mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 23:21:30 +00:00
Shankar
be85fbd77e
M21 adds server-side active TLS scanning of CIDR ranges with concurrent probing, sentinel agent pattern for pipeline reuse, and full CRUD API for scan targets. M22 adds Prometheus exposition format endpoint alongside existing JSON metrics. Comprehensive documentation audit updates all docs to reflect 91 endpoints, 19 tables, 6 scheduler loops, and 900+ tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
22 lines
953 B
SQL
22 lines
953 B
SQL
-- Migration 000007: Network Discovery (Active TLS Scanning)
|
|
-- The control plane actively scans network endpoints for TLS certificates.
|
|
-- Results feed into the existing discovery pipeline (discovered_certificates table).
|
|
|
|
-- Network scan targets define CIDR ranges and ports to probe for TLS certificates
|
|
CREATE TABLE IF NOT EXISTS network_scan_targets (
|
|
id TEXT PRIMARY KEY,
|
|
name TEXT NOT NULL,
|
|
cidrs TEXT[] NOT NULL DEFAULT '{}',
|
|
ports INTEGER[] NOT NULL DEFAULT '{443}',
|
|
enabled BOOLEAN NOT NULL DEFAULT TRUE,
|
|
scan_interval_hours INTEGER NOT NULL DEFAULT 6,
|
|
timeout_ms INTEGER NOT NULL DEFAULT 5000,
|
|
last_scan_at TIMESTAMPTZ,
|
|
last_scan_duration_ms INTEGER,
|
|
last_scan_certs_found INTEGER,
|
|
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
|
|
);
|
|
|
|
CREATE INDEX IF NOT EXISTS idx_network_scan_targets_enabled ON network_scan_targets(enabled) WHERE enabled = TRUE;
|