feat: huge improvements towards security and secret variable detection.

With the new update we don't get false positive towards files name conventions such as .env.samples, .env.templates, env.examples etc.
We are also skipping if files are ignored within .gitignore, since those files aren't being track.
upcoming is to ensure git cache isn't storing .gitignored files, to ensure mistakes doesn't happen

Author: Alex Holmberg

Cargo.lock

@@ -33,6 +33,7 @@ termcolor = "1"
 chrono = { version = "0.4", features = ["serde"] }
 colored = "2"
 prettytable = "0.10"
+term_size = "0.3"
 
 # Vulnerability checking dependencies
 rustsec = "0.29"

Cargo.toml

@@ -0,0 +1,123 @@
+//! Example: Enhanced Security Analysis
+//! 
+//! This example demonstrates the enhanced security analysis capabilities
+//! including the new modular JavaScript/TypeScript security analyzer.
+
+use std::path::Path;
+use syncable_cli::analyzer::{analyze_project, SecurityAnalyzer};
+
+fn main() -> Result<(), Box<dyn std::error::Error>> {
+    env_logger::init();
+    
+    // For this example, analyze the current directory or a provided path
+    let project_path = std::env::args()
+        .nth(1)
+        .map(|p| Path::new(&p).to_path_buf())
+        .unwrap_or_else(|| std::env::current_dir().unwrap());
+    
+    println!("🔍 Analyzing project security for: {}", project_path.display());
+    
+    // First, perform regular project analysis to detect languages
+    let analysis = analyze_project(&project_path)?;
+    
+    println!("\n📋 Detected Languages:");
+    for lang in &analysis.languages {
+        println!("  • {} (confidence: {:.1}%)", lang.name, lang.confidence * 100.0);
+    }
+    
+    println!("\n🔧 Detected Technologies:");
+    for tech in &analysis.technologies {
+        println!("  • {} v{} ({:?})", 
+            tech.name, 
+            tech.version.as_deref().unwrap_or("unknown"),
+            tech.category
+        );
+    }
+    
+    // Check if this is a JavaScript/TypeScript project
+    let has_js = analysis.languages.iter()
+        .any(|lang| matches!(lang.name.as_str(), "JavaScript" | "TypeScript" | "JSX" | "TSX"));
+    
+    if has_js {
+        println!("\n✅ JavaScript/TypeScript project detected! Using enhanced security analysis...");
+    } else {
+        println!("\n📄 Using general security analysis...");
+    }
+    
+    // Run enhanced security analysis
+    println!("\n🛡️  Starting enhanced security analysis...");
+    
+    let mut security_analyzer = SecurityAnalyzer::new()?;
+    let security_report = security_analyzer.analyze_security_enhanced(&analysis)?;
+    
+    // Display results
+    println!("\n📊 Security Analysis Results:");
+    println!("  Overall Score: {:.1}/100", security_report.overall_score);
+    println!("  Risk Level: {:?}", security_report.risk_level);
+    println!("  Total Findings: {}", security_report.total_findings);
+    
+    if security_report.total_findings > 0 {
+        println!("\n🚨 Security Findings:");
+        
+        // Group findings by severity
+        for severity in [
+            syncable_cli::analyzer::security::core::SecuritySeverity::Critical,
+            syncable_cli::analyzer::security::core::SecuritySeverity::High,
+            syncable_cli::analyzer::security::core::SecuritySeverity::Medium,
+            syncable_cli::analyzer::security::core::SecuritySeverity::Low,
+        ] {
+            let findings: Vec<_> = security_report.findings.iter()
+                .filter(|f| f.severity == severity)
+                .collect();
+            
+            if !findings.is_empty() {
+                let severity_icon = match severity {
+                    syncable_cli::analyzer::security::core::SecuritySeverity::Critical => "🔴",
+                    syncable_cli::analyzer::security::core::SecuritySeverity::High => "🟠",
+                    syncable_cli::analyzer::security::core::SecuritySeverity::Medium => "🟡",
+                    syncable_cli::analyzer::security::core::SecuritySeverity::Low => "🔵",
+                    _ => "⚪",
+                };
+                
+                println!("\n{} {:?} Severity ({} findings):", severity_icon, severity, findings.len());
+                
+                for finding in findings.iter().take(3) { // Show first 3 of each severity
+                    println!("  📍 {}", finding.title);
+                    if let Some(ref file_path) = finding.file_path {
+                        let relative_path = file_path.strip_prefix(&project_path)
+                            .unwrap_or(file_path);
+                        print!("     📄 {}", relative_path.display());
+                        if let Some(line) = finding.line_number {
+                            print!(":{}", line);
+                        }
+                        println!();
+                    }
+                    println!("     💡 {}", finding.description);
+                    
+                    if !finding.remediation.is_empty() {
+                        println!("     🔧 Remediation: {}", finding.remediation[0]);
+                    }
+                    println!();
+                }
+                
+                if findings.len() > 3 {
+                    println!("     ... and {} more findings", findings.len() - 3);
+                }
+            }
+        }
+        
+        // Show recommendations
+        if !security_report.recommendations.is_empty() {
+            println!("\n💡 Recommendations:");
+            for (i, recommendation) in security_report.recommendations.iter().enumerate() {
+                println!("  {}. {}", i + 1, recommendation);
+            }
+        }
+    } else {
+        println!("✅ No security issues detected!");
+    }
+    
+    println!("\n✨ Enhanced security analysis complete!");
+    
+    Ok(())
+} 

examples/enhanced_security.rs

@@ -232,12 +232,12 @@ fn get_go_technology_rules() -> Vec<TechnologyRule> {
         // CLI FRAMEWORKS
         TechnologyRule {
             name: "Cobra".to_string(),
-            category: TechnologyCategory::Library(LibraryType::Utility),
+            category: TechnologyCategory::Library(LibraryType::CLI),
             confidence: 0.85,
             dependency_patterns: vec!["github.com/spf13/cobra".to_string(), "cobra".to_string()],
             requires: vec![],
             conflicts_with: vec![],
-            is_primary_indicator: false,
+            is_primary_indicator: true,
             alternative_names: vec!["spf13/cobra".to_string()],
         },
 

src/analyzer/frameworks/go.rs

@@ -414,32 +414,32 @@ fn get_rust_technology_rules() -> Vec<TechnologyRule> {
         // CLI FRAMEWORKS
         TechnologyRule {
             name: "clap".to_string(),
-            category: TechnologyCategory::Library(LibraryType::Utility),
+            category: TechnologyCategory::Library(LibraryType::CLI),
             confidence: 0.85,
             dependency_patterns: vec!["clap".to_string()],
             requires: vec![],
             conflicts_with: vec![],
-            is_primary_indicator: false,
+            is_primary_indicator: true,
             alternative_names: vec![],
         },
         TechnologyRule {
             name: "structopt".to_string(),
-            category: TechnologyCategory::Library(LibraryType::Utility),
+            category: TechnologyCategory::Library(LibraryType::CLI),
             confidence: 0.85,
             dependency_patterns: vec!["structopt".to_string()],
             requires: vec![],
             conflicts_with: vec![],
-            is_primary_indicator: false,
+            is_primary_indicator: true,
             alternative_names: vec![],
         },
         TechnologyRule {
             name: "argh".to_string(),
-            category: TechnologyCategory::Library(LibraryType::Utility),
+            category: TechnologyCategory::Library(LibraryType::CLI),
             confidence: 0.85,
             dependency_patterns: vec!["argh".to_string()],
             requires: vec![],
             conflicts_with: vec![],
-            is_primary_indicator: false,
+            is_primary_indicator: true,
             alternative_names: vec![],
         },
 

src/analyzer/frameworks/rust.rs

@@ -19,6 +19,7 @@ pub mod language_detector;
 pub mod project_context;
 pub mod vulnerability_checker;
 pub mod security_analyzer;
+pub mod security;
 pub mod tool_installer;
 pub mod monorepo_detector;
 pub mod docker_analyzer;
@@ -36,6 +37,13 @@ pub use security_analyzer::{
     SecurityCategory, ComplianceStatus, SecurityAnalysisConfig
 };
 
+// Re-export new modular security analysis types
+pub use security::{
+    ModularSecurityAnalyzer, JavaScriptSecurityAnalyzer, 
+    SecretPatternManager
+};
+pub use security::config::SecurityConfigPreset;
+
 // Re-export monorepo analysis types
 pub use monorepo_detector::{
     MonorepoDetectionConfig, analyze_monorepo, analyze_monorepo_with_config
@@ -102,6 +110,8 @@ pub enum LibraryType {
     HttpClient,
     /// Authentication (Auth0, Firebase Auth)
     Authentication,
+    /// CLI frameworks (clap, structopt, argh)
+    CLI,
     /// Other specific types
     Other(String),
 }