API caller for AquaSec full repository scan report

[tmikula-dev]

Background

We found out that the AquaSec documentation contains an API specification, which can replace our incomplete full repo scan using open-source Trivy tool. At the moment we can scan only 4/6 areas (still missing SAST and Pipeline).

Feature

API caller for AquaSec full repository scan report.

Proposed Solution [Optional]

Solution Ideas:

1. Read the API documentation
2. Implement the AquaSec report instead of our local Trivy scan
3. Upload the Aqua SARIF output into the GitHub Security Tab

[coderabbitai]

A summary of the changes CodeRabbit can apply:

• Add scripts/aquasec_scanner.py (new AquaSec API client/CLI), add .github/workflows/aquasec_repository_scan.yml (CI workflow), add IMPLEMENTATION_SUMMARY.md, docs/AQUASEC_INTEGRATION.md, scripts/README.md, update DEVELOPER.md and .gitignore — replacing the Trivy-based scanner with a production-ready AquaSec integration that performs full repo scans across all 6 security areas, outputs SARIF, uploads results to GitHub Security, and posts PR summary comments.

• Add full AquaSec repository scanning integration: introduce a new GitHub Actions workflow (.github/workflows/aquasec_repository_scan.yml) that runs the new Python scanner (scripts/aquasec_scanner.py) and uploads SARIF results, add scanner docs (scripts/README.md, docs/AQUASEC_INTEGRATION.md), add implementation notes (IMPLEMENTATION_SUMMARY.md), and update DEVELOPER.md and .gitignore to document usage and ignore SARIF outputs.

• Executed edits - (🔄 Check again to try again)

[coderabbitai]

Caution

The CodeRabbit agent's plans did not produce any file changes.