feat: add Security Summary page under OSS Health

[tym83]

Summary

• Add Security Summary page at /oss-health/security/ under the OSS Health dropdown menu
• Displays monthly public security report: new CVEs, fixed vulnerabilities, in-progress fixes, accepted risks
• Data loaded from data/security/monthly.json (updated automatically by the security scanner pipeline monthly)
• Styled consistently with the site (cards, tables, Cozystack theme)
• Includes links to PVR and security email for vulnerability reporting

How it works

1. Security scanner pipeline runs monthly.py on the 1st of each month
2. Generates latest.json with triaged security data
3. Workflow creates a PR to this repo updating data/security/monthly.json
4. After merge, Netlify rebuilds the site with fresh data

Files

• hugo.yaml — add OSS Health menu with Security Summary item
• content/en/oss-health/security/_index.md — page content
• layouts/oss-health/security.html — page template with cards and tables
• layouts/oss-health/baseof.html — base template with header/footer
• assets/scss/_security.scss — page styles
• data/security/monthly.json — placeholder data (populated by CI)

🤖 Generated with Claude Code

Summary by CodeRabbit

Release Notes

• New Features
  • Added a new "OSS Health" navigation section with a "Security Summary" page
  • Introduced monthly security reporting displaying key metrics: new issues, fixed items, in-progress items, and total tracked vulnerabilities
  • Added detailed CVE tracking tables with NVD links and vulnerability status information

[netlify]

✅ Deploy Preview for cozystack ready!

Name	Link
🔨 Latest commit	e4c9d47
🔍 Latest deploy log	https://app.netlify.com/projects/cozystack/deploys/6a0b234d38830b00089cce5e
😎 Deploy Preview	https://deploy-preview-473--cozystack.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 24d81ec9-a9c6-47ab-877e-6497cbde6b1e

📥 Commits

Reviewing files that changed from the base of the PR and between 0b569cb and e4c9d47.

📒 Files selected for processing (1)

• assets/scss/main.scss

---

📝 Walkthrough

Walkthrough

This PR introduces a new Security Summary page under an OSS Health navigation section. It includes a monthly security report data schema, a Hugo template rendering metric cards and status tables, SCSS styling for the page, a content page entry, and navigation menu links wiring it all together.

Changes

Security Summary Page

Layer / File(s)	Summary
Data schema and page template data/security/monthly.json, layouts/oss-health/security.html	Monthly security report structure initializes tracking fields (month, new_count, fixed, in_progress, accepted_risk, stats), and the template renders metric summary cards and per-CVE status tables (fixed, in-progress, accepted-risk) with NVD links and generated-at timestamps.
Styling and stylesheet wiring assets/scss/_security.scss, assets/scss/main.scss	New security SCSS partial styles the page container (responsive top margin), cards (border-less, rounded, lift-on-hover), icons (primary color), values (large bold), and labels (uppercase, spaced); imported into main stylesheet.
Content page and navigation menu content/en/oss-health/security/_index.md, hugo.yaml	Security index page and layout type configured via front matter; OSS Health parent menu and nested Security Summary child menu link added to main navigation.

🎯 2 (Simple) | ⏱️ ~8 minutes

🐰 A security page springs to life,
With cards that lift through monthly strife,
From schema's shape to styled display,
Fresh data glows in measured way,
Safe routes now guide the visiting sight! 🔐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'feat: add Security Summary page under OSS Health' accurately and concisely describes the primary change: adding a new Security Summary page under the OSS Health section.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces an 'OSS Health' section and a 'Security Summary' page, including the necessary SCSS, content files, data structures, and Hugo templates. The review feedback suggests improving template robustness by using dot notation for safer data access and providing default values for metrics. It also recommends adding a URL to the 'OSS Health' menu item to improve navigation.

[gemini-code-assist]

Using the index function on .Site.Data.security is risky because it will cause a build failure if the security key is missing from .Site.Data (e.g., if the data/security/ directory does not exist). Hugo's dot notation is safer as it gracefully returns nil if any part of the path is missing.

Suggested change

	{{ $data := index .Site.Data.security "monthly" }}
	{{ $data := .Site.Data.security.monthly }}

[gemini-code-assist]

Accessing nested fields like $data.stats.total_tracked can lead to empty values in the UI if the stats object is missing or null in the JSON data. Using the default filter ensures that the card always displays a fallback value (like 0) instead of being blank.

Suggested change

	<div class="security-value">{{ $data.stats.total_tracked }}</div>
	<div class="security-value">{{ $data.stats.total_tracked | default 0 }}</div>

[gemini-code-assist]

The OSS Health menu item is currently defined without a URL. While it serves as a parent for the Security Summary item, it's better to link it to the overview page at /oss-health/ (which exists in the content directory) so that users can click the top-level menu item to see the section landing page.

  - name: OSS Health
    url: /oss-health/
    weight: 3
    identifier: oss-health

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

layouts/oss-health/baseof.html (1)

6-10: Align section base layout with site-wide base conventions.

Line 6 and Line 10 omit two patterns used in other base templates (body_class extension and announcement banner), which can cause inconsistent UX between sections.

♻️ Proposed alignment diff

-  <body class="td-{{ .Kind }}">
+  <body class="td-{{ .Kind }}{{ with .Page.Params.body_class }} {{ . }}{{ end }}">
     <header>
       {{ partial "navbar.html" . }}
     </header>
+    {{ partial "announcement-banner.html" . }}
     <div class="container-fluid td-outer">

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@layouts/oss-health/baseof.html` around lines 6 - 10, Update the base layout
to follow site-wide conventions by replacing the hardcoded body class with a
block override and adding the announcement partial: change the body tag from
class="td-{{ .Kind }}" to use a block like {{ block "body_class" . }}td-{{ .Kind
}}{{ end }} so sections can extend body_class, and insert the announcement
banner partial (partial "announcement.html" .) near the header (e.g.,
immediately after {{ partial "navbar.html" . }}) to ensure the announcement
displays consistently across sections.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@assets/scss/main.scss`:
- Line 152: The `@import` "security" statement is placed after non-import rules
causing a SCSS lint failure (no-invalid-position-at-import-rule); move the
`@import` "security" line into the top import block alongside the other `@import`
statements (i.e., relocate the `@import` "security" declaration so it appears
before any non-import rules in main.scss) to satisfy the linter.

---

Nitpick comments:
In `@layouts/oss-health/baseof.html`:
- Around line 6-10: Update the base layout to follow site-wide conventions by
replacing the hardcoded body class with a block override and adding the
announcement partial: change the body tag from class="td-{{ .Kind }}" to use a
block like {{ block "body_class" . }}td-{{ .Kind }}{{ end }} so sections can
extend body_class, and insert the announcement banner partial (partial
"announcement.html" .) near the header (e.g., immediately after {{ partial
"navbar.html" . }}) to ensure the announcement displays consistently across
sections.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2adecd0a-d066-45ad-a399-69c19df35fe2

📥 Commits

Reviewing files that changed from the base of the PR and between 28ae3dc and 0b569cb.

📒 Files selected for processing (8)

• assets/scss/_security.scss
• assets/scss/main.scss
• content/en/oss-health/_index.md
• content/en/oss-health/security/_index.md
• data/security/monthly.json
• hugo.yaml
• layouts/oss-health/baseof.html
• layouts/oss-health/security.html

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify no `@import` appears after first non-import statement in assets/scss/main.scss
awk '
  BEGIN { seen_non_import=0; bad=0 }
  /^[[:space:]]*\/\// { next }                           # skip single-line comments
  /^[[:space:]]*$/ { next }                              # skip blanks
  /^[[:space:]]*@import[[:space:]]+/ {
    if (seen_non_import) { print "Late import at line " NR ": " $0; bad=1 }
    next
  }
  { seen_non_import=1 }
  END { exit bad }
' assets/scss/main.scss

Repository: cozystack/website

Length of output: 881

---

Move the @import "security" statement above non-import rules to pass SCSS linting.

The import at line 152 violates no-invalid-position-at-import-rule, which fails CI. Relocate it to the top import block with other @import statements.

Suggested fix

 // Import Docsy components
 `@import` "docsy/variables_project_after_bs";
 `@import` "docsy/support/utilities";
@@
 `@import` "docsy/support/rtl";
+@import "security";

-@import "security";

🧰 Tools

🪛 Stylelint (17.6.0)

[error] 152-152: Unexpected invalid position @import rule (no-invalid-position-at-import-rule)

(no-invalid-position-at-import-rule)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@assets/scss/main.scss` at line 152, The `@import` "security" statement is
placed after non-import rules causing a SCSS lint failure
(no-invalid-position-at-import-rule); move the `@import` "security" line into the
top import block alongside the other `@import` statements (i.e., relocate the
`@import` "security" declaration so it appears before any non-import rules in
main.scss) to satisfy the linter.