Metadata-Version: 2.4
Name: archer-scan
Version: 0.1.0
Summary: Cloud and infrastructure misconfiguration scanner — part of the MEDUSA security platform
Author-email: Abhay Gupta <abhay-1310@users.noreply.github.com>
Maintainer-email: Medusa Security <medusa-security@users.noreply.github.com>
License: Apache-2.0
Project-URL: Homepage, https://github.com/Medusa-Security/archer
Project-URL: Repository, https://github.com/Medusa-Security/archer
Project-URL: Documentation, https://github.com/Medusa-Security/archer/docs
Project-URL: Issues, https://github.com/Medusa-Security/archer/issues
Project-URL: Changelog, https://github.com/Medusa-Security/archer/blob/main/CHANGELOG.md
Keywords: security,cloud,aws,gcp,azure,kubernetes,docker,terraform,infrastructure,misconfiguration,scanning
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: System :: Systems Administration
Requires-Python: >=3.11
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: click>=8.1
Requires-Dist: rich>=13.0
Requires-Dist: pyyaml>=6.0
Requires-Dist: boto3>=1.28
Requires-Dist: python-hcl2>=4.0
Requires-Dist: cfn-flip>=1.3
Requires-Dist: dockerfile-parse>=2.0
Requires-Dist: jinja2>=3.1
Requires-Dist: simpleeval>=0.9.13
Requires-Dist: cryptography>=41.0
Requires-Dist: requests>=2.31
Requires-Dist: keyring>=24.0
Requires-Dist: google-auth>=2.28
Requires-Dist: azure-identity>=1.15
Provides-Extra: dev
Requires-Dist: pytest>=7.4; extra == "dev"
Requires-Dist: pytest-cov>=4.1; extra == "dev"
Requires-Dist: ruff>=0.1; extra == "dev"
Requires-Dist: black>=23.12; extra == "dev"
Requires-Dist: mypy>=1.7; extra == "dev"
Requires-Dist: types-PyYAML>=6.0; extra == "dev"
Requires-Dist: types-python-dateutil>=2.8; extra == "dev"
Requires-Dist: pre-commit>=3.5; extra == "dev"
Dynamic: license-file

# ARCHER

[![Python 3.11+](https://img.shields.io/badge/python-3.11%2B-blue)](https://www.python.org/downloads/)
[![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-yellow.svg)](https://opensource.org/licenses/Apache-2.0)
[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
[![Ruff](https://img.shields.io/badge/linter-ruff-red)](https://github.com/astral-sh/ruff)
[![CI](https://github.com/Medusa-Security/archer/actions/workflows/ci.yml/badge.svg)](https://github.com/Medusa-Security/archer/actions/workflows/ci.yml)

**ARCHER** is the **infrastructure misconfiguration scanner** component of the
**MEDUSA security platform**. It discovers cloud and infrastructure resources,
builds a resource dependency graph, and evaluates hundreds of security rules
to surface misconfigurations before they become incidents.

### Fit within MEDUSA

| Component | Focus                                    |
| --------- | ---------------------------------------- |
| **Remy**  | Static Application Security Testing      |
| **Stryx** | Dynamic Application Security Testing     |
| **ARCHER**   | Infrastructure Misconfiguration Scanning |

---

## Installation

    pip install archer-scan

> Note: The PyPI distribution is `archer-scan`. The CLI command is `archer`.

## Quickstart

Auto-detect provider and scan the current directory:

    archer scan

Scan a specific provider and path:

    archer scan --provider terraform --path ./infra

Scan AWS and output JSON to a file:

    archer scan --provider aws --output report.json --format json

## Module Table

| Module               | Purpose                                     |
| -------------------- | ------------------------------------------- |
| `archer/providers/`  | Provider adapters (AWS, Azure, GCP, ...)   |
| `archer/rules/`      | YAML rule definitions                       |
| `archer/engine/`     | Rule evaluation engine                      |
| `archer/graph/`      | Resource graph model                        |
| `archer/cli/`        | Command-line interface                      |
| `archer/report/`     | Report generation (JSON, Markdown)          |
| `archer/auth/`       | Credential resolution and provider auth     |
| `archer/config/`     | Configuration file parsing                  |

## CLI Reference

    archer scan [OPTIONS]

    Options:
      --provider TEXT     Provider to scan (aws, azure, gcp, terraform, kubernetes)
      --path TEXT         Path to infrastructure files (local providers only)
      --profile TEXT      AWS / Azure / GCP profile name
      --region TEXT       Cloud provider region
      --output TEXT       Output file path
      --format TEXT       Output format (json, markdown)
      --config TEXT       Path to config file
      --verbose / --quiet
      --help              Show this message and exit.

## Configuration File

```yaml
# archer.yaml
provider: aws
region: us-east-1
profile: production
output:
  format: json
  path: ./reports/scan.json
rules:
  include:
    - "s3-*"
    - "iam-*"
  exclude:
    - "iam-policy-wildcard-action"
```

## Sample Report Output

```
Findings: 3 critical, 5 high, 2 medium, 1 low

CRITICAL
  S3 Bucket Public Access Block Disabled
    Resource: my-app-bucket (aws_s3_bucket)
    Rule: s3-public-access-block-disabled
    Remediation: Enable block public access on the bucket.

  IAM Policy With Wildcard Action
    Resource: MyRolePolicy (iam_policy)
    Rule: iam-policy-wildcard-action
    Remediation: Scope IAM actions to specific API operations.

  Security Group Allows All Inbound Traffic
    Resource: sg-0123456789abcdef0 (aws_security_group)
    Rule: ec2-security-group-open-ingress
    Remediation: Restrict inbound rules to specific ports and CIDRs.
```

## Roadmap

### v0.1.0 (Current)
- Core rule engine and CLI
- AWS, Terraform providers
- 50+ built-in rules
- JSON and Markdown reporting

### v0.5.0
- Azure and GCP providers
- Custom rule authoring
- HTML report format with visualizations
- SARIF output for GitHub Advanced Security integration

### v1.0.0
- Kubernetes provider
- Continuous scanning mode
- CI/CD integration (GitHub Action, GitLab CI)
- Remediation automation (planned, optional opt-in)
- Plugin SDK for community providers

## Contributing

See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, code style
guidelines, and instructions for adding rules and providers.

## Security

See [SECURITY.md](SECURITY.md) for the security policy and IAM permission
requirements.

---

**Author**: [Abhay Gupta](https://github.com/abhay-1310)

**Organization**: [Medusa Security](https://github.com/Medusa-Security)

**Repository**: [https://github.com/Medusa-Security/archer](https://github.com/Medusa-Security/archer)
