Skip to content

feat: add local vulnerability scanning scripts #154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
vredchenko wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

feat: add local vulnerability scanning scripts #154

vredchenko wants to merge 2 commits into from

Conversation

@vredchenko
Copy link
Collaborator

@vredchenko vredchenko commented Jan 30, 2026

Summary

Add local vulnerability scanning scripts for developer use.

Changes

  • scripts/osv-scan-repos.sh - Multi-language scanner using osv-scanner Go binary
  • scripts/pip-audit-scan-repos.sh - Python-only scanner using uvx pip-audit (no install needed)

Both scripts:

  • Scan all ERIC workspace repos by default
  • Support markdown output via -o flag
  • Include usage help via -h flag

Related

Implements first two tasks from #153

Test plan

  • Run ./scripts/osv-scan-repos.sh -h - verify help output
  • Run ./scripts/pip-audit-scan-repos.sh -h - verify help output
  • Run ./scripts/pip-audit-scan-repos.sh - verify scans Python repos
  • Run with -o results.md - verify markdown output

@vredchenko
feat: add secrets scanning workflow and pre-commit hooks
d87d8cf 
- Add leaked-secrets-scan.yml workflow for daily and PR-based scanning
- Move osv-scanner.toml from webui/ to repo root (consolidate config)
- Add .pre-commit-config.yaml with detect-secrets hook
- Add .secrets.baseline (no secrets detected)
@vredchenko
feat: add local vulnerability scanning scripts
e4afd9f 
- osv-scan-repos.sh: multi-language scanner using osv-scanner Go binary
- pip-audit-scan-repos.sh: Python-only scanner using uvx pip-audit

Both scripts scan ERIC workspace repos by default and support
markdown output via -o flag.

Relates to #153
@vredchenko vredchenko added devops CI/CD, deployment, infrastructure, or tooling work security Security fixes, audits, or vulnerability remediation smartem-devtools Developer tooling, documentation, and workspace configuration labels Jan 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

devops CI/CD, deployment, infrastructure, or tooling work security Security fixes, audits, or vulnerability remediation smartem-devtools Developer tooling, documentation, and workspace configuration

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vredchenko