MokoConsulting/MokoGitea

feat(security): built-in security scanning platform (#508) #540

Merged

jmiller merged 1 commits from feat/508-security-scanner into dev

2026-06-06 21:24:18 +00:00

Author	SHA1	Message	Date
Jonathan Miller	f7c1904625	feat(security): built-in security scanning platform (#508 ) Generic: Repo Health / Scripts governance (push) Blocked by required conditions Details Generic: Repo Health / Repository health (push) Blocked by required conditions Details Generic: Repo Health / Report Issues (push) Blocked by required conditions Details Generic: Repo Health / Site Health (push) Has been skipped Details Generic: Repo Health / Access control (push) Successful in 1s Details Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions Details Universal: PR Check / Report Issues (pull_request) Blocked by required conditions Details Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions Details Generic: Repo Health / Repository health (pull_request) Blocked by required conditions Details Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions Details Branch Policy Check / Verify merge target (pull_request) Successful in 1s Details Generic: Repo Health / Site Health (pull_request) Has been skipped Details Universal: PR Check / Branch Policy (pull_request) Successful in 1s Details Generic: Repo Health / Access control (pull_request) Successful in 1s Details PR RC Release / Build RC Release (pull_request) Successful in 2s Details Universal: PR Check / Validate PR (pull_request) Failing after 5s Details Branch Cleanup / Delete merged branch (pull_request) Successful in 1s Details Universal: Pre-Release / Build Pre-Release (${{ inputs.stability \|\| 'development' }}) (pull_request) Successful in 1m44s Details Add a pluggable security scanning framework with secret detection as the first scanner module. Scans run on push to default branch and on-demand via the Security settings page. Includes: - Scanner interface for pluggable scanner types - Secret scanner with 15 built-in patterns (AWS, GitHub, Stripe, etc.) - SecurityAlert model with fingerprint-based dedup - SecurityScannerConfig per-repo settings - Migration v349 for security tables - Repo settings Security page with alerts table - Scan Now button for on-demand scanning - Alert resolve/dismiss actions - Push-time scanning in post-receive hook	2026-06-06 16:23:08 -05:00