familienarchiv

Author	SHA1	Message	Date
Marcel	f15ea031d1	ci(security): add Semgrep XXE rule and CI scan job All checks were successful CI / Unit & Component Tests (pull_request) Successful in 3m2s Details CI / OCR Service Tests (pull_request) Successful in 18s Details CI / Backend Unit Tests (pull_request) Successful in 3m3s Details CI / fail2ban Regex (pull_request) Successful in 40s Details CI / Semgrep Security Scan (pull_request) Successful in 1m11s Details CI / Compose Bucket Idempotency (pull_request) Successful in 1m1s Details Add .semgrep/security.yml with rules for DocumentBuilderFactory, SAXParserFactory, and XMLInputFactory without XXE hardening (CWE-611). Add semgrep-scan CI job — runs in parallel with backend-unit-tests, local rules only, --error flag fails the build on any match. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-17 14:48:46 +02:00