8 Commits

Author	SHA1	Message	Date
devitway	6b4d627fa2	fix: allow NCSA license for libfuzzer-sys in cargo-deny	2026-03-18 09:27:30 +00:00
devitway	d0441f31d1	fix: correct cargo-deny key for unused license allowance	2026-03-18 09:19:50 +00:00
devitway	1956401932	fix: allow unused license entries in cargo-deny config	2026-03-18 09:15:25 +00:00
devitway	233b83f902	security: make CI gates blocking, add smoke test, clean up dead code ... - gitleaks, cargo audit, trivy fs now block pipeline on findings - add smoke test (docker run + curl /health) in release workflow - deny.toml: add review date to RUSTSEC-2025-0119 ignore - remove unused validation functions (maven, npm, crate) - replace blanket #![allow(dead_code)] with targeted allows	2026-03-15 19:25:00 +00:00
devitway	dd29707395	ci: ignore RUSTSEC-2025-0119 (number_prefix unmaintained, transitive via indicatif)	2026-02-24 12:06:34 +00:00
devitway	e7a6a652af	ci: allow CDLA-Permissive-2.0 license (webpki-roots)	2026-02-24 11:54:19 +00:00
devitway	eb4f82df07	ci: fix deny.toml deprecated keys (copyleft, unlicensed removed in cargo-deny)	2026-02-24 10:26:58 +00:00
devitway	6ad710ff32	ci: add security scanning and SBOM to release pipeline ... - ci.yml: add security job (gitleaks, cargo-audit, cargo-deny, trivy fs) - release.yml: restructure into build-binary + build-docker matrix + release - build binary once on self-hosted, reuse across all Docker builds - trivy image scan per matrix variant, results to GitHub Security tab - SBOM generation in SPDX and CycloneDX formats attached to release - deny.toml: cargo-deny policy (allowed licenses, banned openssl, crates.io only) - Dockerfile: remove Rust build stage, use pre-built binary - Dockerfile.astra, Dockerfile.redos: FROM scratch for Russian certified OS support	2026-02-23 11:37:27 +00:00