5.2: Vulnerability Scanner #278

Open

Rockachopa wants to merge 4 commits from step35/108-5-2-vulnerability-scanner into main

pull from: step35/108-5-2-vulnerability-scanner

merge into: Timmy_Foundation:main

Timmy_Foundation:main

Timmy_Foundation:step35/150-8-7-graph-query-engine

Timmy_Foundation:step35/230-atlas-memory-eval-run-a-live

Timmy_Foundation:step35/89-3-10-test-generation-orchest

Timmy_Foundation:step35/87-3-8-regression-test-generato

Timmy_Foundation:step35/231-atlas-wiki-build-the-llm-wik

Timmy_Foundation:step35/233-atlas-connectors-sovereign-p

Timmy_Foundation:step35/195-feat-session-transcript-harv

Timmy_Foundation:step35/199-feat-training-data-pipeline

Timmy_Foundation:step35/232-atlas-research-solve-the-swa

Timmy_Foundation:step35/127-6-9-review-quality-scorer

Timmy_Foundation:step35/99-4-4-architecture-doc-generat

Timmy_Foundation:step35/172-10-7-knowledge-gap-identifier

Timmy_Foundation:step35/162-9-8-code-duplication-detecto

Timmy_Foundation:step35/121-6-3-logic-reviewer

Timmy_Foundation:step35/104-4-9-doc-freshness-checker

Timmy_Foundation:step35/157-9-3-type-checker

Timmy_Foundation:step35/171-10-6-performance-bottleneck

Timmy_Foundation:step35/161-9-7-dependency-freshness

Timmy_Foundation:step35/140-7-8-citation-tracker

Timmy_Foundation:step35/132-feat-codebase-genome-diff-de

Timmy_Foundation:step35/135-feat-pr-complexity-scorer-es

Timmy_Foundation:step35/124-6-6-test-coverage-checker

Timmy_Foundation:step35/113-5-7-security-patch-applier

Timmy_Foundation:step35/109-5-3-update-checker

Timmy_Foundation:step35/170-10-5-automation-opportunity

Timmy_Foundation:step35/148-8-5-session-knowledge-extrac

Timmy_Foundation:step35/147-8-4-cross-repo-connector

Timmy_Foundation:step35/126-review-comment-generator

Timmy_Foundation:step35/134-gh-trending

Timmy_Foundation:step35/138-7-6-conference-talk-summariz

Timmy_Foundation:step35/96-4-1-docstring-generator

Timmy_Foundation:step35/98-4-3-api-doc-generator

Timmy_Foundation:step35/205-feat-zero-shot-knowledge-syn

Timmy_Foundation:step35/173-10-8-progress-tracker

Timmy_Foundation:step35/137-7-5-release-note-analyzer

Timmy_Foundation:step35/107-5-1-dependency-inventory

Timmy_Foundation:step35/111-5-5-transitive-dependency-an

Timmy_Foundation:step35/90-feat-gitea-issue-body-parser

Timmy_Foundation:step35/158-9-4-security-linter

Timmy_Foundation:step35/155-9-1-linter-runner

Timmy_Foundation:step35/133-feat-import-graph-visualizat

Timmy_Foundation:step35/93-feat-cross-repo-dependency-g

Timmy_Foundation:step35/112-5-6-dependency-bloat-detecto

Timmy_Foundation:step35/97-4-2-readme-generator

Timmy_Foundation:step35/91-feat-session-transcript-trai

Timmy_Foundation:step35/144-8-1-entity-extractor

Timmy_Foundation:step35/151-8-8-graph-visualizer

Timmy_Foundation:step35/88-3-9-test-documentation-gener

Timmy_Foundation:step35/197-feat-provenance-chain-source

Timmy_Foundation:step35/103-4-8-doc-link-validator

Timmy_Foundation:burn/196-1776306000

Timmy_Foundation:feat/200-knowledge-freshness-cron

Timmy_Foundation:fix/syntax-bottleneck-211

Timmy_Foundation:fix/212-dependency-graph-dot-quoting

Timmy_Foundation:fix/211-syntax-errors

Timmy_Foundation:fix/210-refactoring-opportunity-api

Timmy_Foundation:fix/210-refactoring-opportunity-finder

Timmy_Foundation:burn/210-1776305000

Timmy_Foundation:burn/211-1776305100

Timmy_Foundation:fix/211-syntax-error

Timmy_Foundation:fix/212-dot-quoting

Timmy_Foundation:fix/perf-bottleneck-syntax-211

Timmy_Foundation:fix/211-perf-bottleneck-syntax

Timmy_Foundation:burn/212-fix-dot-quoting

Timmy_Foundation:fix/211

Timmy_Foundation:fix/212-dependency-graph-quoting

Timmy_Foundation:fix/676

Timmy_Foundation:fix/198-quality-gate

Timmy_Foundation:fix/201-pytest-warnings

Timmy_Foundation:burn/210-1776852000

Timmy_Foundation:fix/676-genome-ci

Timmy_Foundation:fix/190

Timmy_Foundation:burn/170-1776263897

Timmy_Foundation:burn/169-1776263898

Timmy_Foundation:burn/174-1776263883

Timmy_Foundation:burn/171-1776263896

Timmy_Foundation:burn/168-1776263899

Timmy_Foundation:burn/172-1776263893

Timmy_Foundation:burn/175-1776263877

Timmy_Foundation:feat/179-staleness-check

Timmy_Foundation:feat/176-diff-analyzer

Timmy_Foundation:feat/177-issue-parser

Timmy_Foundation:feat/94-dead-code-detector

Timmy_Foundation:burn/172-1776218600

Timmy_Foundation:feat/93-dependency-graph

Timmy_Foundation:feat/92-knowledge-staleness-detector

Timmy_Foundation:feat/91-session-pair-harvester

Timmy_Foundation:feat/90-issue-body-parser

Timmy_Foundation:burn/110-license-checker

Timmy_Foundation:burn/118-1776218500

Timmy_Foundation:burn/17-session-sampler

Timmy_Foundation:fix/7-extraction-prompt

Timmy_Foundation:docs/genome-676

Timmy_Foundation:feat/session-metadata

Timmy_Foundation:fix/10-knowledge-format

Timmy_Foundation:fix/14-measurer

Timmy_Foundation:fix/9-auto-harvest-cron

Timmy_Foundation:fix/19-migrate-memory

Timmy_Foundation:fix/11-bootstrapper

Timmy_Foundation:fix/8-harvester

Timmy_Foundation:feat/session-reader

Timmy_Foundation:burn/8-harvester-py

Conversation 1 Commits 4 Files Changed 3 +707

Rockachopa commented 2026-04-27 00:45:16 +00:00

Owner

Copy Link

Implement vulnerability scanner for Python dependencies.

This implements issue #108: 5.2: Vulnerability Scanner

Changes

• scripts/vulnerability_scanner.py: New script that scans Python dependencies against the OSV CVE database
  • Parses requirements.txt (including -r includes)
  • Queries https://api.osv.dev/v1/query for each dependency
  • Reports vulnerabilities by severity (critical/high/medium/low)
  • Output formats: text (default), JSON (--json), or Markdown (--markdown)
  • Exit codes: 0 (none), 1 (critical/high found), 2 (other vulns)
• tests/test_vulnerability_scanner.py: 10 comprehensive tests

Acceptance criteria for #108

• Checks deps against CVE databases (OSV API)
• Reports critical/high/medium vulns
• Output: vulnerability report (text + JSON)
• Runs daily (ready for cron integration)

Closes #108

Implement vulnerability scanner for Python dependencies. This implements issue #108: **5.2: Vulnerability Scanner** ## Changes - `scripts/vulnerability_scanner.py`: New script that scans Python dependencies against the OSV CVE database - Parses requirements.txt (including -r includes) - Queries https://api.osv.dev/v1/query for each dependency - Reports vulnerabilities by severity (critical/high/medium/low) - Output formats: text (default), JSON (`--json`), or Markdown (`--markdown`) - Exit codes: 0 (none), 1 (critical/high found), 2 (other vulns) - `tests/test_vulnerability_scanner.py`: 10 comprehensive tests ## Acceptance criteria for #108 - [x] Checks deps against CVE databases (OSV API) - [x] Reports critical/high/medium vulns - [x] Output: vulnerability report (text + JSON) - [x] Runs daily (ready for cron integration) Closes #108

Rockachopa added 1 commit 2026-04-27 00:45:17 +00:00

feat: add vulnerability scanner for issue #108 ... a46d465d2d

- scripts/vulnerability_scanner.py: scan Python dependencies
  against OSV CVE database
- tests/test_vulnerability_scanner.py: 10 comprehensive tests
- Supports requirements.txt parsing with -r includes
- Outputs text, JSON, and markdown reports
- Filters by severity (critical/high/medium/low)
- Exit codes 0/1/2 for CI integration

Rockachopa added 3 commits 2026-04-27 00:47:18 +00:00

test push a7b14c4b2b

fix: handle package extras in requirements parsing ... c04227b03b

Fixed regex to correctly extract version spec when package includes
extras like django[argon2]==4.2.0. The previous pattern consumed
the version spec in the non-greedy .*? part when extras were present.

Merge fix from test branch: handle package extras 9e2514723f

Timmy commented 2026-05-02 18:34:36 +00:00

Owner

Copy Link

🛡️ Goblin Patrol Alert 🛡️

Hey brother — this PR has been idle for 5 days and is unassigned.

The goblin fleet has been notified. A goblin may claim this if it remains stale.

— Timmy Goblin Wizard King

🛡️ **Goblin Patrol Alert** 🛡️ Hey brother — this PR has been idle for **5 days** and is unassigned. The goblin fleet has been notified. A goblin may claim this if it remains stale. — Timmy Goblin Wizard King

Some checks failed

Hide all checks

Test / pytest (pull_request) Failing after 12s

Details

This pull request can be merged automatically.

This branch is out-of-date with the base branch

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin step35/108-5-2-vulnerability-scanner:step35/108-5-2-vulnerability-scanner

git checkout step35/108-5-2-vulnerability-scanner

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

acceptance-criteria

batch-pipeline

Token masterplan batch pipeline

bootstrapper

Pre-session context injection

epic

Epic-level issue

harvester

Session knowledge extraction

measurer

Compounding metrics

milestone:1

Milestone 1: Foundation

milestone:2

Milestone 2: Integration

milestone:3

Milestone 3: Measurement

milestone:4

Milestone 4: Retroactive

pipeline

Pipeline/integration work

pipeline

priority:high

priority:medium

retroactive

Processing existing sessions

throughput-10x

throughput-10x label

token-masterplan

token-masterplan label

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Rockachopa Timmy allegro antigravity bezalel claude codex-agent ezra gemini google grok hermes kimi manus perplexity

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Timmy_Foundation/compounding-intelligence#278