Devlaner · Arzu-N · Jun 30, 2026 · Jun 28, 2026 · Jun 28, 2026 · Jun 28, 2026
diff --git a/backend/apps/api/src/main/java/dev/cleat/api/CleatApiApplication.java b/backend/apps/api/src/main/java/dev/cleat/api/CleatApiApplication.java
@@ -5,7 +5,14 @@
 import org.springframework.boot.autoconfigure.domain.EntityScan;
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 
-@SpringBootApplication(scanBasePackages = {"dev.cleat.api", "dev.cleat.persistence", "dev.cleat.common"})
+@SpringBootApplication(
+        scanBasePackages = {
+            "dev.cleat.api",
+            "dev.cleat.persistence",
+            "dev.cleat.domain",
+            "dev.cleat.common",
+            "dev.cleat.scanning"
+        })
 @EnableJpaRepositories(basePackages = "dev.cleat.persistence.repository")
 @EntityScan(basePackages = "dev.cleat.persistence.entity")
 public class CleatApiApplication {

diff --git a/backend/apps/api/src/main/java/dev/cleat/api/controller/CodeScanAlertController.java b/backend/apps/api/src/main/java/dev/cleat/api/controller/CodeScanAlertController.java
@@ -0,0 +1,28 @@
+package dev.cleat.api.controller;
+
+import dev.cleat.common.dto.request.CodeScanAlertRequestDto;
+import dev.cleat.common.dto.response.CodeScanAlertResponseDto;
+import dev.cleat.scanning.service.CodeScanAlertService;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/api/v1/alerts")
+public class CodeScanAlertController {
+
+    private final CodeScanAlertService codeScanAlertService;
+
+    public CodeScanAlertController(CodeScanAlertService codeScanAlertService) {
+        this.codeScanAlertService = codeScanAlertService;
+    }
+
+    @PostMapping
+    public ResponseEntity<CodeScanAlertResponseDto> create(
+            @RequestBody CodeScanAlertRequestDto codeScanAlertRequestDto) {
+        return ResponseEntity.status(HttpStatus.CREATED).body(codeScanAlertService.create(codeScanAlertRequestDto));
+    }
+}
diff --git a/backend/apps/api/src/main/java/dev/cleat/api/controller/SecretFindingController.java b/backend/apps/api/src/main/java/dev/cleat/api/controller/SecretFindingController.java
@@ -0,0 +1,28 @@
+package dev.cleat.api.controller;
+
+import dev.cleat.common.dto.request.SecretFindingRequestDto;
+import dev.cleat.common.dto.response.SecretFindingResponseDto;
+import dev.cleat.scanning.service.SecretFindingService;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/api/v1/secrets")
+public class SecretFindingController {
+
+    private final SecretFindingService secretFindingService;
+
+    public SecretFindingController(SecretFindingService secretFindingService) {
+        this.secretFindingService = secretFindingService;
+    }
+
+    @PostMapping
+    public ResponseEntity<SecretFindingResponseDto> createSecret(
+            @RequestBody SecretFindingRequestDto secretFindingRequestDto) {
+        return ResponseEntity.status(HttpStatus.CREATED).body(secretFindingService.create(secretFindingRequestDto));
+    }
+}
diff --git a/backend/apps/api/src/main/java/dev/cleat/api/controller/VulnerabilityController.java b/backend/apps/api/src/main/java/dev/cleat/api/controller/VulnerabilityController.java
@@ -0,0 +1,36 @@
+package dev.cleat.api.controller;
+
+import dev.cleat.common.dto.request.VulnerabilityRequestDto;
+import dev.cleat.common.dto.response.VulnerabilityResponseDto;
+import dev.cleat.scanning.service.VulnerabilityService;
+import java.util.UUID;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/api/v1/vulnerabilities")
+public class VulnerabilityController {
+
+    private final VulnerabilityService vulnerabilityService;
+
+    public VulnerabilityController(VulnerabilityService vulnerabilityService) {
+        this.vulnerabilityService = vulnerabilityService;
+    }
+
+    @PostMapping
+    public ResponseEntity<VulnerabilityResponseDto> createVulnerability(
+            @RequestBody VulnerabilityRequestDto vulnerabilityRequestDto) {
+        return ResponseEntity.status(HttpStatus.CREATED).body(vulnerabilityService.create(vulnerabilityRequestDto));
+    }
+
+    @GetMapping("/{id}")
+    public ResponseEntity<VulnerabilityResponseDto> getVulnerability(@PathVariable UUID id) {
+        return ResponseEntity.ok(vulnerabilityService.findById(id));
+    }
+}
diff --git a/backend/apps/api/src/main/java/dev/cleat/api/exception/GlobalExceptionHandler.java b/backend/apps/api/src/main/java/dev/cleat/api/exception/GlobalExceptionHandler.java
@@ -0,0 +1,33 @@
+package dev.cleat.api.exception;
+
+import dev.cleat.common.exception.NotFoundException;
+import java.util.Map;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+import org.springframework.web.server.ResponseStatusException;
+
+@RestControllerAdvice
+public class GlobalExceptionHandler {
+    private static final Logger LOG = LoggerFactory.getLogger(GlobalExceptionHandler.class);
+
+    @ExceptionHandler(NotFoundException.class)
+    public ResponseEntity<Map<String, String>> handleNotFound(NotFoundException ex) {
+        LOG.info("Resource not found: {}", ex.getMessage());
+        return ResponseEntity.status(HttpStatus.NOT_FOUND).body(Map.of("error", ex.getMessage()));
+    }
+
+    @ExceptionHandler(Exception.class)
+    public ResponseEntity<Map<String, String>> handleGeneralException(Exception ex) {
+
+        if (ex instanceof ResponseStatusException) {
+            throw (ResponseStatusException) ex;
+        }
+        LOG.error("Unhandled exception occurred: ", ex);
+        return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+                .body(Map.of("error", "An unexpected error occurred"));
+    }
+}
diff --git a/backend/apps/api/src/test/java/dev/cleat/api/AbstractIntegrationTest.java b/backend/apps/api/src/test/java/dev/cleat/api/AbstractIntegrationTest.java
@@ -1,14 +1,12 @@
 package dev.cleat.api;
 
-import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.testcontainers.service.connection.ServiceConnection;
 import org.testcontainers.containers.GenericContainer;
 import org.testcontainers.containers.PostgreSQLContainer;
 import org.testcontainers.junit.jupiter.Container;
 import org.testcontainers.junit.jupiter.Testcontainers;
 
 @Testcontainers
-@SpringBootTest
 public abstract class AbstractIntegrationTest {
 
     @Container

diff --git a/backend/apps/api/src/test/java/dev/cleat/api/CleatApiTests.java b/backend/apps/api/src/test/java/dev/cleat/api/CleatApiTests.java
@@ -2,8 +2,10 @@
 
 import org.junit.jupiter.api.Test;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.annotation.DirtiesContext;
 
-@SpringBootTest
+@SpringBootTest(classes = CleatApiApplication.class)
+@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_EACH_TEST_METHOD)
 public class CleatApiTests extends AbstractIntegrationTest {
 
     @Test

diff --git a/backend/apps/api/src/test/java/dev/cleat/api/CodeScanAlertControllerTest.java b/backend/apps/api/src/test/java/dev/cleat/api/CodeScanAlertControllerTest.java
@@ -0,0 +1,45 @@
+package dev.cleat.api;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import dev.cleat.api.controller.CodeScanAlertController;
+import dev.cleat.common.dto.request.CodeScanAlertRequestDto;
+import dev.cleat.scanning.service.CodeScanAlertService;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.http.MediaType;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.bean.override.mockito.MockitoBean;
+import org.springframework.test.web.servlet.MockMvc;
+
+@WebMvcTest(CodeScanAlertController.class)
+@AutoConfigureMockMvc(addFilters = false)
+@ContextConfiguration(classes = CodeScanAlertController.class)
+public class CodeScanAlertControllerTest {
+
+    @Autowired
+    private MockMvc mockMvc;
+
+    @Autowired
+    private ObjectMapper objectMapper;
+
+    @MockitoBean
+    private CodeScanAlertService codeScanAlertService;
+
+    @Test
+    void whenCreateCodeScanAlertThenShouldBeReturn201() throws Exception {
+
+        // given
+        CodeScanAlertRequestDto codeScanAlertRequestDto = new CodeScanAlertRequestDto();
+
+        // then
+        mockMvc.perform(post("/api/v1/alerts")
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .content(objectMapper.writeValueAsString(codeScanAlertRequestDto)))
+                .andExpect(status().isCreated());
+    }
+}
diff --git a/backend/apps/api/src/test/java/dev/cleat/api/SecretFindingControllerTest.java b/backend/apps/api/src/test/java/dev/cleat/api/SecretFindingControllerTest.java
@@ -0,0 +1,45 @@
+package dev.cleat.api;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import dev.cleat.api.controller.SecretFindingController;
+import dev.cleat.common.dto.request.SecretFindingRequestDto;
+import dev.cleat.scanning.service.SecretFindingService;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.http.MediaType;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.bean.override.mockito.MockitoBean;
+import org.springframework.test.web.servlet.MockMvc;
+
+@WebMvcTest(SecretFindingController.class)
+@AutoConfigureMockMvc(addFilters = false)
+@ContextConfiguration(classes = {SecretFindingController.class})
+public class SecretFindingControllerTest {
+
+    @Autowired
+    private MockMvc mockMvc;
+
+    @Autowired
+    private ObjectMapper objectMapper;
+
+    @MockitoBean
+    private SecretFindingService secretFindingService;
+
+    @Test
+    void whenCreateSecretThenShouldReturn201() throws Exception {
+
+        // given
+        SecretFindingRequestDto secretFindingRequestDto = new SecretFindingRequestDto();
+
+        // then
+        mockMvc.perform(post("/api/v1/secrets")
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .content(objectMapper.writeValueAsString(secretFindingRequestDto)))
+                .andExpect(status().isCreated());
+    }
+}
diff --git a/backend/apps/api/src/test/java/dev/cleat/api/VulnerabilityControllerTest.java b/backend/apps/api/src/test/java/dev/cleat/api/VulnerabilityControllerTest.java
@@ -0,0 +1,45 @@
+package dev.cleat.api;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import dev.cleat.api.controller.VulnerabilityController;
+import dev.cleat.common.dto.request.VulnerabilityRequestDto;
+import dev.cleat.scanning.service.VulnerabilityService;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.http.MediaType;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.bean.override.mockito.MockitoBean;
+import org.springframework.test.web.servlet.MockMvc;
+
+@WebMvcTest(VulnerabilityController.class)
+@AutoConfigureMockMvc(addFilters = false)
+@ContextConfiguration(classes = {VulnerabilityController.class})
+public class VulnerabilityControllerTest {
+
+    @Autowired
+    private MockMvc mockMvc;
+
+    @Autowired
+    private ObjectMapper objectMapper;
+
+    @MockitoBean
+    private VulnerabilityService vulnerabilityService;
+
+    @Test
+    void whenCreateVulnerabilityThenShouldReturn201() throws Exception {
+
+        // given
+        VulnerabilityRequestDto vulnerabilityRequestDto = new VulnerabilityRequestDto();
+
+        // then
+        mockMvc.perform(post("/api/v1/vulnerabilities")
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .content(objectMapper.writeValueAsString(vulnerabilityRequestDto)))
+                .andExpect(status().isCreated());
+    }
+}
diff --git a/backend/apps/worker/build.gradle.kts b/backend/apps/worker/build.gradle.kts
@@ -14,8 +14,9 @@ dependencies {
     implementation("org.springframework.boot:spring-boot-starter-actuator")
 
     testImplementation("org.springframework.boot:spring-boot-starter-test")
-          testImplementation("org.testcontainers:junit-jupiter")
-          testImplementation("org.testcontainers:postgresql")
-          testImplementation("org.testcontainers:testcontainers")
-          testImplementation("org.springframework.boot:spring-boot-testcontainers")
+    testImplementation("org.testcontainers:junit-jupiter")
+    testImplementation("org.testcontainers:postgresql")
+    testImplementation("org.testcontainers:testcontainers")
+    testImplementation("org.springframework.boot:spring-boot-testcontainers")
+
 }
diff --git a/backend/apps/worker/src/main/java/dev/cleat/worker/CleatWorkerApplication.java b/backend/apps/worker/src/main/java/dev/cleat/worker/CleatWorkerApplication.java
@@ -2,9 +2,20 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.domain.EntityScan;
+import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 import org.springframework.scheduling.annotation.EnableScheduling;
 
-@SpringBootApplication
+@SpringBootApplication(
+        scanBasePackages = {
+            "dev.cleat.persistence",
+            "dev.cleat.scanning",
+            "dev.cleat.worker",
+            "dev.cleat.domain",
+            "dev.cleat.common"
+        })
+@EnableJpaRepositories(basePackages = "dev.cleat.persistence.repository")
+@EntityScan(basePackages = "dev.cleat.persistence.entity")
 @EnableScheduling
 public class CleatWorkerApplication {