// Copyright 2026 Moko Consulting // SPDX-License-Identifier: GPL-3.0-or-later package security import ( security_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/security" "code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git" ) // Finding represents a single security issue found by a scanner. type Finding struct { Scanner security_model.ScannerType Severity security_model.AlertSeverity RuleID string Title string Description string FilePath string LineNumber int CommitSHA string Fingerprint string // unique identifier for dedup Metadata string // JSON extra data } // Scanner is the interface all security scanner modules implement. type Scanner interface { // Type returns the scanner type identifier. Type() security_model.ScannerType // ScanCommit scans a single commit and returns findings. ScanCommit(commit *git.Commit) ([]Finding, error) // ScanTree scans the full repository tree and returns findings. ScanTree(commit *git.Commit) ([]Finding, error) }