File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -89,6 +89,19 @@ export interface SecurityScanReport {
8989 pass1_complete ?: boolean // Security scan (fast) done
9090 pass2_complete ?: boolean // Supply chain audit done
9191 pass2_running ?: boolean // Supply chain audit in progress
92+ // Opt-in deep-scan availability (Spec 077 US3). Informational only — a failed
93+ // or unavailable deep scanner never changes the baseline verdict/status.
94+ deep_scan ?: DeepScanDescriptor
95+ }
96+
97+ // DeepScanDescriptor reports the informational status of the opt-in "deep scan"
98+ // layer (Docker-based scanners + source extraction) separately from the
99+ // baseline verdict (Spec 077 US3). Rendered as a quiet info note, never an error.
100+ export interface DeepScanDescriptor {
101+ enabled : boolean
102+ ran : boolean
103+ available : boolean
104+ scanners_failed ?: { id : string ; reason : string } [ ]
92105}
93106
94107// Scan job summary for history listing
Original file line number Diff line number Diff line change 130130 </span >
131131 </div >
132132
133+ <!-- Deep scan (opt-in) availability — Spec 077 US3. Informational ONLY:
134+ a failed or unavailable deep scanner NEVER changes the baseline
135+ verdict above, so it is rendered as info, never an error. -->
136+ <div v-if =" report.deep_scan && report.deep_scan.enabled" class =" alert alert-info" >
137+ <svg class =" w-5 h-5 shrink-0" fill =" none" stroke =" currentColor" viewBox =" 0 0 24 24" >
138+ <path stroke-linecap =" round" stroke-linejoin =" round" stroke-width =" 2" d =" M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
139+ </svg >
140+ <div >
141+ <div class =" font-semibold" >Deep scan (optional)</div >
142+ <span v-if =" (report.deep_scan.scanners_failed?.length ?? 0) > 0" class =" text-sm" >
143+ {{ report.deep_scan.scanners_failed!.length }} deep scanner(s) were unavailable this run
144+ ({{ report.deep_scan.scanners_failed!.map((f: { id: string; reason: string }) => f.id).join(', ') }}).
145+ This does not affect the baseline verdict shown above.
146+ </span >
147+ <span v-else class =" text-sm" >Deep scan ran. Its findings are merged into the report above.</span >
148+ </div >
149+ </div >
150+
133151 <!-- Scan incomplete warnings -->
134152 <div v-if =" report.scan_complete === false && report.empty_scan" class =" alert alert-warning" >
135153 <svg class =" w-6 h-6" fill =" none" stroke =" currentColor" viewBox =" 0 0 24 24" >
Original file line number Diff line number Diff line change 2424 </div >
2525 </div >
2626
27+ <!-- Baseline vs. deep scan (Spec 077 US3): the deterministic offline
28+ baseline runs for every server with zero setup; the Docker-based
29+ scanners below are an opt-in "deep scan" that enriches the report but
30+ never blocks or degrades the baseline verdict. -->
31+ <div class =" alert alert-info shadow-sm" >
32+ <svg class =" w-5 h-5 shrink-0" fill =" none" stroke =" currentColor" viewBox =" 0 0 24 24" >
33+ <path stroke-linecap =" round" stroke-linejoin =" round" stroke-width =" 2" d =" M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
34+ </svg >
35+ <div >
36+ <div class =" font-semibold" >Deterministic baseline is always on</div >
37+ <span class =" text-sm" >
38+ Every server is scanned by the offline baseline engine with no Docker required.
39+ The scanners below are an opt-in <span class =" font-medium" >deep scan</span > — enable
40+ them (<code class =" font-mono text-xs" >security.deep_scan.enabled</code >) for extra
41+ source-level analysis. Deep-scan failures are informational and never change the
42+ baseline verdict.
43+ </span >
44+ </div >
45+ </div >
46+
2747 <!-- Scan All Progress Card -->
2848 <div v-if =" queueProgress && queueProgress.status !== 'idle'" class =" card bg-base-100 shadow-xl" >
2949 <div class =" card-body" >
You can’t perform that action at this time.
0 commit comments