MokoConsulting/MokoGitea-APP
1
0
Fork 0
Code Issues 154 Pull Requests 1 Releases 96 Wiki Activity
Files
dev
MokoGitea-APP/services/security/scanner.go
T
Jonathan Miller f7c1904625
Generic: Repo Health / Site Health (push) Has been skipped
Details
Generic: Repo Health / Access control (push) Successful in 1s
Details
Branch Policy Check / Verify merge target (pull_request) Successful in 1s
Details
Generic: Repo Health / Site Health (pull_request) Has been skipped
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Details
Generic: Repo Health / Access control (pull_request) Successful in 1s
Details
PR RC Release / Build RC Release (pull_request) Successful in 2s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 5s
Details
Branch Cleanup / Delete merged branch (pull_request) Successful in 1s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || 'development' }}) (pull_request) Successful in 1m44s
Details
Generic: Repo Health / Scripts governance (push) Has been cancelled
Details
Generic: Repo Health / Repository health (push) Has been cancelled
Details
Generic: Repo Health / Report Issues (push) Has been cancelled
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
Generic: Repo Health / Scripts governance (pull_request) Has been cancelled
Details
Generic: Repo Health / Repository health (pull_request) Has been cancelled
Details
Generic: Repo Health / Report Issues (pull_request) Has been cancelled
Details
feat(security): built-in security scanning platform (#508) 
Add a pluggable security scanning framework with secret detection
as the first scanner module. Scans run on push to default branch
and on-demand via the Security settings page.

Includes:
- Scanner interface for pluggable scanner types
- Secret scanner with 15 built-in patterns (AWS, GitHub, Stripe, etc.)
- SecurityAlert model with fingerprint-based dedup
- SecurityScannerConfig per-repo settings
- Migration v349 for security tables
- Repo settings Security page with alerts table
- Scan Now button for on-demand scanning
- Alert resolve/dismiss actions
- Push-time scanning in post-receive hook
2026-06-06 16:23:08 -05:00

36 lines
1.0 KiB
Go
Raw Permalink Blame History

// Copyright 2026 Moko Consulting <hello@mokoconsulting.tech>
// SPDX-License-Identifier: GPL-3.0-or-later
package security
import (
security_model "code.mokoconsulting.tech/MokoConsulting/MokoGitea/models/security"
"code.mokoconsulting.tech/MokoConsulting/MokoGitea/modules/git"
)
// Finding represents a single security issue found by a scanner.
type Finding struct {
Scanner security_model.ScannerType
Severity security_model.AlertSeverity
RuleID string
Title string
Description string
FilePath string
LineNumber int
CommitSHA string
Fingerprint string // unique identifier for dedup
Metadata string // JSON extra data
}
// Scanner is the interface all security scanner modules implement.
type Scanner interface {
// Type returns the scanner type identifier.
Type() security_model.ScannerType
// ScanCommit scans a single commit and returns findings.
ScanCommit(commit *git.Commit) ([]Finding, error)
// ScanTree scans the full repository tree and returns findings.
ScanTree(commit *git.Commit) ([]Finding, error)
}
Reference in New Issue View Git Blame Copy Permalink