## Goal Add SAST and supply-chain scanning to CI. ## Tasks - SonarQube project + GitHub Action integration - OWASP Dependency-Check (or Maven equivalent) in CI - Fail build on configured severity thresholds ## Acceptance criteria - [ ] SonarQube analysis runs on PRs - [ ] Dependency scan runs on PRs and reports vulnerabilities
Goal
Add SAST and supply-chain scanning to CI.
Tasks
Acceptance criteria