Skip to content

Dogfooding: Run security scans on RedLoop codebase #29

Open
Open
Dogfooding: Run security scans on RedLoop codebase#29
Assignees
haroon0x
Labels
devopsDevOps and deploymentfuture-enhancementFuture enhancement beyond current roadmapgood first issueGood for newcomersinfrastructureInfrastructure and DevOpskestraKestra workflow orchestration relatedmetaMeta/dogfooding issuessecuritySecurity related issuestestingTesting infrastructure and test coverage
Milestone
Phase 5: Documentation & Polish
@coderabbitai

Description

@coderabbitai
coderabbitai
bot
opened on Dec 9, 2025

Description

Use RedLoop to scan its own codebase for vulnerabilities (meta security testing!). Also integrate additional SAST tools.

Requirements

RedLoop Self-Scan

  • Run RedLoop adversary agent on the RedLoop repository
  • Document findings and fixes
  • Ensure RedLoop can handle its own codebase

SAST Tools Integration

  • Bandit for Python security issues
  • Semgrep with security rulesets
  • npm audit for frontend dependencies
  • Safety for Python dependency vulnerabilities

CI Integration

  • Add SAST checks to GitHub Actions workflow
  • Fail CI on high/critical vulnerabilities
  • Generate security reports

Acceptance Criteria

  • RedLoop successfully scans itself
  • Bandit, Semgrep integrated in CI
  • Security scan badges in README
  • No high/critical vulnerabilities in codebase
  • Document self-scan results

Context

Requested by @haroon0x in issue #1

Validates RedLoop's capabilities and ensures the security tool is itself secure.

Metadata

Metadata

Assignees

Labels

devopsDevOps and deploymentfuture-enhancementFuture enhancement beyond current roadmapgood first issueGood for newcomersinfrastructureInfrastructure and DevOpskestraKestra workflow orchestration relatedmetaMeta/dogfooding issuessecuritySecurity related issuestestingTesting infrastructure and test coverage

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions