ruvnet/RuView v1588

Release v1588

on GitHub

Automated release from CI pipeline

Changes:
fix(ci): SAST actually scans the code + drop deprecated flaky semgrep action (#930)

Two real problems in the Static Application Security Testing job:

1. It scanned a path that no longer exists. bandit -r src/ and
   semgrep … src/ pointed at the repo-root src/, but the Python code
   moved to archive/v1/src/ (64 .py files) when the runtime was rewritten
   in Rust. So the SAST scan matched nothing — a silent no-op (this is also
   why bandit-results.sarif was "Path does not exist" on recent runs).
   Fixed both to archive/v1/src/.

2. Deprecated + redundant + flaky semgrep step. The
   returntocorp/semgrep-action@v1 step pulled returntocorp/semgrep-agent:v1
   from Docker Hub every run (intermittently timing out → red check, e.g. on
   #929) and is EOL. It was redundant: the pip semgrep --sarif step is what
   feeds GitHub Security; the action only pushed to the Semgrep cloud app via
   SEMGREP_APP_TOKEN. Removed it and folded its p/docker + p/kubernetes
   rulesets into the pip semgrep command, so coverage is preserved with no
   Docker pull.

The job stays continue-on-error: true (non-gating). YAML validated.

Docker Image:
ghcr.io/ruvnet/RuView:d9e87e13b4d39d8ed6a5555c0e7e4fb7230129c4