Description
The GET /health endpoint currently returns {"status": "ok"} regardless of whether semgrep, osv-scanner, or gitleaks are actually installed and reachable on PATH. This means a freshly deployed instance with missing CLI tools appears healthy, and the first scan fails with a confusing error.
What to implement
Extend /health to run shutil.which("semgrep"), shutil.which("osv-scanner"), and shutil.which("gitleaks") and report each as available or missing
Response shape:
json{
"status": "ok",
"scanners": {
"semgrep": true,
"osv-scanner": true,
"gitleaks": false
}
}Return status: "degraded" if any scanner is missing, status: "ok" only when all three are present
Frontend should show a warning banner if status is "degraded"
Acceptance criteria
- /health reports each scanner's availability correctly
- status: "degraded" when any scanner is missing
- Frontend shows a clear warning when status is "degraded"
- Response still returns 200 even when degraded (so load balancers don't drop it)
Description
The GET /health endpoint currently returns {"status": "ok"} regardless of whether semgrep, osv-scanner, or gitleaks are actually installed and reachable on PATH. This means a freshly deployed instance with missing CLI tools appears healthy, and the first scan fails with a confusing error.
What to implement
Extend /health to run shutil.which("semgrep"), shutil.which("osv-scanner"), and shutil.which("gitleaks") and report each as available or missing
Response shape:
Return status: "degraded" if any scanner is missing, status: "ok" only when all three are present
Frontend should show a warning banner if status is "degraded"
Acceptance criteria