feat: add Security Summary page under OSS Health

assets/scss/_security.scss

@@ -0,0 +1,49 @@
+/* security summary page */
+
+.security-page {
+  margin-top: 4rem;
+
+  @include media-breakpoint-down(sm) {
+    margin-top: 2rem;
+  }
+
+  .security-card {
+    border: none;
+    border-radius: 0.75rem;
+    transition: transform 0.15s ease;
+
+    &:hover {
+      transform: translateY(-2px);
+    }
+
+    .security-icon {
+      font-size: 1.75rem;
+      color: $primary;
+      margin-bottom: 0.5rem;
+    }
+
+    .security-value {
+      font-size: 2.5rem;
+      font-weight: 700;
+      color: $cozy-black;
+      line-height: 1.2;
+    }
+
+    .security-label {
+      font-size: 0.95rem;
+      font-weight: 600;
+      color: $cozy-mid-gray;
+      text-transform: uppercase;
+      letter-spacing: 0.05em;
+      margin-top: 0.25rem;
+    }
+  }
+
+  .table code {
+    color: $primary;
+    font-weight: 500;
+    background: rgba($primary, 0.06);
+    padding: 0.15rem 0.4rem;
+    border-radius: 0.25rem;
+  }
+}

assets/scss/main.scss

@@ -162,4 +162,5 @@ a {
 @import "announcement-banner";
 @import "tabs_alerts";
 @import "override-docsy-tabs";
+@import "security";
 @import "telemetry";

content/en/oss-health/security/_index.md

@@ -0,0 +1,6 @@
+---
+title: Security Summary
+description: Monthly public security summary for the Cozystack project
+type: oss-health
+layout: security
+---

data/security/monthly.json

@@ -0,0 +1,13 @@
+{
+  "month": "",
+  "generated_at": "",
+  "new_count": 0,
+  "fixed": [],
+  "in_progress": [],
+  "accepted_risk": [],
+  "stats": {
+    "total_tracked": 0,
+    "total_triaged": 0,
+    "false_positives": 0
+  }
+}

hugo.yaml

@@ -217,27 +217,31 @@ params:
 menus:
   main:
   - name: OSS Health
-    identifier: oss-health
     weight: 35
+    identifier: oss-health
+  - name: Security Summary
+    parent: oss-health
+    url: /oss-health/security/
+    weight: 1
   - name: Telemetry
     url: /oss-health/telemetry/
     parent: oss-health
-    weight: 1
+    weight: 2
   - name: DevStats
     url: /oss-health/devstats/
     parent: oss-health
-    weight: 2
+    weight: 3
   - name: OpenSSF
     url: /oss-health/openssf/
     parent: oss-health
-    weight: 3
+    weight: 4
   - name: OSS Insight
     url: /oss-health/oss-insight/
     parent: oss-health
-    weight: 4
+    weight: 5
   - name: Enterprise support
     url: /support
-    weight: 5
+    weight: 6
   - name: GitHub
     url: https://github.com/cozystack/cozystack
     weight: 10

layouts/oss-health/security.html

@@ -0,0 +1,147 @@
+{{ define "main" }}
+{{ $data := index .Site.Data.security "monthly" }}
+
+<div class="security-page container py-5">
+  <div class="text-center mb-5">
+    <h1 class="display-5 fw-bold">Security Summary</h1>
+    <p class="lead text-muted">Monthly public security report for the Cozystack project.</p>
+  </div>
+
+  {{ if and $data $data.month (ne $data.month "") }}
+
+  <h3 class="text-center mb-4">{{ $data.month }}</h3>
+
+  <!-- Overview cards -->
+  <div class="row g-3 mb-5">
+    <div class="col-md-3 col-sm-6">
+      <div class="card text-center h-100 shadow-sm security-card">
+        <div class="card-body">
+          <div class="security-icon"><i class="fas fa-shield-alt"></i></div>
+          <div class="security-value">{{ $data.new_count }}</div>
+          <div class="security-label">New This Month</div>
+        </div>
+      </div>
+    </div>
+    <div class="col-md-3 col-sm-6">
+      <div class="card text-center h-100 shadow-sm security-card">
+        <div class="card-body">
+          <div class="security-icon text-success"><i class="fas fa-check-circle"></i></div>
+          <div class="security-value">{{ len $data.fixed }}</div>
+          <div class="security-label">Fixed</div>
+        </div>
+      </div>
+    </div>
+    <div class="col-md-3 col-sm-6">
+      <div class="card text-center h-100 shadow-sm security-card">
+        <div class="card-body">
+          <div class="security-icon text-warning"><i class="fas fa-wrench"></i></div>
+          <div class="security-value">{{ len $data.in_progress }}</div>
+          <div class="security-label">In Progress</div>
+        </div>
+      </div>
+    </div>
+    <div class="col-md-3 col-sm-6">
+      <div class="card text-center h-100 shadow-sm security-card">
+        <div class="card-body">
+          <div class="security-icon text-info"><i class="fas fa-info-circle"></i></div>
+          <div class="security-value">{{ $data.stats.total_tracked }}</div>
+          <div class="security-label">Total Tracked</div>
+        </div>
+      </div>
+    </div>
+  </div>
+
+  <!-- Fixed vulnerabilities -->
+  {{ if $data.fixed }}
+  <h5 class="mb-3"><i class="fas fa-check-circle text-success me-2"></i>Security Updates Released</h5>
+  <div class="table-responsive mb-5">
+    <table class="table table-striped table-hover">
+      <thead class="table-success">
+        <tr><th>CVE</th><th>Severity</th><th>Package</th><th>Fixed Version</th></tr>
+      </thead>
+      <tbody>
+        {{ range $data.fixed }}
+        <tr>
+          <td><a href="https://nvd.nist.gov/vuln/detail/{{ .cve_id }}"><code>{{ .cve_id }}</code></a></td>
+          <td>{{ .severity }}</td>
+          <td><code>{{ .package }}</code></td>
+          <td><code>{{ .fixed_version }}</code></td>
+        </tr>
+        {{ end }}
+      </tbody>
+    </table>
+  </div>
+  {{ end }}
+
+  <!-- In progress -->
+  {{ if $data.in_progress }}
+  <h5 class="mb-3"><i class="fas fa-wrench text-warning me-2"></i>In Progress</h5>
+  <div class="table-responsive mb-5">
+    <table class="table table-striped table-hover">
+      <thead class="table-warning">
+        <tr><th>CVE</th><th>Severity</th><th>Package</th><th>Status</th></tr>
+      </thead>
+      <tbody>
+        {{ range $data.in_progress }}
+        <tr>
+          <td><a href="https://nvd.nist.gov/vuln/detail/{{ .cve_id }}"><code>{{ .cve_id }}</code></a></td>
+          <td>{{ .severity }}</td>
+          <td><code>{{ .package }}</code></td>
+          <td>Fix in progress</td>
+        </tr>
+        {{ end }}
+      </tbody>
+    </table>
+  </div>
+  {{ end }}
+
+  <!-- Accepted risk -->
+  {{ if $data.accepted_risk }}
+  <h5 class="mb-3"><i class="fas fa-info-circle text-info me-2"></i>Accepted Risks</h5>
+  <div class="table-responsive mb-5">
+    <table class="table table-striped table-hover">
+      <thead class="table-info">
+        <tr><th>CVE</th><th>Severity</th><th>Package</th><th>Reason</th></tr>
+      </thead>
+      <tbody>
+        {{ range $data.accepted_risk }}
+        <tr>
+          <td><a href="https://nvd.nist.gov/vuln/detail/{{ .cve_id }}"><code>{{ .cve_id }}</code></a></td>
+          <td>{{ .severity }}</td>
+          <td><code>{{ .package }}</code></td>
+          <td>{{ .reason }}</td>
+        </tr>
+        {{ end }}
+      </tbody>
+    </table>
+  </div>
+  {{ end }}
+
+  {{ if $data.generated_at }}
+  <p class="text-center text-muted mt-4">
+    <small>Report generated: {{ $data.generated_at }}</small>
+  </p>
+  {{ end }}
+
+  {{ else }}
+
+  <div class="text-center py-5">
+    <div class="mb-3"><i class="fas fa-shield-alt fa-3x text-muted"></i></div>
+    <h4 class="text-muted">No security summary available yet</h4>
+    <p class="text-muted">The first monthly report will appear here after the next reporting cycle.</p>
+  </div>
+
+  {{ end }}
+
+  <div class="text-center mt-5 mb-3">
+    <p class="text-muted">
+      <small>
+        To report a vulnerability, use
+        <a href="https://github.com/cozystack/cozystack/security/advisories/new">GitHub Private Vulnerability Reporting</a>
+        or email <a href="mailto:cncf-cozystack-security@lists.cncf.io">cncf-cozystack-security@lists.cncf.io</a>.
+      </small>
+    </p>
+  </div>
+</div>
+
+{{ end }}