Initial commit: breakpilot-compliance - Compliance SDK Platform

Services: Admin-Compliance, Backend-Compliance,
AI-Compliance-SDK, Consent-SDK, Developer-Portal,
PCA-Platform, DSMS

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

breakpilot-compliance-sdk/services/security-scanner/Dockerfile

@@ -0,0 +1,45 @@
+# Build stage
+FROM golang:1.22-alpine AS builder
+
+WORKDIR /app
+
+RUN apk add --no-cache git
+
+COPY go.mod go.sum* ./
+RUN go mod download
+
+COPY . .
+
+RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o security-scanner .
+
+# Runtime stage with security tools
+FROM alpine:3.19
+
+WORKDIR /app
+
+# Install security tools
+RUN apk --no-cache add ca-certificates curl git python3 py3-pip nodejs npm && \
+    # Install gitleaks
+    curl -sSfL https://github.com/gitleaks/gitleaks/releases/download/v8.18.0/gitleaks_8.18.0_linux_x64.tar.gz | tar xz -C /usr/local/bin && \
+    # Install trivy
+    curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin && \
+    # Install grype
+    curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin && \
+    # Install syft
+    curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin && \
+    # Install semgrep
+    pip3 install --break-system-packages semgrep bandit && \
+    # Cleanup
+    rm -rf /var/cache/apk/*
+
+COPY --from=builder /app/security-scanner .
+
+RUN adduser -D -g '' appuser
+USER appuser
+
+EXPOSE 8083
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+  CMD wget --no-verbose --tries=1 --spider http://localhost:8083/health || exit 1
+
+CMD ["./security-scanner"]