- Extract package manager from PURL instead of CycloneDX component type
(was showing "library"/"file" instead of "npm"/"cargo"/"pip" etc.)
- Generate missing lock files (Cargo.lock, package-lock.json) before Syft
scan so repos that gitignore them still get full dependency trees
- Enable Syft remote license lookups for Go, JS, Python, and Java
- Enrich Cargo entries with license data from cargo metadata
- Parse CycloneDX license expressions (e.g. "MIT OR Apache-2.0")
- Delete stale SBOM entries on rescan instead of only upserting
- Add /api/v1/sbom/filters endpoint for dynamic filter options
- Make manager and license dropdowns dynamic from actual DB data
- Add cargo, npm, go, php, ruby, composer, bundler to Docker image
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds code inspector, file tree components, graph visualization JS,
graph API handlers, sidebar navigation updates, and misc improvements.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add DAST scanning and code knowledge graph features across the stack:
- compliance-dast and compliance-graph workspace crates
- Agent API handlers and routes for DAST targets/scans and graph builds
- Core models and traits for DAST and graph domains
- Dashboard pages for DAST targets/findings/overview and graph explorer/impact
- Toast notification system with auto-dismiss for async action feedback
- Button click animations and disabled states for better UX
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Run cargo fmt on all crates
- Fix regex patterns using unsupported lookahead in patterns.rs
- Replace unwrap() calls with compile_regex() helper
- Fix never type fallback in GitHub tracker
- Fix redundant field name in findings page
- Allow enum_variant_names for Dioxus Route enum
- Fix &mut Vec -> &mut [T] clippy lint in sbom.rs
- Mark unused-but-intended APIs with #[allow(dead_code)]
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
