feat: add Security Summary page under OSS Health

[tym83]

Summary

• Add Security Summary page at /oss-health/security/ under the OSS Health dropdown menu
• Displays monthly public security report: new CVEs, fixed vulnerabilities, in-progress fixes, accepted risks
• Data loaded from data/security/monthly.json (updated automatically by the security scanner pipeline monthly)
• Styled consistently with the site (cards, tables, Cozystack theme)
• Includes links to PVR and security email for vulnerability reporting

How it works

1. Security scanner pipeline runs monthly.py on the 1st of each month
2. Generates latest.json with triaged security data
3. Workflow creates a PR to this repo updating data/security/monthly.json
4. After merge, Netlify rebuilds the site with fresh data

Files

• hugo.yaml — add OSS Health menu with Security Summary item
• content/en/oss-health/security/_index.md — page content
• layouts/oss-health/security.html — page template with cards and tables
• layouts/oss-health/baseof.html — base template with header/footer
• assets/scss/_security.scss — page styles
• data/security/monthly.json — placeholder data (populated by CI)

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features
  • Added OSS Health section to the main navigation menu
  • Introduced Security Summary page displaying monthly security metrics with summary cards
  • Security page includes detailed table views for tracking vulnerabilities (new, fixed, in-progress, accepted risks)
  • Added security reporting contact information and NVD reference links

[netlify]

✅ Deploy Preview for cozystack ready!

Name	Link
🔨 Latest commit	0b569cb
🔍 Latest deploy log	https://app.netlify.com/projects/cozystack/deploys/69d510adc1df490008b4e312
😎 Deploy Preview	https://deploy-preview-473--cozystack.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new OSS Health section for the Cozystack project is being added, featuring a Security Summary page that displays monthly security metrics and vulnerability tracking data. The implementation includes new styling, Hugo templates, navigation entries, documentation pages, and a JSON data schema.

Changes

Cohort / File(s)	Summary
Styling & Templates assets/scss/_security.scss, assets/scss/main.scss, layouts/oss-health/baseof.html, layouts/oss-health/security.html	New SCSS partial defining .security-page, .security-card, and related component styles with responsive margins and hover effects. Base layout template for OSS Health section with standard header/footer structure. Security page template renders monthly vulnerability reports with metric cards and sortable tables for fixed, in-progress, and accepted-risk vulnerabilities.
Documentation Pages content/en/oss-health/_index.md, content/en/oss-health/security/_index.md	New content pages establishing the OSS Health documentation section with a Security Summary child page, each configured with appropriate front matter and content type settings.
Site Configuration & Data hugo.yaml, data/security/monthly.json	Added navigation menu items for OSS Health and Security Summary in the main site menu. New JSON schema defining the structure for monthly security reports with fields for month, vulnerability counts, and categorized vulnerability lists.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 Hop, skip, and a security bound,
New pages blooming all around,
With styles so fine and templates bright,
The Health OSS shines in the site's light! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title clearly and concisely summarizes the main change: adding a Security Summary page under OSS Health. It is directly related to the primary objective of the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces an 'OSS Health' section and a 'Security Summary' page, including the necessary SCSS, content files, data structures, and Hugo templates. The review feedback suggests improving template robustness by using dot notation for safer data access and providing default values for metrics. It also recommends adding a URL to the 'OSS Health' menu item to improve navigation.

[gemini-code-assist]

Using the index function on .Site.Data.security is risky because it will cause a build failure if the security key is missing from .Site.Data (e.g., if the data/security/ directory does not exist). Hugo's dot notation is safer as it gracefully returns nil if any part of the path is missing.

Suggested change

	{{ $data := index .Site.Data.security "monthly" }}
	{{ $data := .Site.Data.security.monthly }}

[gemini-code-assist]

Accessing nested fields like $data.stats.total_tracked can lead to empty values in the UI if the stats object is missing or null in the JSON data. Using the default filter ensures that the card always displays a fallback value (like 0) instead of being blank.

Suggested change

	<div class="security-value">{{ $data.stats.total_tracked }}</div>
	<div class="security-value">{{ $data.stats.total_tracked | default 0 }}</div>

[gemini-code-assist]

The OSS Health menu item is currently defined without a URL. While it serves as a parent for the Security Summary item, it's better to link it to the overview page at /oss-health/ (which exists in the content directory) so that users can click the top-level menu item to see the section landing page.

  - name: OSS Health
    url: /oss-health/
    weight: 3
    identifier: oss-health

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

layouts/oss-health/baseof.html (1)

6-10: Align section base layout with site-wide base conventions.

Line 6 and Line 10 omit two patterns used in other base templates (body_class extension and announcement banner), which can cause inconsistent UX between sections.

♻️ Proposed alignment diff

-  <body class="td-{{ .Kind }}">
+  <body class="td-{{ .Kind }}{{ with .Page.Params.body_class }} {{ . }}{{ end }}">
     <header>
       {{ partial "navbar.html" . }}
     </header>
+    {{ partial "announcement-banner.html" . }}
     <div class="container-fluid td-outer">

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@layouts/oss-health/baseof.html` around lines 6 - 10, Update the base layout
to follow site-wide conventions by replacing the hardcoded body class with a
block override and adding the announcement partial: change the body tag from
class="td-{{ .Kind }}" to use a block like {{ block "body_class" . }}td-{{ .Kind
}}{{ end }} so sections can extend body_class, and insert the announcement
banner partial (partial "announcement.html" .) near the header (e.g.,
immediately after {{ partial "navbar.html" . }}) to ensure the announcement
displays consistently across sections.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@assets/scss/main.scss`:
- Line 152: The `@import` "security" statement is placed after non-import rules
causing a SCSS lint failure (no-invalid-position-at-import-rule); move the
`@import` "security" line into the top import block alongside the other `@import`
statements (i.e., relocate the `@import` "security" declaration so it appears
before any non-import rules in main.scss) to satisfy the linter.

---

Nitpick comments:
In `@layouts/oss-health/baseof.html`:
- Around line 6-10: Update the base layout to follow site-wide conventions by
replacing the hardcoded body class with a block override and adding the
announcement partial: change the body tag from class="td-{{ .Kind }}" to use a
block like {{ block "body_class" . }}td-{{ .Kind }}{{ end }} so sections can
extend body_class, and insert the announcement banner partial (partial
"announcement.html" .) near the header (e.g., immediately after {{ partial
"navbar.html" . }}) to ensure the announcement displays consistently across
sections.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2adecd0a-d066-45ad-a399-69c19df35fe2

📥 Commits

Reviewing files that changed from the base of the PR and between 28ae3dc and 0b569cb.

📒 Files selected for processing (8)

• assets/scss/_security.scss
• assets/scss/main.scss
• content/en/oss-health/_index.md
• content/en/oss-health/security/_index.md
• data/security/monthly.json
• hugo.yaml
• layouts/oss-health/baseof.html
• layouts/oss-health/security.html

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify no `@import` appears after first non-import statement in assets/scss/main.scss
awk '
  BEGIN { seen_non_import=0; bad=0 }
  /^[[:space:]]*\/\// { next }                           # skip single-line comments
  /^[[:space:]]*$/ { next }                              # skip blanks
  /^[[:space:]]*@import[[:space:]]+/ {
    if (seen_non_import) { print "Late import at line " NR ": " $0; bad=1 }
    next
  }
  { seen_non_import=1 }
  END { exit bad }
' assets/scss/main.scss

Repository: cozystack/website

Length of output: 881

---

Move the @import "security" statement above non-import rules to pass SCSS linting.

The import at line 152 violates no-invalid-position-at-import-rule, which fails CI. Relocate it to the top import block with other @import statements.

Suggested fix

 // Import Docsy components
 `@import` "docsy/variables_project_after_bs";
 `@import` "docsy/support/utilities";
@@
 `@import` "docsy/support/rtl";
+@import "security";

-@import "security";

🧰 Tools

🪛 Stylelint (17.6.0)

[error] 152-152: Unexpected invalid position @import rule (no-invalid-position-at-import-rule)

(no-invalid-position-at-import-rule)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@assets/scss/main.scss` at line 152, The `@import` "security" statement is
placed after non-import rules causing a SCSS lint failure
(no-invalid-position-at-import-rule); move the `@import` "security" line into the
top import block alongside the other `@import` statements (i.e., relocate the
`@import` "security" declaration so it appears before any non-import rules in
main.scss) to satisfy the linter.