LICENSE
NOTICE
README.md
pyproject.toml
setup.cfg
src/mergeguide/__init__.py
src/mergeguide/__main__.py
src/mergeguide/cli.py
src/mergeguide/cli_errors.py
src/mergeguide.egg-info/PKG-INFO
src/mergeguide.egg-info/SOURCES.txt
src/mergeguide.egg-info/dependency_links.txt
src/mergeguide.egg-info/entry_points.txt
src/mergeguide.egg-info/requires.txt
src/mergeguide.egg-info/top_level.txt
src/mergeguide/azure_devops/__init__.py
src/mergeguide/azure_devops/api.py
src/mergeguide/azure_devops/auth.py
src/mergeguide/azure_devops/comments.py
src/mergeguide/azure_devops/pr_handler.py
src/mergeguide/azure_devops/webhook.py
src/mergeguide/bitbucket/__init__.py
src/mergeguide/bitbucket/api.py
src/mergeguide/bitbucket/auth.py
src/mergeguide/bitbucket/comments.py
src/mergeguide/bitbucket/pr_handler.py
src/mergeguide/bitbucket/webhook.py
src/mergeguide/cache/__init__.py
src/mergeguide/cache/file_cache.py
src/mergeguide/cache/metrics.py
src/mergeguide/cache/ttl_cache.py
src/mergeguide/compliance/__init__.py
src/mergeguide/compliance/mapping.py
src/mergeguide/constants/__init__.py
src/mergeguide/constants/languages.py
src/mergeguide/engine/__init__.py
src/mergeguide/engine/conditions.py
src/mergeguide/engine/dsl.py
src/mergeguide/engine/evaluator.py
src/mergeguide/engine/orchestrator.py
src/mergeguide/engine/parser.py
src/mergeguide/engine/reporter.py
src/mergeguide/engine/rules.py
src/mergeguide/engine/semgrep.py
src/mergeguide/evidence/__init__.py
src/mergeguide/evidence/artifact.py
src/mergeguide/evidence/provenance.py
src/mergeguide/evidence/storage.py
src/mergeguide/github/__init__.py
src/mergeguide/github/api.py
src/mergeguide/github/auth.py
src/mergeguide/github/comments.py
src/mergeguide/github/pr_handler.py
src/mergeguide/github/specialized_scanners.py
src/mergeguide/github/validation.py
src/mergeguide/github/webhook.py
src/mergeguide/gitlab/__init__.py
src/mergeguide/gitlab/api.py
src/mergeguide/gitlab/auth.py
src/mergeguide/gitlab/comments.py
src/mergeguide/gitlab/mr_handler.py
src/mergeguide/gitlab/webhook.py
src/mergeguide/hooks/__init__.py
src/mergeguide/hooks/config.py
src/mergeguide/hooks/evidence_uploader.py
src/mergeguide/hooks/findings_log.py
src/mergeguide/hooks/git_utils.py
src/mergeguide/hooks/installer.py
src/mergeguide/http/__init__.py
src/mergeguide/http/retry.py
src/mergeguide/integrations/__init__.py
src/mergeguide/integrations/grc/__init__.py
src/mergeguide/integrations/grc/base.py
src/mergeguide/integrations/grc/drata.py
src/mergeguide/integrations/grc/hyperproof.py
src/mergeguide/integrations/grc/service.py
src/mergeguide/integrations/grc/vanta.py
src/mergeguide/lambda_handlers/__init__.py
src/mergeguide/lambda_handlers/evaluate.py
src/mergeguide/lambda_handlers/scm_webhook.py
src/mergeguide/lambda_handlers/webhook.py
src/mergeguide/policies/__init__.py
src/mergeguide/policies/defaults.py
src/mergeguide/policies/loader.py
src/mergeguide/policies/schema.py
src/mergeguide/rate_limiting/__init__.py
src/mergeguide/rate_limiting/config.py
src/mergeguide/rate_limiting/decorator.py
src/mergeguide/rate_limiting/limiter.py
src/mergeguide/rules/__init__.py
src/mergeguide/rules/c/buffer-overflow.yaml
src/mergeguide/rules/c/command-injection.yaml
src/mergeguide/rules/c/format-string.yaml
src/mergeguide/rules/c/integer-overflow.yaml
src/mergeguide/rules/c/memory-safety.yaml
src/mergeguide/rules/c/use-after-free.yaml
src/mergeguide/rules/c/weak-crypto.yaml
src/mergeguide/rules/cicd/github-actions-security.yaml
src/mergeguide/rules/cicd/gitlab-ci-security.yaml
src/mergeguide/rules/cpp/buffer-overflow.yaml
src/mergeguide/rules/cpp/command-injection.yaml
src/mergeguide/rules/cpp/format-string.yaml
src/mergeguide/rules/cpp/integer-overflow.yaml
src/mergeguide/rules/cpp/memory-leak.yaml
src/mergeguide/rules/cpp/use-after-free.yaml
src/mergeguide/rules/cpp/weak-crypto.yaml
src/mergeguide/rules/csharp/access-control.yaml
src/mergeguide/rules/csharp/code-injection.yaml
src/mergeguide/rules/csharp/command-injection.yaml
src/mergeguide/rules/csharp/csrf.yaml
src/mergeguide/rules/csharp/deserialization.yaml
src/mergeguide/rules/csharp/hardcoded-secret.yaml
src/mergeguide/rules/csharp/nydfs-mfa-enforcement.yaml
src/mergeguide/rules/csharp/open-redirect.yaml
src/mergeguide/rules/csharp/owasp-agentic-excessive-agency.yaml
src/mergeguide/rules/csharp/owasp-agentic-output-handling.yaml
src/mergeguide/rules/csharp/owasp-agentic-prompt-injection.yaml
src/mergeguide/rules/csharp/owasp-agentic-sensitive-info.yaml
src/mergeguide/rules/csharp/path-traversal.yaml
src/mergeguide/rules/csharp/phi-plaintext-efcore.yaml
src/mergeguide/rules/csharp/sensitive-data-logging.yaml
src/mergeguide/rules/csharp/sql-injection.yaml
src/mergeguide/rules/csharp/ssrf.yaml
src/mergeguide/rules/csharp/weak-crypto.yaml
src/mergeguide/rules/csharp/xss.yaml
src/mergeguide/rules/csharp/xxe.yaml
src/mergeguide/rules/dockerfile/copy-sensitive-files.yaml
src/mergeguide/rules/dockerfile/exposed-secrets.yaml
src/mergeguide/rules/dockerfile/from-latest.yaml
src/mergeguide/rules/dockerfile/insecure-download.yaml
src/mergeguide/rules/dockerfile/missing-healthcheck.yaml
src/mergeguide/rules/dockerfile/privileged-ports.yaml
src/mergeguide/rules/dockerfile/user-root.yaml
src/mergeguide/rules/go/access-control.yaml
src/mergeguide/rules/go/code-injection.yaml
src/mergeguide/rules/go/command-injection.yaml
src/mergeguide/rules/go/csrf.yaml
src/mergeguide/rules/go/deserialization.yaml
src/mergeguide/rules/go/hardcoded-secret.yaml
src/mergeguide/rules/go/nydfs-mfa-enforcement.yaml
src/mergeguide/rules/go/open-redirect.yaml
src/mergeguide/rules/go/owasp-agentic-excessive-agency.yaml
src/mergeguide/rules/go/owasp-agentic-output-handling.yaml
src/mergeguide/rules/go/owasp-agentic-prompt-injection.yaml
src/mergeguide/rules/go/owasp-agentic-sensitive-info.yaml
src/mergeguide/rules/go/path-traversal.yaml
src/mergeguide/rules/go/phi-plaintext-gorm.yaml
src/mergeguide/rules/go/sensitive-data-logging.yaml
src/mergeguide/rules/go/sql-injection.yaml
src/mergeguide/rules/go/ssrf.yaml
src/mergeguide/rules/go/weak-crypto.yaml
src/mergeguide/rules/go/xss.yaml
src/mergeguide/rules/go/xxe.yaml
src/mergeguide/rules/java/access-control.yaml
src/mergeguide/rules/java/code-injection.yaml
src/mergeguide/rules/java/command-injection.yaml
src/mergeguide/rules/java/csrf.yaml
src/mergeguide/rules/java/deserialization.yaml
src/mergeguide/rules/java/hardcoded-secret.yaml
src/mergeguide/rules/java/nydfs-mfa-enforcement.yaml
src/mergeguide/rules/java/open-redirect.yaml
src/mergeguide/rules/java/owasp-agentic-excessive-agency.yaml
src/mergeguide/rules/java/owasp-agentic-output-handling.yaml
src/mergeguide/rules/java/owasp-agentic-prompt-injection.yaml
src/mergeguide/rules/java/owasp-agentic-sensitive-info.yaml
src/mergeguide/rules/java/path-traversal.yaml
src/mergeguide/rules/java/phi-plaintext-jpa.yaml
src/mergeguide/rules/java/sensitive-data-logging.yaml
src/mergeguide/rules/java/sql-injection.yaml
src/mergeguide/rules/java/ssrf.yaml
src/mergeguide/rules/java/weak-crypto.yaml
src/mergeguide/rules/java/xss.yaml
src/mergeguide/rules/java/xxe.yaml
src/mergeguide/rules/javascript/access-control.yaml
src/mergeguide/rules/javascript/code-injection.yaml
src/mergeguide/rules/javascript/command-injection.yaml
src/mergeguide/rules/javascript/csrf.yaml
src/mergeguide/rules/javascript/deserialization.yaml
src/mergeguide/rules/javascript/hardcoded-secret.yaml
src/mergeguide/rules/javascript/nosql-injection.yaml
src/mergeguide/rules/javascript/nydfs-mfa-enforcement.yaml
src/mergeguide/rules/javascript/open-redirect.yaml
src/mergeguide/rules/javascript/owasp-agentic-excessive-agency.yaml
src/mergeguide/rules/javascript/owasp-agentic-output-handling.yaml
src/mergeguide/rules/javascript/owasp-agentic-prompt-injection.yaml
src/mergeguide/rules/javascript/owasp-agentic-sensitive-info.yaml
src/mergeguide/rules/javascript/path-traversal.yaml
src/mergeguide/rules/javascript/phi-plaintext-mongoose.yaml
src/mergeguide/rules/javascript/phi-plaintext-sequelize.yaml
src/mergeguide/rules/javascript/redos.yaml
src/mergeguide/rules/javascript/sensitive-data-logging.yaml
src/mergeguide/rules/javascript/sensitive-data.yaml
src/mergeguide/rules/javascript/session-fixation.yaml
src/mergeguide/rules/javascript/sql-injection.yaml
src/mergeguide/rules/javascript/ssrf.yaml
src/mergeguide/rules/javascript/template-security.yaml
src/mergeguide/rules/javascript/weak-crypto.yaml
src/mergeguide/rules/javascript/xss.yaml
src/mergeguide/rules/javascript/xxe.yaml
src/mergeguide/rules/kotlin/code-injection.yaml
src/mergeguide/rules/kotlin/command-injection.yaml
src/mergeguide/rules/kotlin/csrf.yaml
src/mergeguide/rules/kotlin/deserialization.yaml
src/mergeguide/rules/kotlin/hardcoded-credentials.yaml
src/mergeguide/rules/kotlin/insecure-http.yaml
src/mergeguide/rules/kotlin/insecure-storage.yaml
src/mergeguide/rules/kotlin/nydfs-mfa-enforcement.yaml
src/mergeguide/rules/kotlin/open-redirect.yaml
src/mergeguide/rules/kotlin/owasp-agentic-excessive-agency.yaml
src/mergeguide/rules/kotlin/owasp-agentic-output-handling.yaml
src/mergeguide/rules/kotlin/owasp-agentic-prompt-injection.yaml
src/mergeguide/rules/kotlin/owasp-agentic-sensitive-info.yaml
src/mergeguide/rules/kotlin/path-traversal.yaml
src/mergeguide/rules/kotlin/phi-plaintext-exposed.yaml
src/mergeguide/rules/kotlin/sensitive-data-logging.yaml
src/mergeguide/rules/kotlin/sql-injection.yaml
src/mergeguide/rules/kotlin/ssrf.yaml
src/mergeguide/rules/kotlin/weak-crypto.yaml
src/mergeguide/rules/kotlin/xss.yaml
src/mergeguide/rules/kotlin/xxe.yaml
src/mergeguide/rules/php/access-control.yaml
src/mergeguide/rules/php/authentication.yaml
src/mergeguide/rules/php/broken-access-control.yaml
src/mergeguide/rules/php/code-injection.yaml
src/mergeguide/rules/php/command-injection.yaml
src/mergeguide/rules/php/csrf.yaml
src/mergeguide/rules/php/deserialization.yaml
src/mergeguide/rules/php/file-upload.yaml
src/mergeguide/rules/php/hardcoded-secret.yaml
src/mergeguide/rules/php/nydfs-mfa-enforcement.yaml
src/mergeguide/rules/php/open-redirect.yaml
src/mergeguide/rules/php/owasp-agentic-excessive-agency.yaml
src/mergeguide/rules/php/owasp-agentic-output-handling.yaml
src/mergeguide/rules/php/owasp-agentic-prompt-injection.yaml
src/mergeguide/rules/php/owasp-agentic-sensitive-info.yaml
src/mergeguide/rules/php/path-traversal.yaml
src/mergeguide/rules/php/phi-plaintext-eloquent.yaml
src/mergeguide/rules/php/sensitive-data-logging.yaml
src/mergeguide/rules/php/sql-injection.yaml
src/mergeguide/rules/php/ssrf.yaml
src/mergeguide/rules/php/weak-crypto.yaml
src/mergeguide/rules/php/xss.yaml
src/mergeguide/rules/php/xxe.yaml
src/mergeguide/rules/python/access-control.yaml
src/mergeguide/rules/python/code-injection.yaml
src/mergeguide/rules/python/command-injection.yaml
src/mergeguide/rules/python/csrf.yaml
src/mergeguide/rules/python/deserialization.yaml
src/mergeguide/rules/python/hardcoded-secret.yaml
src/mergeguide/rules/python/nydfs-mfa-enforcement.yaml
src/mergeguide/rules/python/open-redirect.yaml
src/mergeguide/rules/python/owasp-agentic-excessive-agency.yaml
src/mergeguide/rules/python/owasp-agentic-output-handling.yaml
src/mergeguide/rules/python/owasp-agentic-prompt-injection.yaml
src/mergeguide/rules/python/owasp-agentic-sensitive-info.yaml
src/mergeguide/rules/python/path-traversal.yaml
src/mergeguide/rules/python/phi-plaintext-django.yaml
src/mergeguide/rules/python/phi-plaintext-sqlalchemy.yaml
src/mergeguide/rules/python/sensitive-data-logging.yaml
src/mergeguide/rules/python/sql-injection.yaml
src/mergeguide/rules/python/ssrf.yaml
src/mergeguide/rules/python/weak-crypto.yaml
src/mergeguide/rules/python/xss.yaml
src/mergeguide/rules/python/xxe.yaml
src/mergeguide/rules/ruby/access-control.yaml
src/mergeguide/rules/ruby/code-injection.yaml
src/mergeguide/rules/ruby/command-injection.yaml
src/mergeguide/rules/ruby/csrf.yaml
src/mergeguide/rules/ruby/deserialization.yaml
src/mergeguide/rules/ruby/hardcoded-secret.yaml
src/mergeguide/rules/ruby/nydfs-mfa-enforcement.yaml
src/mergeguide/rules/ruby/open-redirect.yaml
src/mergeguide/rules/ruby/owasp-agentic-excessive-agency.yaml
src/mergeguide/rules/ruby/owasp-agentic-output-handling.yaml
src/mergeguide/rules/ruby/owasp-agentic-prompt-injection.yaml
src/mergeguide/rules/ruby/owasp-agentic-sensitive-info.yaml
src/mergeguide/rules/ruby/path-traversal.yaml
src/mergeguide/rules/ruby/phi-plaintext-activerecord.yaml
src/mergeguide/rules/ruby/sensitive-data-logging.yaml
src/mergeguide/rules/ruby/sql-injection.yaml
src/mergeguide/rules/ruby/ssrf.yaml
src/mergeguide/rules/ruby/weak-crypto.yaml
src/mergeguide/rules/ruby/xss.yaml
src/mergeguide/rules/ruby/xxe.yaml
src/mergeguide/rules/rust/code-injection.yaml
src/mergeguide/rules/rust/command-injection.yaml
src/mergeguide/rules/rust/csrf.yaml
src/mergeguide/rules/rust/deserialization.yaml
src/mergeguide/rules/rust/hardcoded-secret.yaml
src/mergeguide/rules/rust/nydfs-mfa-enforcement.yaml
src/mergeguide/rules/rust/open-redirect.yaml
src/mergeguide/rules/rust/owasp-agentic-excessive-agency.yaml
src/mergeguide/rules/rust/owasp-agentic-output-handling.yaml
src/mergeguide/rules/rust/owasp-agentic-prompt-injection.yaml
src/mergeguide/rules/rust/owasp-agentic-sensitive-info.yaml
src/mergeguide/rules/rust/path-traversal.yaml
src/mergeguide/rules/rust/phi-plaintext-diesel.yaml
src/mergeguide/rules/rust/sensitive-data-logging.yaml
src/mergeguide/rules/rust/sql-injection.yaml
src/mergeguide/rules/rust/ssrf.yaml
src/mergeguide/rules/rust/unsafe-usage.yaml
src/mergeguide/rules/rust/unwrap-on-user-input.yaml
src/mergeguide/rules/rust/weak-crypto.yaml
src/mergeguide/rules/rust/xss.yaml
src/mergeguide/rules/rust/xxe.yaml
src/mergeguide/rules/swift/code-injection.yaml
src/mergeguide/rules/swift/command-injection.yaml
src/mergeguide/rules/swift/csrf.yaml
src/mergeguide/rules/swift/deserialization.yaml
src/mergeguide/rules/swift/hardcoded-secret.yaml
src/mergeguide/rules/swift/insecure-http.yaml
src/mergeguide/rules/swift/insecure-storage.yaml
src/mergeguide/rules/swift/nydfs-mfa-enforcement.yaml
src/mergeguide/rules/swift/open-redirect.yaml
src/mergeguide/rules/swift/owasp-agentic-excessive-agency.yaml
src/mergeguide/rules/swift/owasp-agentic-output-handling.yaml
src/mergeguide/rules/swift/owasp-agentic-prompt-injection.yaml
src/mergeguide/rules/swift/owasp-agentic-sensitive-info.yaml
src/mergeguide/rules/swift/path-traversal.yaml
src/mergeguide/rules/swift/phi-plaintext-coredata.yaml
src/mergeguide/rules/swift/sensitive-data-logging.yaml
src/mergeguide/rules/swift/sql-injection.yaml
src/mergeguide/rules/swift/ssrf.yaml
src/mergeguide/rules/swift/weak-crypto.yaml
src/mergeguide/rules/swift/xss.yaml
src/mergeguide/rules/swift/xxe.yaml
src/mergeguide/rules/terraform/cloudtrail-misconfigured.yaml
src/mergeguide/rules/terraform/insecure-s3.yaml
src/mergeguide/rules/terraform/lambda-no-vpc.yaml
src/mergeguide/rules/terraform/missing-encryption.yaml
src/mergeguide/rules/terraform/missing-logging.yaml
src/mergeguide/rules/terraform/overly-permissive-iam.yaml
src/mergeguide/rules/terraform/rds-backup-retention.yaml
src/mergeguide/rules/terraform/security-group-wide-open.yaml
src/mergeguide/rules/terraform/unencrypted-secrets.yaml
src/mergeguide/sbom/__init__.py
src/mergeguide/sbom/generators.py
src/mergeguide/scanning/__init__.py
src/mergeguide/scanning/absence_scanner.py
src/mergeguide/scanning/build_scanner.py
src/mergeguide/scanning/cicd_scanner.py
src/mergeguide/scanning/commit_scanner.py
src/mergeguide/scanning/iac_scanner.py
src/mergeguide/scanning/license_scanner.py
src/mergeguide/scanning/manifest_parser.py
src/mergeguide/scanning/osv_client.py
src/mergeguide/scanning/vulnerability_scanner.py
src/mergeguide/scanning/framework_profiles/aspnet.yaml
src/mergeguide/scanning/framework_profiles/django.yaml
src/mergeguide/scanning/framework_profiles/express.yaml
src/mergeguide/scanning/framework_profiles/fastapi.yaml
src/mergeguide/scanning/framework_profiles/flask.yaml
src/mergeguide/scanning/framework_profiles/gin.yaml
src/mergeguide/scanning/framework_profiles/go_net_http.yaml
src/mergeguide/scanning/framework_profiles/ktor.yaml
src/mergeguide/scanning/framework_profiles/laravel.yaml
src/mergeguide/scanning/framework_profiles/rails.yaml
src/mergeguide/scanning/framework_profiles/spring_boot.yaml
tests/test_cli.py
tests/test_cli_scan.py
tests/test_dual_layer.py