mix lei.zarf_gate (LowEndInsight v0.9.1)

Copy Markdown View Source

Run LEI supply chain risk analysis as a pre-package gate for Zarf.

Analyzes dependencies in a project directory or specific git repositories, evaluates risk against a configurable threshold, and exits with a non-zero status if any dependency exceeds the threshold.

Usage

# Scan a local project directory
mix lei.zarf_gate --path ./my-project --threshold high

# Analyze specific git repositories
mix lei.zarf_gate --repo https://github.com/org/repo1 --repo https://github.com/org/repo2

# Output in SARIF format for CI/CD
mix lei.zarf_gate --path . --format sarif --output lei-results.sarif

Options

  • --path - Path to project directory to scan (default: current directory)
  • --repo - Git repository URL to analyze (can be specified multiple times)
  • --threshold - Risk threshold: low, medium, high, critical (default: high)
  • --format - Output format: json or sarif (default: json)
  • --output - Write output to file instead of stdout
  • --quiet - Suppress informational output, only show results

Exit Codes

  • 0 - All dependencies pass the risk threshold
  • 1 - One or more dependencies exceed the risk threshold

Zarf Integration

Add to your zarf.yaml as an action hook:

components:
  - name: mission-app
    actions:
      onCreate:
        before:
          - cmd: mix lei.zarf_gate --path . --threshold high --format json
            description: "LEI supply chain risk assessment"