Refactor security scanning and database setup

- Update security scan workflow to utilize a dedicated script for checking secrets, improving detection accuracy.
- Modify database connection setup in multiple scripts to use an environment variable fallback for DATABASE_URL, enhancing flexibility in different environments.

scripts/security-scan.sh

@@ -53,24 +53,12 @@ else
     echo "To install Trivy: brew install trivy"
 fi
 
-# 3. Check for secrets
+# 3. Check for secrets using advanced detection
 echo "🔍 Checking for potential secrets in code..."
-SECRETS_FOUND=false
-
-# Check for common secret patterns
-if grep -r -i "password\|secret\|key\|token" --include="*.js" --include="*.ts" --include="*.json" . | grep -v node_modules | grep -v ".git" | grep -v "package-lock.json" | grep -v "test" | grep -v "scripts/security-scan.sh"; then
-    print_error "Potential secrets found in code!"
-    SECRETS_FOUND=true
-fi
-
-# Check for .env files in git
-if git ls-files | grep -E "\.env$|\.env\."; then
-    print_error ".env files found in git repository!"
-    SECRETS_FOUND=true
-fi
-
-if [ "$SECRETS_FOUND" = false ]; then
-    print_status "No obvious secrets found in code"
+if ./scripts/check-secrets.sh; then
+    print_status "No secrets found in code"
+else
+    print_error "Secrets detected - please review"
 fi
 
 # 4. Check for outdated dependencies