github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-11 17:46:29 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Repo Security Tab #10916

New Issue
Closed
opened 2025-11-02 09:22:03 -06:00 by GiteaMirror · 4 comments
GiteaMirror commented 2025-11-02 09:22:03 -06:00
Owner
Copy Link

Originally created by @pkeech on GitHub (May 25, 2023).

Feature Description

With the implementation of Gitea Actions, has there been discussions about creating a Security tab to display the results of commonly used security tools? For example, displaying the CVEs found from a vulnerability scan. Gitlab utilizes a security dashboard and Github uses the tab (see Screenshot).

IMHO either approach would provide benefit to the Gitea community and shouldn't be too hard to implement ... with the exception of support for specific tools reports.

Screenshots

Screenshot 2023-05-25 at 8 37 26 AM

Originally created by @pkeech on GitHub (May 25, 2023). ### Feature Description With the implementation of Gitea Actions, has there been discussions about creating a Security tab to display the results of commonly used security tools? For example, displaying the CVEs found from a vulnerability scan. Gitlab utilizes a security dashboard and Github uses the tab (see Screenshot). IMHO either approach would provide benefit to the Gitea community and shouldn't be too hard to implement ... with the exception of support for specific tools reports. ### Screenshots ![Screenshot 2023-05-25 at 8 37 26 AM](https://github.com/go-gitea/gitea/assets/65731523/030a75f6-761b-44d4-85b7-bdd81d76db8e)
GiteaMirror added the type/proposaltype/feature labels 2025-11-02 09:22:03 -06:00
GiteaMirror commented 2025-11-02 09:22:04 -06:00
Author
Owner
Copy Link

@silverwind commented on GitHub (Jun 4, 2024):

Have also been looking for something like this. I think it could be done to add "Security" tab and within that a "Alerts" category along with an API to CRUD the entries that could be done during CI.

@silverwind commented on GitHub (Jun 4, 2024): Have also been looking for something like this. I think it could be done to add "Security" tab and within that a "Alerts" category along with an API to CRUD the entries that could be done during CI.
GiteaMirror commented 2025-11-02 09:22:04 -06:00
Author
Owner
Copy Link

@GammaGames commented on GitHub (Jun 19, 2024):

It looks like that's an enterprise feature: https://docs.gitea.com/enterprise/features/dependency-scan

image

@GammaGames commented on GitHub (Jun 19, 2024): It looks like that's an enterprise feature: https://docs.gitea.com/enterprise/features/dependency-scan ![image](https://github.com/go-gitea/gitea/assets/7832163/e91f6845-1f7b-4eee-a4fa-767403fe25a1)
GiteaMirror commented 2025-11-02 09:22:05 -06:00
Author
Owner
Copy Link

@pkeech commented on GitHub (Jun 21, 2024):

@GammaGames Thanks for pointing that out. Shame that this is being locked behind the Enterprise license.

@pkeech commented on GitHub (Jun 21, 2024): @GammaGames Thanks for pointing that out. Shame that this is being locked behind the Enterprise license.
GiteaMirror commented 2025-11-02 09:22:05 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (Jun 21, 2024):

@pkeech to clarify: it's not being locked at all. there is a process that is happening to be able to contribute the functionality to the Gitea project. It was developed for a 3rd party under a contract where they are the rights holder, and the Gitea project requires that all contributions be able to fall under the DCO (similar to many other OSS projects, including the Linux Kernel). CommitGo has been fortunate that some customers are familiar with OSS and have written into the contract that the work we do for them is MIT-licensed and can be released immediately; some larger organizations have set contracts that cannot be changed (especially if trade secrets are involved as any code needs to be vetted prior to contribution to ensure that nothing sensitive is included). CommitGo is working with those customers to educate them on OSS (so in the future this will be a streamlined process) and to have the code be able to be accepted by the Gitea project.

If you (a theoretical person, not you specifically) think, "That's all nice, but you can just say that and do nothing," you can look at work CommitGo has already been able to work with folks and release such as "SAML, Azure Object Store, Max User Limitations, and many more," and that's not even everything, as the Company itself has contributed the entire initial implementation of Gitea Actions. The company has also been able to contract for PR completion and have that directly contribute to the project, and it is sponsoring several bounties for the project.

@GammaGames @herrwusel @averagehelper ^

@techknowlogick commented on GitHub (Jun 21, 2024): @pkeech to clarify: it's not being locked at all. there is a process that is happening to be able to contribute the functionality to the Gitea project. It was developed for a 3rd party under a contract where they are the rights holder, and the Gitea project requires that all contributions be able to fall under the DCO (similar to many other OSS projects, including the Linux Kernel). CommitGo has been fortunate that some customers are familiar with OSS and have written into the contract that the work we do for them is MIT-licensed and can be released immediately; some larger organizations have set contracts that cannot be changed (especially if trade secrets are involved as any code needs to be vetted prior to contribution to ensure that nothing sensitive is included). CommitGo is working with those customers to educate them on OSS (so in the future this will be a streamlined process) and to have the code be able to be accepted by the Gitea project. If you (a theoretical person, not you specifically) think, "That's all nice, but you can just say that and do nothing," you can look at work CommitGo has already been able to work with folks and release such as "SAML, Azure Object Store, Max User Limitations, and many more," and that's not even everything, as the Company itself has contributed the entire initial implementation of Gitea Actions. The company has also been able to contract for PR completion and have that directly contribute to the project, and it is sponsoring several bounties for the project. @GammaGames @herrwusel @averagehelper ^
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/feature type/proposal
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#10916
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?