sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues 51 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity
Pulse Contributors Code Frequency Recent Commits

2025-10-25 - 2026-04-25
Period: 6 months
1 day 3 days 1 week 1 month 3 months 6 months 1 year

Overview

26 Active Pull Requests
51 Active Issues
25
Merged Pull Requests 1
Proposed Pull Request 0
Closed Issues 51
New Issues
Excluding merges, 3 authors have pushed 55 commits to main and 87 commits to all branches. On main, 342 files have changed and there have been 80772 additions and 12757 deletions.

1 Release published by 1 user

Published v0.2.0 v0.2.0 — AI-Native Security & Compliance Platform 2026-03-30 13:18:47 +00:00

25 Pull requests merged by 1 user

Merged #55 fix: CVE notifications during scan + help chat doc loading + Dockerfile 2026-03-30 13:10:56 +00:00

Merged #53 feat: hourly CVE alerting with notification bell and API 2026-03-30 10:39:39 +00:00

Merged #52 feat: add E2E test suite with nightly CI, fix dashboard Dockerfile 2026-03-30 10:04:07 +00:00

Merged #51 feat: add floating help chat widget, remove settings page 2026-03-30 08:05:30 +00:00

Merged #50 fix: cascade-delete DAST targets, pentests, and downstream data on repo delete 2026-03-30 07:11:24 +00:00

Merged #49 feat: refine all LLM system prompts for precision and reduced false positives 2026-03-30 07:11:17 +00:00

Merged #48 feat: deduplicate code review findings across LLM passes 2026-03-29 20:38:53 +00:00

Merged #47 fix: check Gitea API response status and fallback for PR reviews 2026-03-25 16:26:09 +00:00

Merged #22 fix: stop storing code review findings in dashboard 2026-03-18 15:18:07 +00:00

Merged #16 feat: pentest onboarding — streaming, browser automation, reports, user cleanup 2026-03-17 20:32:21 +00:00

Merged #15 fix: remote Chrome PDF export & MCP endpoint sync 2026-03-13 10:12:20 +00:00

Merged #14 ci: consolidate CI into single job; fix sidebar footer 2026-03-13 09:44:32 +00:00

Merged #13 refactor: modularize codebase and add 404 unit tests 2026-03-13 08:03:46 +00:00

Merged #12 feat: AI-driven automated penetration testing 2026-03-12 14:42:54 +00:00

Merged #11 docs: rewrite user-facing documentation with screenshots 2026-03-11 15:26:01 +00:00

Merged #10 feat: per-repo issue tracker, Gitea support, PR review pipeline 2026-03-11 12:14:00 +00:00

Merged #9 fix: resolve cargo audit failures by updating tantivy, scraper, quinn-proto 2026-03-10 14:05:25 +00:00

Merged #8 fix: SBOM multi-ecosystem support with correct package managers and licenses 2026-03-10 12:37:30 +00:00

Merged #7 feat: UI improvements with icons, back navigation, and overview cards 2026-03-09 17:09:41 +00:00

Merged #6 feat: findings refinement, new scanners, and deployment tooling 2026-03-09 12:53:13 +00:00

Merged #5 feat: add MCP server for exposing compliance data to LLMs 2026-03-09 08:21:04 +00:00

Merged #4 docs: added vite-press docs 2026-03-08 13:59:50 +00:00

Merged #3 feat: opentelemetry-tracing 2026-03-07 23:51:20 +00:00

Merged #2 feat: add Keycloak authentication for dashboard and API endpoints 2026-03-07 23:50:57 +00:00

Merged #1 feat: rag-embedding-ai-chat 2026-03-06 21:54:16 +00:00

1 Pull request proposed by 1 user

Proposed #23 feat: add user login and data processing endpoint 2026-03-18 16:00:43 +00:00

51 Issues created by 1 user

Opened #18 test: verify Auth0 user cleanup integration 2026-03-17 18:59:36 +00:00

Opened #19 test: verify Okta user cleanup integration 2026-03-17 18:59:36 +00:00

Opened #17 feat: implement Firebase user cleanup for pentest sessions 2026-03-17 18:59:36 +00:00

Opened #20 test: verify PR scanning and review comments 2026-03-17 18:59:37 +00:00

Opened #21 test: verify issue tracker integrations (GitHub, GitLab, Jira) 2026-03-17 18:59:37 +00:00

Opened #24 [high] semgrep: Insecure WebSocket Detected. WebSocket Secure (wss) should be used for all WebSocket connections. 2026-03-18 16:01:23 +00:00

Opened #26 [medium] semgrep: Dangerously accepting invalid TLS information 2026-03-18 16:01:23 +00:00

Opened #25 [high] semgrep: Insecure WebSocket Detected. WebSocket Secure (wss) should be used for all WebSocket connections. 2026-03-18 16:01:23 +00:00

Opened #35 [high] gdpr-patterns: PII data potentially logged 2026-03-18 16:01:24 +00:00

Opened #34 [high] gdpr-patterns: PII data potentially logged 2026-03-18 16:01:24 +00:00

Opened #30 [medium] gdpr-patterns: Missing data deletion capability 2026-03-18 16:01:24 +00:00

Opened #28 [medium] semgrep: Service 'mailserver' allows for privilege escalation via setuid or setgid binaries. Add 'no-new-privileges:true' in 'security_opt' to prevent this. 2026-03-18 16:01:24 +00:00

Opened #29 [medium] semgrep: Service 'mailserver' is running with a writable root filesystem. This may allow malicious applications to download and run additional payloads, or modify container files. If an application inside a container has to save something temp… 2026-03-18 16:01:24 +00:00

Opened #31 [medium] gdpr-patterns: Missing data deletion capability 2026-03-18 16:01:24 +00:00

Opened #33 [high] gdpr-patterns: PII data potentially logged 2026-03-18 16:01:24 +00:00

Opened #27 [medium] semgrep: Dangerously accepting invalid TLS information 2026-03-18 16:01:24 +00:00

Opened #32 [medium] gdpr-patterns: Missing data deletion capability 2026-03-18 16:01:24 +00:00

Opened #37 [medium] gdpr-patterns: Data collection without apparent consent mechanism 2026-03-18 16:01:25 +00:00

Opened #40 [medium] oauth-patterns: OAuth flow without PKCE 2026-03-18 16:01:25 +00:00

Opened #36 [medium] gdpr-patterns: Data collection without apparent consent mechanism 2026-03-18 16:01:25 +00:00

Opened #38 [medium] gdpr-patterns: Data collection without apparent consent mechanism 2026-03-18 16:01:25 +00:00

Opened #39 [medium] gdpr-patterns: Data collection without apparent consent mechanism 2026-03-18 16:01:25 +00:00

Opened #43 [high] gitleaks: Secret detected: Detected a Generic API Key, potentially exposing access to various services and sensitive operations. 2026-03-18 16:01:25 +00:00

Opened #44 [high] gitleaks: Secret detected: Detected a Generic API Key, potentially exposing access to various services and sensitive operations. 2026-03-18 16:01:25 +00:00

Opened #41 [high] oauth-patterns: OAuth implicit grant flow detected 2026-03-18 16:01:25 +00:00

Opened #42 [high] oauth-patterns: OAuth implicit grant flow detected 2026-03-18 16:01:25 +00:00

Opened #45 [high] gitleaks: Secret detected: Detected a Generic API Key, potentially exposing access to various services and sensitive operations. 2026-03-18 16:01:26 +00:00

Opened #46 [high] gitleaks: Secret detected: Detected a Generic API Key, potentially exposing access to various services and sensitive operations. 2026-03-18 16:01:26 +00:00

Opened #54 [medium] semgrep: Service 'mailserver' is running with a writable root filesystem. This may allow malicious applications to download and run additional payloads, or modify container files. If an application inside a container has to save something temp… 2026-03-30 11:21:43 +00:00

Opened #56 Webhook auth bypass when webhook_secret is None 2026-03-30 13:28:02 +00:00

Opened #58 JWKS cache never expires — key rotation requires restart 2026-03-30 13:28:52 +00:00

Opened #57 JWT audience validation disabled — cross-app token reuse 2026-03-30 13:28:52 +00:00

Opened #59 No request body size limit on API and webhook servers 2026-03-30 13:28:53 +00:00

Opened #60 Health endpoint does not verify database connectivity 2026-03-30 13:28:53 +00:00

Opened #61 Scheduled scans run sequentially — one slow repo blocks all others 2026-03-30 13:29:55 +00:00

Opened #63 Graph endpoints load full node/edge collections without pagination 2026-03-30 13:29:55 +00:00

Opened #62 CVE monitor loads entire SBOM collection into memory 2026-03-30 13:29:55 +00:00

Opened #65 No graceful shutdown — in-progress scans left in running state 2026-03-30 13:29:56 +00:00

Opened #64 sort_by query parameter is a NoSQL injection vector 2026-03-30 13:29:56 +00:00

Opened #66 get_attack_chain has no pagination — long sessions return unbounded data 2026-03-30 13:29:56 +00:00

Opened #68 Webhook server port is hardcoded to 3002 2026-03-30 13:29:57 +00:00

Opened #67 license_summary and SBOM export fetch entire dataset without limits 2026-03-30 13:29:57 +00:00

Opened #69 Email notification channel for CVE alerts 2026-03-30 13:31:51 +00:00

Opened #70 Webhook delivery tracking and retry 2026-03-30 13:31:52 +00:00

Opened #71 Audit logging for security-sensitive operations 2026-03-30 13:31:52 +00:00

Opened #73 Policy-as-Code: custom compliance rules via YAML 2026-03-30 13:31:53 +00:00

Opened #72 SOC2 and ISO 27001 compliance control mappings 2026-03-30 13:31:53 +00:00

Opened #74 CI/CD pipeline gates — block deploys on critical findings 2026-03-30 13:31:53 +00:00

Opened #76 File splitting refactor — no file over 250 lines 2026-03-30 13:31:54 +00:00

Opened #75 Executive compliance posture reports 2026-03-30 13:31:54 +00:00

Opened #77 Migrate secrets management to Infisical, remove Coolify env vars 2026-03-30 14:11:38 +00:00