qgis
diff --git a/‎dockerize/docker/REQUIREMENTS.txt‎
Lines changed: 14 additions & 1 deletion b/‎dockerize/docker/REQUIREMENTS.txt‎
Lines changed: 14 additions & 1 deletion
diff --git a/‎qgis-app/docs.py‎
Lines changed: 11 additions & 0 deletions b/‎qgis-app/docs.py‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎qgis-app/plugins/admin.py‎
Lines changed: 54 additions & 4 deletions b/‎qgis-app/plugins/admin.py‎
Lines changed: 54 additions & 4 deletions
diff --git a/‎qgis-app/plugins/migrations/0018_pluginversionsecurityscan.py‎
Lines changed: 82 additions & 0 deletions b/‎qgis-app/plugins/migrations/0018_pluginversionsecurityscan.py‎
Lines changed: 82 additions & 0 deletions
diff --git a/‎qgis-app/plugins/models.py‎
Lines changed: 58 additions & 0 deletions b/‎qgis-app/plugins/models.py‎
Lines changed: 58 additions & 0 deletions
@@ -55,4 +55,17 @@ sentry-sdk~=2.2
 django-webpack-loader~=3.1
 
 beautifulsoup4~=4.12
-setuptools~=75.1
+setuptools~=75.1
+
+# Security scanning tools for QGIS Plugin analysis (invoked via subprocess)
+# Bandit - Security vulnerability scanner for Python code
+bandit~=1.9
+
+# detect-secrets - Finds hardcoded secrets in code
+detect-secrets~=1.5
+
+# flake8 for code quality
+flake8~=7.3
+
+# flake8-json for structured output (optional but recommended)
+flake8-json~=24.4
@@ -33,3 +33,14 @@ def docs_faq(request):
         "flatpages/docs_faq.html",
         {},
     )
+
+
+def docs_security_scanning(request):
+    """
+    Renders the docs_security_scanning page
+    """
+    return render(
+        request,
+        "flatpages/docs_security_scanning.html",
+        {},
+    )
@@ -1,5 +1,10 @@
 from django.contrib import admin
-from plugins.models import Plugin, PluginVersion, PluginVersionDownload  # , PluginCrashReport
+from plugins.models import (  # , PluginCrashReport
+    Plugin,
+    PluginVersion,
+    PluginVersionDownload,
+    PluginVersionSecurityScan,
+)
 
 
 class PluginAdmin(admin.ModelAdmin):
@@ -29,14 +34,58 @@ class PluginVersionAdmin(admin.ModelAdmin):
 
 
 class PluginVersionDownloadAdmin(admin.ModelAdmin):
+    list_display = ("plugin_version", "download_date", "download_count")
+    raw_id_fields = ("plugin_version",)
+
+
+class PluginVersionSecurityScanAdmin(admin.ModelAdmin):
     list_display = (
         "plugin_version",
-        "download_date",
-        "download_count"
+        "scanned_on",
+        "overall_status",
+        "pass_rate",
+        "total_checks",
+        "passed_checks",
+        "critical_count",
+        "warning_count",
     )
-    raw_id_fields = (
+    list_filter = ("scanned_on",)
+    search_fields = ("plugin_version__plugin__name", "plugin_version__version")
+    readonly_fields = (
         "plugin_version",
+        "scanned_on",
+        "total_checks",
+        "passed_checks",
+        "warning_count",
+        "critical_count",
+        "info_count",
+        "files_scanned",
+        "total_issues",
+        "scan_report",
     )
+    raw_id_fields = ()
+
+    def overall_status(self, obj):
+        status = obj.overall_status
+        colors = {
+            "passed": "green",
+            "info": "blue",
+            "warning": "orange",
+            "critical": "red",
+        }
+        return f'<span style="color: {colors.get(status, "black")}; font-weight: bold;">{status.upper()}</span>'
+
+    overall_status.allow_tags = True
+    overall_status.short_description = "Status"
+
+    def pass_rate(self, obj):
+        rate = obj.pass_rate
+        color = "green" if rate >= 80 else "orange" if rate >= 60 else "red"
+        return f'<span style="color: {color}; font-weight: bold;">{rate}%</span>'
+
+    pass_rate.allow_tags = True
+    pass_rate.short_description = "Pass Rate"
+
 
 # class PluginCrashReportAdmin(admin.ModelAdmin):
 # pass
@@ -45,4 +94,5 @@ class PluginVersionDownloadAdmin(admin.ModelAdmin):
 admin.site.register(Plugin, PluginAdmin)
 admin.site.register(PluginVersion, PluginVersionAdmin)
 admin.site.register(PluginVersionDownload, PluginVersionDownloadAdmin)
+admin.site.register(PluginVersionSecurityScan, PluginVersionSecurityScanAdmin)
 # admin.site.register(PluginCrashReport, PluginCrashReportAdmin)
@@ -0,0 +1,82 @@
+# Generated by Django 4.2.27 on 2026-01-13 05:24
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("plugins", "0017_merge_20260109_0103"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="PluginVersionSecurityScan",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                (
+                    "scanned_on",
+                    models.DateTimeField(auto_now_add=True, verbose_name="Scanned on"),
+                ),
+                (
+                    "total_checks",
+                    models.IntegerField(default=0, verbose_name="Total checks"),
+                ),
+                (
+                    "passed_checks",
+                    models.IntegerField(default=0, verbose_name="Passed checks"),
+                ),
+                (
+                    "warning_count",
+                    models.IntegerField(default=0, verbose_name="Warnings"),
+                ),
+                (
+                    "critical_count",
+                    models.IntegerField(default=0, verbose_name="Critical issues"),
+                ),
+                (
+                    "info_count",
+                    models.IntegerField(default=0, verbose_name="Info items"),
+                ),
+                (
+                    "files_scanned",
+                    models.IntegerField(default=0, verbose_name="Files scanned"),
+                ),
+                (
+                    "total_issues",
+                    models.IntegerField(default=0, verbose_name="Total issues"),
+                ),
+                (
+                    "scan_report",
+                    models.JSONField(
+                        blank=True,
+                        default=dict,
+                        help_text="Complete scan report with all check details",
+                        verbose_name="Scan report",
+                    ),
+                ),
+                (
+                    "plugin_version",
+                    models.OneToOneField(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="security_scan",
+                        to="plugins.pluginversion",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "Plugin Version Security Scan",
+                "verbose_name_plural": "Plugin Version Security Scans",
+                "ordering": ["-scanned_on"],
+            },
+        ),
+    ]
@@ -1182,6 +1182,64 @@ class Meta:
         )
 
 
+class PluginVersionSecurityScan(models.Model):
+    """
+    Security and quality scan results for plugin versions
+    Stores non-blocking security, quality, and code analysis results
+    """
+
+    plugin_version = models.OneToOneField(
+        PluginVersion, on_delete=models.CASCADE, related_name="security_scan"
+    )
+    scanned_on = models.DateTimeField(
+        _("Scanned on"), auto_now_add=True, editable=False
+    )
+
+    # Summary statistics
+    total_checks = models.IntegerField(_("Total checks"), default=0)
+    passed_checks = models.IntegerField(_("Passed checks"), default=0)
+    warning_count = models.IntegerField(_("Warnings"), default=0)
+    critical_count = models.IntegerField(_("Critical issues"), default=0)
+    info_count = models.IntegerField(_("Info items"), default=0)
+    files_scanned = models.IntegerField(_("Files scanned"), default=0)
+    total_issues = models.IntegerField(_("Total issues"), default=0)
+
+    # Full scan report (JSON field)
+    scan_report = models.JSONField(
+        _("Scan report"),
+        default=dict,
+        blank=True,
+        help_text=_("Complete scan report with all check details"),
+    )
+
+    class Meta:
+        verbose_name = _("Plugin Version Security Scan")
+        verbose_name_plural = _("Plugin Version Security Scans")
+        ordering = ["-scanned_on"]
+
+    def __str__(self):
+        return f"Security scan for {self.plugin_version} ({self.scanned_on})"
+
+    @property
+    def overall_status(self):
+        """Returns overall scan status"""
+        if self.critical_count > 0:
+            return "critical"
+        elif self.warning_count > 0:
+            return "warning"
+        elif self.info_count > 0:
+            return "info"
+        else:
+            return "passed"
+
+    @property
+    def pass_rate(self):
+        """Calculate percentage of passed checks"""
+        if self.total_checks == 0:
+            return 0
+        return round((self.passed_checks / self.total_checks) * 100, 1)
+
+
 models.signals.post_delete.connect(delete_version_package, sender=PluginVersion)
 models.signals.post_delete.connect(delete_plugin_icon, sender=Plugin)
 models.signals.post_delete.connect(