feat(k8s): detection helpers, CBMLanguage enum, and language table entries

- Add CBM_LANG_KUSTOMIZE and CBM_LANG_K8S to CBMLanguage enum (before CBM_LANG_COUNT)
- Add kustomization.yaml/yml to FILENAME_TABLE mapped to CBM_LANG_KUSTOMIZE
- Add Kustomize and Kubernetes entries to LANG_NAMES
- Implement cbm_is_kustomize_file() with to_lower+strcmp pattern
- Implement cbm_is_k8s_manifest() scanning first 4KB for apiVersion: via ci_strstr()
- Declare both helpers in pipeline_internal.h Infrascan helpers section

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: shanemccarron-maker

internal/cbm/cbm.h

@@ -75,6 +75,8 @@ typedef enum {
     CBM_LANG_FORM,
     CBM_LANG_MAGMA,
     CBM_LANG_WOLFRAM,
+    CBM_LANG_KUSTOMIZE,  // kustomization.yaml — Kubernetes overlay tool
+    CBM_LANG_K8S,        // Generic Kubernetes manifest (apiVersion: detected)
     CBM_LANG_COUNT
 } CBMLanguage;
 

src/discover/language.c

@@ -273,6 +273,8 @@ static const filename_entry_t FILENAME_TABLE[] = {
     {"GNUmakefile", CBM_LANG_MAKEFILE}, {"Makefile", CBM_LANG_MAKEFILE},
     {"makefile", CBM_LANG_MAKEFILE},    {"meson.build", CBM_LANG_MESON},
     {"meson.options", CBM_LANG_MESON},  {"meson_options.txt", CBM_LANG_MESON},
+    {"kustomization.yaml", CBM_LANG_KUSTOMIZE},
+    {"kustomization.yml",  CBM_LANG_KUSTOMIZE},
     {".vimrc", CBM_LANG_VIMSCRIPT},
 };
 
@@ -345,6 +347,8 @@ static const char *LANG_NAMES[CBM_LANG_COUNT] = {
     [CBM_LANG_FORM] = "FORM",
     [CBM_LANG_MAGMA] = "Magma",
     [CBM_LANG_WOLFRAM] = "Wolfram",
+    [CBM_LANG_KUSTOMIZE] = "Kustomize",
+    [CBM_LANG_K8S]       = "Kubernetes",
 };
 
 /* ── Public API ──────────────────────────────────────────────────── */

src/pipeline/pass_infrascan.c

@@ -192,6 +192,25 @@ bool cbm_is_env_file(const char *name) {
     return false;
 }
 
+bool cbm_is_kustomize_file(const char *name) {
+    if (!name) { return false; }
+    char lower[256];
+    to_lower(name, lower, sizeof(lower));
+    return (strcmp(lower, "kustomization.yaml") == 0 ||
+            strcmp(lower, "kustomization.yml") == 0);
+}
+
+// NOLINTNEXTLINE(bugprone-easily-swappable-parameters)
+bool cbm_is_k8s_manifest(const char *name, const char *content) {
+    if (!name || !content || cbm_is_kustomize_file(name)) { return false; }
+    char buf[4097];
+    size_t n = strlen(content);
+    if (n > 4096) { n = 4096; }
+    memcpy(buf, content, n);
+    buf[n] = '\0';
+    return ci_strstr(buf, "apiVersion:") != NULL;
+}
+
 // NOLINTNEXTLINE(bugprone-easily-swappable-parameters)
 bool cbm_is_shell_script(const char *name, const char *ext) {
     (void)name;

src/pipeline/pipeline_internal.h

@@ -218,6 +218,8 @@ bool cbm_is_compose_file(const char *name);
 bool cbm_is_cloudbuild_file(const char *name);
 bool cbm_is_env_file(const char *name);
 bool cbm_is_shell_script(const char *name, const char *ext);
+bool cbm_is_kustomize_file(const char *name);
+bool cbm_is_k8s_manifest(const char *name, const char *content);
 
 /* Secret detection */
 bool cbm_is_secret_binding(const char *key, const char *value);