Plan: cascadeguard scan CLI Command & One-Shot Install Script
Status: Draft Domain: cascadeguard.com
Overview
Add a cascadeguard scan subcommand that discovers container-related artifacts in a project directory (Dockerfiles, CI workflows, Compose files, Kubernetes manifests), presents an interactive selection UI, analyses the selected artifacts, and produces a structured report. Alongside the CLI command, ship a one-shot install script (install.sh) hosted at https://get.cascadeguard.com that bootstraps a temporary environment and runs the scan in a single curl | sh invocation.
The scan command reuses existing parsing capabilities already in app.py — specifically CascadeGuardTool.parse_dockerfile_base_images(), parse_image_reference(), and ActionsPinner._USES_RE for action reference detection — and extends them with new discoverer modules for Compose, Kubernetes, and GitLab CI artifacts.
No new Python dependencies are required for the core implementation (Phases 1–4). The only existing dependency is pyyaml, which already covers YAML parsing needs.
Architecture
graph TD CLI["cascadeguard scan<br/>CLI Entry Point"] CLI --> Discovery["Discovery Engine<br/>run_scan()"] Discovery --> DD["Dockerfile<br/>Discoverer"] Discovery --> AD["CI Actions<br/>Discoverer"] Discovery --> CD["Compose/Stack<br/>Discoverer"] Discovery --> KD["Kubernetes<br/>Discoverer"] Discovery --> GD["GitLab CI<br/>Discoverer<br/>(stretch)"] DD --> Artifacts["List[DiscoveredArtifact]"] AD --> Artifacts CD --> Artifacts KD --> Artifacts GD --> Artifacts Artifacts --> UI["Interactive Selection<br/>curses / fallback"] Artifacts -->|--non-interactive| Analysis UI --> Analysis["Analysis Engine<br/>report.py"] Analysis --> Output["Report Output<br/>text / json / yaml"] Output -->|--output FILE| File["File"] Output --> Stdout["stdout"] subgraph "Reused from app.py" Parse["parse_dockerfile_base_images()"] ImgRef["parse_image_reference()"] UsesRE["ActionsPinner._USES_RE"] end DD -.-> Parse DD -.-> ImgRef AD -.-> UsesRE