sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues 51 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity
Files
8af810cdd26854c35b015f70eb20479c4d1f9643
compliance-scanner-agent/compliance-core/src/config.rs
Sharang Parnerkar a509bdcb2e
All checks were successful
CI / Check (push) Has been skipped
Details
CI / Detect Changes (push) Successful in 7s
Details
CI / Deploy Agent (push) Successful in 2s
Details
CI / Deploy Dashboard (push) Successful in 1s
Details
CI / Deploy Docs (push) Has been skipped
Details
CI / Deploy MCP (push) Successful in 2s
Details
fix: require TLS for IMAP auth, close port 143 (CERT-Bund compliance) 
- Remove port 143 from mailserver (only expose 993/IMAPS)
- Enable SSL_TYPE=manual with Let's Encrypt certs
- Set DOVECOT_DISABLE_PLAINTEXT_AUTH=yes
- Add pentest_imap_tls config field (defaults to true)

Fixes CERT-Bund report: IMAP PLAIN/LOGIN without TLS on 46.225.100.82:143

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 09:29:34 +01:00

50 lines
1.7 KiB
Rust
Raw Blame History

use secrecy::SecretString;
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug)]
pub struct AgentConfig {
pub mongodb_uri: String,
pub mongodb_database: String,
pub litellm_url: String,
pub litellm_api_key: SecretString,
pub litellm_model: String,
pub litellm_embed_model: String,
pub github_token: Option<SecretString>,
pub github_webhook_secret: Option<SecretString>,
pub gitlab_url: Option<String>,
pub gitlab_token: Option<SecretString>,
pub gitlab_webhook_secret: Option<SecretString>,
pub jira_url: Option<String>,
pub jira_email: Option<String>,
pub jira_api_token: Option<SecretString>,
pub jira_project_key: Option<String>,
pub searxng_url: Option<String>,
pub nvd_api_key: Option<SecretString>,
pub agent_port: u16,
pub scan_schedule: String,
pub cve_monitor_schedule: String,
pub git_clone_base_path: String,
pub ssh_key_path: String,
pub keycloak_url: Option<String>,
pub keycloak_realm: Option<String>,
pub keycloak_admin_username: Option<String>,
pub keycloak_admin_password: Option<SecretString>,
// Pentest defaults
pub pentest_verification_email: Option<String>,
pub pentest_imap_host: Option<String>,
pub pentest_imap_port: Option<u16>,
/// Use implicit TLS (IMAPS, port 993) instead of plain IMAP.
pub pentest_imap_tls: bool,
pub pentest_imap_username: Option<String>,
pub pentest_imap_password: Option<SecretString>,
}
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct DashboardConfig {
pub mongodb_uri: String,
pub mongodb_database: String,
pub agent_api_url: String,
pub dashboard_port: u16,
pub mcp_endpoint_url: Option<String>,
}
Reference in New Issue View Git Blame Copy Permalink