breakpilot-compliance

Author	SHA1	Message	Date
Benjamin Admin	5f8009e844	fix(security): remove hardcoded Qdrant key + allowlist doc false-positives CI / detect-changes (pull_request) Successful in 8s Details CI / branch-name (pull_request) Successful in 1s Details CI / guardrail-integrity (pull_request) Successful in 5s Details CI / secret-scan (pull_request) Successful in 6s Details CI / dep-audit (pull_request) Failing after 54s Details CI / sbom-scan (pull_request) Failing after 1m3s Details CI / build-sha-integrity (pull_request) Successful in 5s Details CI / validate-canonical-controls (pull_request) Successful in 4s Details CI / loc-budget (pull_request) Successful in 17s Details CI / go-lint (pull_request) Failing after 13s Details CI / python-lint (pull_request) Failing after 13s Details CI / nodejs-lint (pull_request) Failing after 1m8s Details CI / nodejs-build (pull_request) Successful in 3m0s Details CI / test-go (pull_request) Successful in 1m0s Details CI / iace-gt-coverage (pull_request) Successful in 22s Details CI / test-python-backend (pull_request) Successful in 30s Details CI / test-python-document-crawler (pull_request) Successful in 13s Details CI / test-python-dsms-gateway (pull_request) Successful in 16s Details secret-scan (gitleaks) had never run on a PR (broken checkout). A real Qdrant dev API key was hardcoded in 4 pre-existing files; removed in favour of env / gitea-secret references (scripts read QDRANT_API_KEY from os.environ; rag-ingest workflow references a gitea Actions secret). The remaining ~52 findings are doc curl examples + .env.example placeholders + a rule_key identifier, allowlisted in .gitleaks.toml (default ruleset kept). gitleaks now reports 0 findings. ACTION REQUIRED: rotate the Qdrant dev API key — the leaked value is in git history. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-21 14:37:54 +02:00

1 Commits