feat: add full-stack security posture trend dashboard

[lakshay122007]

Before opening: make sure there is an issue tracking this work, and link it below. PRs without a linked issue may be closed without review.

Linked issue

Closes #31

What this PR does

Adds a full-stack Security Posture Trend Dashboard to visualize active findings over the last 6 scans. It introduces a responsive React line chart on the frontend and the corresponding /trends API endpoint on the backend. Additionally, it fixes a critical backend bug where the /scan-url endpoint was failing to persist job data to the SQLite database due to a thread connection error.

Type of change

• Bug fix
• New feature
• ML model / training pipeline
• Refactor (no behaviour change)
• Documentation
• Tests only

ML tier (if applicable)

• Tier 1 — Triage
• Tier 2 — Predictive
• Tier 3 — Autonomous
• Not ML-related

---

Changes

Backend

• Added get_trend_data in db.py to aggregate finding counts for the last 6 scans.
• Exposed GET /trends endpoint in main.py.
• Bugfix: Added missing SQLite INSERT logic to the /scan-url endpoint so GitHub URL scans are actually saved to the database.
• Bugfix: Resolved RuntimeError: threads can only be started once in /scan-url by correctly utilizing the try / finally connection block pattern.

Frontend

• Created TrendChart component (trend-chart.tsx) using recharts to render a responsive, dark-mode compatible line chart.
• Integrated <TrendChart /> into dashboard.tsx.
• Added getTrends fetch function in api.ts.
• Implemented empty states, loading states, and error handling for the chart.

New dependencies

• recharts: Required on the frontend to render the SVG line chart and tooltips natively within React.

Database / schema changes

• No schema changes, but heavily utilized the existing jobs and findings tables to generate the historical time-series data.

---

Testing

How did you test this?
Tested locally end-to-end. Booted the FastAPI backend and React frontend. Executed both ZIP uploads and GitHub URL imports to verify the /scan-url database write fix. Verified that the TrendChart successfully fetches data from /trends and updates dynamically without dropping theme colors in dark mode.

Checklist

• Tested locally end-to-end (upload ZIP or GitHub URL → scan → findings returned correctly)
• New ML model falls back gracefully when model file is absent
• No new console.error or unhandled Python exceptions introduced
• Added or updated tests where applicable
• requirements.txt / package.json updated if new dependencies added
• New model files (.pkl, .pt, etc.) are gitignored, not committed

---

Anything reviewers should focus on

Reviewers should specifically look at the fix applied to scan_url in main.py. The endpoint was previously missing the database write logic entirely, and my initial attempt to add it uncovered a thread duplication bug with aiosqlite. It is now correctly using await db.close() in a finally block to match the other endpoints.

here is how it looks -

[lakshay122007]

hi @ionfwsrijan Kindly review it and let me know if any changes required. Thanks!

[lakshay122007]

@ionfwsrijan in this i thought the trend endpoint was already there but it was not so i created the new endpoints , and integrated it well and fully, some extra work, but its working perfectly Fine. If any Ui changes needed, i will surely change them. Let me Know. Thanks!

[Tushar-sonawane06]

@ionfwsrijan APPROVED FOR MERGE

This PR is production-ready and safe to merge. It delivers:

WHAT'S INCLUDED:
• Full-stack Security Posture Trend Dashboard (frontend + backend)
• Critical bugfix: /scan-url endpoint now persists data to database
• New /trends API endpoint for historical trend aggregation
• Responsive React chart component with dark mode support
• Complete error handling and edge case coverage