feat: scaffold security-review command #179
Description
We have designed a decent security review template that can help quickly identify security misconfigs in Xano workspaces.
This can be created as a local site to preview the changes, but would actually require a markdown editing experience.
The idea behind this is to scaffold the review directory, and run a set of commands, e.g. spectral lint based on owasp api top10 and as a result can give a very thorough overview without actually running into a pentest upfront.
The problem we have is that the Xano OAS is stuck in the 3.0 age, and as a result has a different schema, plus it is pretty rigid. We have been trying to extend it, but that didn't lead to better results. So the goal is to process the queries of a workspace branch and construct the OAS manually with all fancy things that spectral basic rules essentially require. If that is all fine then we can preview the docs in a scalar api reference which gives a neat UI as well.