RedAmon Files

Added

• GVM Vulnerability Scanning — full end-to-end integration of Greenbone Vulnerability Management (GVM/OpenVAS) into the RedAmon pipeline:
• Python scanner module (gvm_scan/) with GVMScanner class wrapping the GMP protocol for headless API-based scanning
• Orchestrator endpoints (/gvm/{id}/start, /gvm/{id}/status, /gvm/{id}/stop, /gvm/{id}/logs) with SSE log streaming
• Webapp API routes, useGvmStatus polling hook, useGvmSSE streaming hook, toolbar buttons, and log drawer on the Graph page
• Neo4j graph integration — GVM findings stored as Vulnerability nodes (source="gvm") linked to IP/Subdomain via HAS_VULNERABILITY, with associated CVE nodes
• JSON result download from the Graph page toolbar
• GitHub Secret Hunt — automated secret and credential detection across GitHub organizations and user repositories:
• Python scanner module (github_secret_hunt/) with GitHubSecretHunter class supporting 40+ regex patterns for AWS, Azure, GCP, GitHub, Slack, Stripe, database connection strings, CI/CD tokens, cryptographic keys, JWT/Bearer tokens, and more
• High-entropy string detection via Shannon entropy to catch unknown secret formats
• Sensitive filename detection (.env, .pem, .key, credentials files, Kubernetes kubeconfig, Terraform tfvars, etc.)
• Commit history scanning (configurable depth, default 100 commits) and gist scanning
• Organization member repository enumeration with rate-limit handling and exponential backoff
• Orchestrator endpoints (/github-hunt/{id}/start, /github-hunt/{id}/status, /github-hunt/{id}/stop, /github-hunt/{id}/logs) with SSE log streaming
• Webapp API routes for start, status, stop, log streaming, and JSON result download
• useGithubHuntStatus polling hook and useGithubHuntSSE streaming hook for real-time UI updates
• Graph page toolbar integration with start/stop button, log drawer, and result download
• JSON output with statistics (repos scanned, files scanned, commits scanned, gists scanned, secrets found, sensitive files, high-entropy findings)
• GitHub Hunt Per-Project Settings — GitHub scan configuration is now configurable per-project via the webapp UI:
• New "GitHub" section in Project Settings with token, target org/user, and scan options
• 7 configurable fields: Access Token, Target Organization, Scan Members, Scan Gists, Scan Commits, Max Commits, Output JSON
• github_secret_hunt/project_settings.py mirrors the recon/GVM settings pattern (fetch from webapp API, fallback to defaults)
• 7 new Prisma schema fields (github_access_token, github_target_org, github_scan_members, github_scan_gists, github_scan_commits, github_max_commits, github_output_json)
• GVM Per-Project Settings — GVM scan configuration is now configurable per-project via the webapp UI:
• New "GVM Scan" tab in Project Settings (between Integrations and Agent Behaviour)
• 5 configurable fields: Scan Profile, Scan Targets Strategy, Task Timeout, Poll Interval, Cleanup After Scan
• gvm_scan/project_settings.py mirrors the recon/agentic settings pattern (fetch from webapp API, fallback to defaults)
• Defaults served via orchestrator /defaults endpoint using importlib to avoid module name collision
• 5 new Prisma schema fields (gvm_scan_config, gvm_scan_targets, gvm_task_timeout, gvm_poll_interval, gvm_cleanup_after_scan)

Changed

• Webapp Dockerfile — embedded Prisma CLI in the production image; entrypoint now runs prisma db push automatically on startup, eliminating the separate webapp-init container
• Dev Compose — docker-compose.dev.yml now runs prisma db push before npm run dev to ensure schema is always in sync
• Docker Compose — removed webapp-init service and webapp_prisma_cache volume; webapp handles its own schema migration

Removed

• webapp-init service — replaced by automatic migration in the webapp entrypoint (both production and dev modes)
• gvm_scan/params.py — hardcoded GVM settings replaced by per-project project_settings.py