devgateway · sdimunzio · Apr 24, 2026 · Apr 24, 2026 · Apr 24, 2026 · Apr 24, 2026
diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
@@ -0,0 +1,12 @@
+Base Behavior
+Continue to perform your standard code review, summarization, and bug detection as usual.
+Do not suppress your default helpful observations or summaries.
+
+Sensitive data review
+	Flag and require review and possible removal, whenever you detect PII, passwords, keys, potential client/private data, and/or related sensitive data committed to the repository.
+
+Dependencies license review
+	Flag and require review and possible removal or replace with alternatives, whenever you detect directly added licensed code or dependency libraries being imported through dependency managers (maven, npm, pip, etc), that are not in line with the current repository license terms, as saved in the LICENSE file in the project root. For this particular repository, the license being used right now is Apache License Version 2.0. Flag any dependency and/or code imported or used, that is licensed with a commercial license, as particularly high risk. Flag any AGPL or similar strong copyleft licenses as very hi risk. Only open source licenses are allowed that are not strong copyleft. Flag dependencies with missing/unknown licenses.
+
+Security Review
+	Perform a review of potential issues exposing vulnerabilities in code that can be easily exploited by third parties, if they have access to this repository source code - unprotected endpoints or ports, simple default passwords, unsafe authentication methods, unencrypted communication, etc.
diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml
diff --git a/.gitignore b/.gitignore
@@ -18,3 +18,4 @@ target
 ***REMOVED*** Secret purge script and artifacts
 purge-secrets.sh
 replacements.txt
+.vscode
diff --git a/.gitleaks.toml b/.gitleaks.toml
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -3,7 +3,7 @@ services:
     image: postgres:16.8
     environment:
       POSTGRES_USER: postgres
-      ***REMOVED*** SECURITY: Override with a strong password in production via POSTGRES_PASSWORD env var
+      # REMOVED*** SECURITY: Override with a strong password in production via POSTGRES_PASSWORD env var
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-admin}
       POSTGRES_DB: viz
     ports:
@@ -16,7 +16,6 @@ services:
     networks:
       backend-api:
 
-
   eureka:
     build:
       context: ./registry
@@ -36,15 +35,13 @@ services:
     networks:
       backend-api:
 
-
   api-gateway:
     build:
       context: ./api-gateway
       dockerfile: Dockerfile
     environment:
       SPRING_DATASOURCE_URL: "jdbc:postgresql://postgres:5432/viz"
-      SPRING_DATASOURCE_USERNAME: "postgres"
-      ***REMOVED*** SECURITY: Override with a strong password via SPRING_DATASOURCE_PASSWORD env var in production
+      SPRING_DATASOURCE_USERNAME: "postgres" # SECURITY: Override with a strong password via SPRING_DATASOURCE_PASSWORD env var in production
       SPRING_DATASOURCE_PASSWORD: ${SPRING_DATASOURCE_PASSWORD:-admin}
       JAVA_OPTS: "-Xmx512m -Xms512m -XX:+UseG1GC -XX:InitialHeapSize=512m -XX:MaxHeapSize=512m -XX:+ParallelRefProcEnabled"
     ports:
@@ -55,7 +52,6 @@ services:
     networks:
       backend-api:
 
-
   api-security:
     build:
       context: ./api-security
@@ -71,7 +67,6 @@ services:
     networks:
       backend-api:
 
-
   superset-proxy:
     build:
       context: ./superset-proxy
@@ -88,7 +83,7 @@ services:
       SPRING_APPLICATION_NAME: "superset-proxy"
       SPRING_DATA_REDIS_HOST: "cache"
       SPRING_DATA_REDIS_PORT: "6379"
-      ***REMOVED*** SECURITY: Override with a strong password via SPRING_DATA_REDIS_PASSWORD env var in production
+      #SECURITY: Override with a strong password via SPRING_DATA_REDIS_PASSWORD env var in production
       SPRING_DATA_REDIS_PASSWORD: ${SPRING_DATA_REDIS_PASSWORD:-admin}
       SPRING_DATA_CACHE_TYPE: "redis"
     ports:
@@ -100,7 +95,6 @@ services:
     networks:
       backend-api:
 
-
   cache:
     image: redis:6.2-alpine
     restart: always
@@ -115,6 +109,5 @@ services:
 volumes:
   cache:
 
-
 networks:
   backend-api:
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,4 +1,4 @@
-***REMOVED***!/bin/bash
+#!/bin/bash
 
  		PROP_FILE="/etc/$1.properties"
 	  truncate -s 0 $PROP_FILE

diff --git a/gitleaks-report.json b/gitleaks-report.json
diff --git a/superset-proxy/entrypoint.sh b/superset-proxy/entrypoint.sh
@@ -1,4 +1,4 @@
-***REMOVED***!/bin/bash
+#!/bin/bash
 
  		PROP_FILE="/etc/$1.properties"
 	  truncate -s 0 $PROP_FILE
@@ -13,15 +13,15 @@ to_camel_case() {
   local output=""
   IFS='/' read -ra parts <<< "$input"
   output="${parts[0]}"
-  for ((i=1; i<${***REMOVED***parts[@]}; i++)); do
+  for ((i=1; i<${#parts[@]}; i++)); do
     part="${parts[i]}"
     output+="${part^}"
   done
   echo "$output"
 }
 
-    ***REMOVED***EUREKA_CLIENT_SERVICE/URL_DEFAULT/ZONE
-    ***REMOVED***eureka.client.serviceUrl.defaultZone
+    #EUREKA_CLIENT_SERVICE/URL_DEFAULT/ZONE
+    #eureka.client.serviceUrl.defaultZone
 
     while IFS='=' read -r -d '' n v; do
       if [[ $n == SPRING_* || $n == EUREKA_* ]]; then
@@ -60,9 +60,9 @@ to_camel_case() {
 
 
     echo  'server.compression.enabled=true' >> $PROP_FILE
-    echo  '***REMOVED*** ========================================
-           ***REMOVED*** GZIP Compression Settings for Spring Boot
-           ***REMOVED*** ========================================
+    echo  '# ========================================
+           # GZIP Compression Settings for Spring Boot
+           # ========================================
            server.compression.enabled=true
            server.compression.mime-types=application/json,application/xml,text/html,text/xml,text/plain
            server.compression.min-response-size=1024