks" in sr and isinstance(sr["failed_checks"], list):
+        return sr["failed_checks"]
+    results = sr.get("results", {})
+    if isinstance(results, dict) and isinstance(results.get("failed_checks"), list):
+        return results["failed_checks"]
+    return []
+
+def _extract_semgrep_findings(sr: dict):
+    """
+    Semgrep JSON v1: {"results": [ { "check_id": "...", "path": "...", "start": {...}, "extra": {"severity": "ERROR", "message": "..."} }, ... ] }
+    """
+    results = sr.get("results")
+    if isinstance(results, list):
+        return results
+    return []
+
 def get_risks(user_id):
-    """Fetch and aggregate risks for a user."""
+    """Fetch and aggregate risks for a user (Checkov + Semgrep)."""
     if not user_id:
         logger.error("Missing user_id for risks")
         raise ValueError("user_id is required")
 
     try:
-        # Fetch scan history
         scans = (
             ScanHistory.query
             .filter_by(user_id=user_id)
@@ -26,40 +77,65 @@ def get_risks(user_id):
             .all()
         )
 
-        # Aggregate risks by severity
         severity_counts = {"ERROR": 0, "WARNING": 0, "INFO": 0}
         detailed_risks = []
 
         for scan in scans:
-            scan_result = scan.scan_result
-            scan_type = scan.scan_type
-            if "failed_checks" in scan_result:
-                failed_checks = scan_result["failed_checks"]
-            elif "results" in scan_result and "failed_checks" in scan_result["results"]:
-                failed_checks = scan_result["results"]["failed_checks"]
+            scan_result = _ensure_dict(getattr(scan, "scan_result", None))
+            scan_type = getattr(scan, "scan_type", "unknown")
+
+            # 1) Try Checkov shape(s)
+            failed_checks = _extract_checkov_failed_checks(scan_result)
+
+            # 2) If no Checkov failed checks, try Semgrep shape
+            semgrep_results = []
+            if not failed_checks:
+                semgrep_results = _extract_semgrep_findings(scan_result)
+
+            # ---- Aggregate Checkov findings ----
             for check in failed_checks:
-                severity = check.get("severity") or "INFO"  # Handles None explicitly
-                  # Normalize to uppercase for counting (in case Checkov uses "high" or "High")
-                severity_upper = severity.upper() if severity else "INFO"
-                  # Only count if it's one of our expected keys (avoids errors if weird values)
-                if severity_upper in severity_counts:
-                      severity_counts[severity_upper] += 1
-                else:
-                      severity_counts["INFO"] += 1  # Fallback for unknown severities
+                sev = _normalize_severity(check.get("severity"))
+                severity_counts[sev] += 1
+
+                # Common Checkov fields
                 detailed_risks.append({
-                    "severity": severity,
+                    "severity": sev,
                     "check_id": check.get("check_id"),
-                    "file_path": check.get("file_path"),
-                    "message": check.get("message"),
-                    "suggestion": check.get("suggestion"),
-                    "scan_type": scan_type
+                    "file_path": check.get("file_path") or check.get("file") or check.get("resource"),
+                    "message": check.get("check_name") or check.get("message"),
+                    "suggestion": check.get("guideline") or check.get("remediation") or check.get("description"),
+                    "scan_type": scan_type or "checkov"
+                })
+
+            # ---- Aggregate Semgrep findings ----
+            for item in semgrep_results:
+                # Semgrep severity in extra.severity
+                raw_sev = None
+                extra = item.get("extra") if isinstance(item.get("extra"), dict) else {}
+                if extra:
+                    raw_sev = extra.get("severity")
+                sev = _normalize_severity(raw_sev)
+                severity_counts[sev] += 1
+
+                # Semgrep fields
+                file_path = item.get("path") or item.get("file")
+                message = (extra.get("message") if isinstance(extra, dict) else None) or item.get("message")
+                check_id = item.get("check_id") or (extra.get("engine_name") if isinstance(extra, dict) else None)
+
+                detailed_risks.append({
+                    "severity": sev,
+                    "check_id": check_id,
+                    "file_path": file_path,
+                    "message": message,
+                    "suggestion": extra.get("metadata", {}).get("fix") if isinstance(extra.get("metadata"), dict) else None,
+                    "scan_type": scan_type or "semgrep"
                 })
 
-        # Format risks for dashboard
+        # Format risks for dashboard (keep your scaling)
         risks = [
-            {"name": "Critical (ERROR)", "level": severity_counts.get("ERROR", 0) * 10},  # Scale for display
-            {"name": "High (WARNING)", "level": severity_counts.get("WARNING", 0) * 5},
-            {"name": "Low (INFO)", "level": severity_counts.get("INFO", 0) * 2}
+            {"name": "Critical (ERROR)", "level": severity_counts.get("ERROR", 0) * 10},
+            {"name": "High (WARNING)",  "level": severity_counts.get("WARNING", 0) * 5},
+            {"name": "Low (INFO)",      "level": severity_counts.get("INFO", 0) * 2},
         ]
 
         logger.info(f"Fetched risks for user_id {user_id}: {len(detailed_risks)} detailed risks")
@@ -71,4 +147,4 @@ def get_risks(user_id):
     except Exception as e:
         logger.error(f"Failed to fetch risks for user_id {user_id}: {str(e)}")
         db.session.rollback()
-        raise RuntimeError("Failed to fetch risks")
+        raise RuntimeError("Failed to fetch risks")