Add CI workflow, LICENSE, and fix code formatting

- Add GitHub Actions CI workflow with build, test, and lint
- Add MIT LICENSE file
- Apply gofmt formatting to all Go files
- Prepare for v0.2.0 release

Author: thebenignhacker

.github/workflows/ci.yml

@@ -0,0 +1,62 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.21'
+
+      - name: Verify dependencies
+        run: go mod verify
+
+      - name: Build
+        run: go build -v ./...
+
+      - name: Run go vet
+        run: go vet ./...
+
+      - name: Check formatting
+        run: |
+          if [ "$(gofmt -s -l . | wc -l)" -gt 0 ]; then
+            echo "Code is not formatted. Run 'gofmt -s -w .'"
+            gofmt -s -l .
+            exit 1
+          fi
+
+      - name: Run tests
+        run: go test -v -race -coverprofile=coverage.txt -covermode=atomic ./...
+
+      - name: Upload coverage
+        uses: codecov/codecov-action@v4
+        with:
+          file: ./coverage.txt
+          flags: unittests
+        continue-on-error: true
+
+  golangci-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.21'
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v4
+        with:
+          version: latest
+          args: --timeout=5m
+        continue-on-error: true

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 CyberSecurity NonProfit (CSNP)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

cmd/tlsanalyzer/main.go

@@ -27,21 +27,21 @@ var (
 
 // CLI flags
 var (
-	outputFormat  string
-	outputFile    string
-	timeout       int
-	noColor       bool
-	jsonCompact   bool
-	port          int
-	sni           string
-	skipVulns     bool
-	skipQuantum   bool
-	skipCNSA2     bool
-	policyName    string
-	policyFile    string
-	targetsFile   string
-	concurrency   int
-	showPolicies  bool
+	outputFormat string
+	outputFile   string
+	timeout      int
+	noColor      bool
+	jsonCompact  bool
+	port         int
+	sni          string
+	skipVulns    bool
+	skipQuantum  bool
+	skipCNSA2    bool
+	policyName   string
+	policyFile   string
+	targetsFile  string
+	concurrency  int
+	showPolicies bool
 )
 
 func main() {

internal/analyzer/cnsa2.go

@@ -19,68 +19,68 @@ func NewCNSA2Analyzer() *CNSA2Analyzer {
 var (
 	// Approved algorithms for CNSA 2.0
 	CNSA2ApprovedKeyExchange = map[string]bool{
-		"ML-KEM-768":           true,
-		"ML-KEM-1024":          true,
-		"X25519MLKEM768":       true,
-		"SecP256r1MLKEM768":    true,
-		"SecP384r1MLKEM1024":   true,
+		"ML-KEM-768":         true,
+		"ML-KEM-1024":        true,
+		"X25519MLKEM768":     true,
+		"SecP256r1MLKEM768":  true,
+		"SecP384r1MLKEM1024": true,
 	}
 
 	CNSA2ApprovedSignatures = map[string]bool{
-		"ML-DSA-65":            true,
-		"ML-DSA-87":            true,
-		"SLH-DSA-SHA2-128s":    true,
-		"SLH-DSA-SHA2-128f":    true,
-		"SLH-DSA-SHA2-192s":    true,
-		"SLH-DSA-SHA2-192f":    true,
-		"SLH-DSA-SHA2-256s":    true,
-		"SLH-DSA-SHA2-256f":    true,
-		"SLH-DSA-SHAKE-128s":   true,
-		"SLH-DSA-SHAKE-128f":   true,
-		"SLH-DSA-SHAKE-192s":   true,
-		"SLH-DSA-SHAKE-192f":   true,
-		"SLH-DSA-SHAKE-256s":   true,
-		"SLH-DSA-SHAKE-256f":   true,
+		"ML-DSA-65":          true,
+		"ML-DSA-87":          true,
+		"SLH-DSA-SHA2-128s":  true,
+		"SLH-DSA-SHA2-128f":  true,
+		"SLH-DSA-SHA2-192s":  true,
+		"SLH-DSA-SHA2-192f":  true,
+		"SLH-DSA-SHA2-256s":  true,
+		"SLH-DSA-SHA2-256f":  true,
+		"SLH-DSA-SHAKE-128s": true,
+		"SLH-DSA-SHAKE-128f": true,
+		"SLH-DSA-SHAKE-192s": true,
+		"SLH-DSA-SHAKE-192f": true,
+		"SLH-DSA-SHAKE-256s": true,
+		"SLH-DSA-SHAKE-256f": true,
 	}
 
 	CNSA2ApprovedSymmetric = map[string]bool{
-		"AES-256":      true,
-		"AES-256-GCM":  true,
+		"AES-256":     true,
+		"AES-256-GCM": true,
 	}
 
 	CNSA2ApprovedHash = map[string]bool{
-		"SHA-384":      true,
-		"SHA-512":      true,
-		"SHA3-384":     true,
-		"SHA3-512":     true,
+		"SHA-384":  true,
+		"SHA-512":  true,
+		"SHA3-384": true,
+		"SHA3-512": true,
 	}
 
 	// Transitional algorithms (allowed until deadline)
 	CNSA2Transitional = map[string]string{
-		"RSA-3072":     "2030",
-		"RSA-4096":     "2030",
-		"ECDSA-P384":   "2030",
-		"ECDH-P384":    "2030",
-		"X25519":       "2030", // Only in hybrid mode
-		"SHA-256":      "2030",
+		"RSA-3072":   "2030",
+		"RSA-4096":   "2030",
+		"ECDSA-P384": "2030",
+		"ECDH-P384":  "2030",
+		"X25519":     "2030", // Only in hybrid mode
+		"SHA-256":    "2030",
 	}
 
 	// Deprecated algorithms (should be phased out)
 	CNSA2Deprecated = map[string]string{
-		"RSA-2048":     "Immediately",
-		"ECDSA-P256":   "2027",
-		"ECDH-P256":    "2027",
-		"SHA-1":        "Immediately",
-		"3DES":         "Immediately",
-		"RC4":          "Immediately",
+		"RSA-2048":   "Immediately",
+		"ECDSA-P256": "2027",
+		"ECDH-P256":  "2027",
+		"SHA-1":      "Immediately",
+		"3DES":       "Immediately",
+		"RC4":        "Immediately",
 	}
 )
 
 // Milestones defines CNSA 2.0 timeline.
 var CNSA2Milestones = []struct {
-	Name        string
-	Deadline    time.Time
-	Description string
+	Name         string
+	Deadline     time.Time
+	Description  string
 	Requirements []string
 }{
 	{
@@ -416,19 +416,19 @@ func (a *CNSA2Analyzer) calculateTimelineScore(timeline *types.CNSA2Timeline) in
 	score := 0
 
 	weights := map[string]int{
-		"Preparation Phase":     10,
-		"New NSS Systems":       30,
-		"TLS 1.3 Required":      25,
-		"Legacy System Update":  20,
-		"Full PQC Transition":   15,
+		"Preparation Phase":    10,
+		"New NSS Systems":      30,
+		"TLS 1.3 Required":     25,
+		"Legacy System Update": 20,
+		"Full PQC Transition":  15,
 	}
 
 	statusScores := map[string]int{
-		"compliant":       100,
-		"partial":         60,
-		"in-progress":     40,
-		"non-compliant":   0,
-		"not-applicable":  100, // Future requirements don't penalize
+		"compliant":      100,
+		"partial":        60,
+		"in-progress":    40,
+		"non-compliant":  0,
+		"not-applicable": 100, // Future requirements don't penalize
 	}
 
 	for _, m := range timeline.Milestones {

internal/reporter/html.go

@@ -18,12 +18,12 @@ type HTMLReporter struct {
 // Report writes the scan result as HTML.
 func (r *HTMLReporter) Report(w io.Writer, result *types.ScanResult) error {
 	tmpl, err := template.New("report").Funcs(template.FuncMap{
-		"gradeClass":   gradeClass,
+		"gradeClass":    gradeClass,
 		"severityClass": severityClass,
-		"riskClass":    riskClass,
-		"formatTime":   formatTime,
-		"progressBar":  progressBar,
-		"statusIcon":   statusIcon,
+		"riskClass":     riskClass,
+		"formatTime":    formatTime,
+		"progressBar":   progressBar,
+		"statusIcon":    statusIcon,
 	}).Parse(htmlTemplate)
 	if err != nil {
 		return fmt.Errorf("failed to parse template: %w", err)

internal/reporter/sarif.go

@@ -35,13 +35,13 @@ type sarifDriver struct {
 }
 
 type sarifRule struct {
-	ID               string           `json:"id"`
-	Name             string           `json:"name"`
-	ShortDescription sarifMessage     `json:"shortDescription"`
-	FullDescription  sarifMessage     `json:"fullDescription,omitempty"`
-	Help             sarifMessage     `json:"help,omitempty"`
-	DefaultConfig    sarifRuleConfig  `json:"defaultConfiguration"`
-	Properties       sarifProperties  `json:"properties,omitempty"`
+	ID               string          `json:"id"`
+	Name             string          `json:"name"`
+	ShortDescription sarifMessage    `json:"shortDescription"`
+	FullDescription  sarifMessage    `json:"fullDescription,omitempty"`
+	Help             sarifMessage    `json:"help,omitempty"`
+	DefaultConfig    sarifRuleConfig `json:"defaultConfiguration"`
+	Properties       sarifProperties `json:"properties,omitempty"`
 }
 
 type sarifRuleConfig struct {

internal/scanner/grade.go

@@ -251,7 +251,7 @@ func quantumScoreToLetter(score int) string {
 	case score >= 80:
 		return "Q+" // Quantum ready
 	case score >= 50:
-		return "Q"  // Partially quantum ready
+		return "Q" // Partially quantum ready
 	case score >= 20:
 		return "Q-" // Limited quantum protection
 	default:

internal/scanner/quantum.go

@@ -15,15 +15,15 @@ var QuantumVulnerableAlgorithms = map[string]string{
 
 // QuantumSafeAlgorithms lists post-quantum safe algorithms.
 var QuantumSafeAlgorithms = map[string]string{
-	"ML-KEM":       "NIST FIPS 203 - Key Encapsulation",
-	"ML-DSA":       "NIST FIPS 204 - Digital Signatures",
-	"SLH-DSA":      "NIST FIPS 205 - Stateless Hash-Based Signatures",
-	"AES-256":      "Symmetric - Grover's algorithm requires 2^128 operations",
-	"AES-128":      "Symmetric - Grover's algorithm requires 2^64 operations (marginal)",
-	"ChaCha20":     "Symmetric - Quantum resistant",
-	"SHA-256":      "Hash - Grover's provides only quadratic speedup",
-	"SHA-384":      "Hash - Grover's provides only quadratic speedup",
-	"SHA-512":      "Hash - Grover's provides only quadratic speedup",
+	"ML-KEM":   "NIST FIPS 203 - Key Encapsulation",
+	"ML-DSA":   "NIST FIPS 204 - Digital Signatures",
+	"SLH-DSA":  "NIST FIPS 205 - Stateless Hash-Based Signatures",
+	"AES-256":  "Symmetric - Grover's algorithm requires 2^128 operations",
+	"AES-128":  "Symmetric - Grover's algorithm requires 2^64 operations (marginal)",
+	"ChaCha20": "Symmetric - Quantum resistant",
+	"SHA-256":  "Hash - Grover's provides only quadratic speedup",
+	"SHA-384":  "Hash - Grover's provides only quadratic speedup",
+	"SHA-512":  "Hash - Grover's provides only quadratic speedup",
 }
 
 // HybridKeyExchanges maps hybrid PQC key exchange names to components.

internal/scanner/quantum_test.go

@@ -82,10 +82,10 @@ func TestAssessQuantumRisk(t *testing.T) {
 			result: &types.ScanResult{
 				KeyExchanges: []types.KeyExchange{
 					{
-						Name:           "X25519MLKEM768",
-						Type:           "hybrid",
+						Name:            "X25519MLKEM768",
+						Type:            "hybrid",
 						HybridClassical: "X25519",
-						PQCAlgorithm:   "ML-KEM-768",
+						PQCAlgorithm:    "ML-KEM-768",
 					},
 				},
 				Certificate: &types.Certificate{

internal/scanner/scanner.go

@@ -25,15 +25,15 @@ type Scanner struct {
 
 // Config holds scanner configuration.
 type Config struct {
-	Timeout         time.Duration
-	ConnectTimeout  time.Duration
-	Concurrency     int
-	SkipCertVerify  bool
-	SNI             string
-	CheckVulns      bool
-	CheckQuantum    bool
-	MinTLSVersion   uint16
-	MaxTLSVersion   uint16
+	Timeout        time.Duration
+	ConnectTimeout time.Duration
+	Concurrency    int
+	SkipCertVerify bool
+	SNI            string
+	CheckVulns     bool
+	CheckQuantum   bool
+	MinTLSVersion  uint16
+	MaxTLSVersion  uint16
 }
 
 // DefaultConfig returns sensible defaults.