b02202fbc8
All checks were successful
CI / Check (pull_request) Successful in 9m47s
CI / Detect Changes (pull_request) Has been skipped
CI / Deploy Agent (pull_request) Has been skipped
CI / Deploy Dashboard (pull_request) Has been skipped
CI / Deploy Docs (pull_request) Has been skipped
CI / Deploy MCP (pull_request) Has been skipped
Implements the full CVE alerting pipeline: CVE Monitor (scheduler.rs): - Replaces stub monitor_cves with actual OSV.dev scanning of all SBOM entries - Runs hourly by default (CVE_MONITOR_SCHEDULE, was daily) - Creates CveNotification for each new CVE (deduped by cve_id+repo+package) - Updates SBOM entries with discovered vulnerabilities - Upserts CveAlert records Notification Model (compliance-core/models/notification.rs): - CveNotification with status lifecycle: new → read → dismissed - NotificationSeverity (Low/Medium/High/Critical) from CVSS scores - parse_severity helper for OSV/NVD severity mapping API Endpoints (5 new routes): - GET /api/v1/notifications — List with status/severity/repo filters - GET /api/v1/notifications/count — Unread count (for badge) - PATCH /api/v1/notifications/:id/read — Mark as read - PATCH /api/v1/notifications/:id/dismiss — Dismiss - POST /api/v1/notifications/read-all — Bulk mark read Dashboard Notification Bell: - Floating bell icon (top-right) with unread count badge - Dropdown panel showing CVE details: severity, CVSS, package, repo, summary - Dismiss individual notifications - Auto-marks as read when panel opens - Polls count every 30 seconds Also: - Fix Dockerfile.dashboard: revert to dioxus-cli 0.7.3 --locked - Add cve_notifications collection with unique + status indexes - MongoDB indexes for efficient notification queries Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>