Plan: cascadeguard scan CLI Command & One-Shot Install Script

Status: Draft Domain: cascadeguard.com

Overview

Add a cascadeguard scan subcommand that discovers container-related artifacts in a project directory (Dockerfiles, CI workflows, Compose files, Kubernetes manifests), presents an interactive selection UI, analyses the selected artifacts, and produces a structured report. Alongside the CLI command, ship a one-shot install script (install.sh) hosted at https://get.cascadeguard.com that bootstraps a temporary environment and runs the scan in a single curl | sh invocation.

The scan command reuses existing parsing capabilities already in app.py — specifically CascadeGuardTool.parse_dockerfile_base_images(), parse_image_reference(), and ActionsPinner._USES_RE for action reference detection — and extends them with new discoverer modules for Compose, Kubernetes, and GitLab CI artifacts.

No new Python dependencies are required for the core implementation (Phases 1–4). The only existing dependency is pyyaml, which already covers YAML parsing needs.

Architecture

graph TD
    CLI["cascadeguard scan<br/>CLI Entry Point"]
    CLI --> Discovery["Discovery Engine<br/>run_scan()"]
    Discovery --> DD["Dockerfile<br/>Discoverer"]
    Discovery --> AD["CI Actions<br/>Discoverer"]
    Discovery --> CD["Compose/Stack<br/>Discoverer"]
    Discovery --> KD["Kubernetes<br/>Discoverer"]
    Discovery --> GD["GitLab CI<br/>Discoverer<br/>(stretch)"]

    DD --> Artifacts["List[DiscoveredArtifact]"]
    AD --> Artifacts
    CD --> Artifacts
    KD --> Artifacts
    GD --> Artifacts

    Artifacts --> UI["Interactive Selection<br/>curses / fallback"]
    Artifacts -->|--non-interactive| Analysis

    UI --> Analysis["Analysis Engine<br/>report.py"]
    Analysis --> Output["Report Output<br/>text / json / yaml"]
    Output -->|--output FILE| File["File"]
    Output --> Stdout["stdout"]

    subgraph "Reused from app.py"
        Parse["parse_dockerfile_base_images()"]
        ImgRef["parse_image_reference()"]
        UsesRE["ActionsPinner._USES_RE"]
    end

    DD -.-> Parse
    DD -.-> ImgRef
    AD -.-> UsesRE