%23%23%20Faire%20de%20la%20vacance%20structurelle%20une%20ressource%20pour%20les%20territoires%0A%0A1%2C1%20millions%20de%20logements%20sont%20vacants%20depuis%20au%20moins%20deux%20ans%20dans%20le%20parc%20priv%C3%A9%20en%20France%20%28source%20LOVAC%202022%29.%20Au-del%C3%A0%20de%20ces%20logements%20d%C3%A9j%C3%A0%20vacants%2C%201%2C6%20millions%20de%20passoires%20%C3%A9nerg%C3%A9tiques%20locatives%20du%20parc%20priv%C3%A9%20%28DPE%20F%20et%20G%29%20risquent%20de%20basculer%20dans%20la%20vacance%20avec%20l%27interdiction%20progressive%20%C3%A0%20la%20relocation%20%28la%20loi%20climat%20et%20r%C3%A9silence%29%20.%0A%0ACette%20vacance%20structurelle%20p%C3%A9nalise%20les%20personnes%20qui%20cherchent%20%C3%A0%20se%20loger%2C%20d%C3%A9grade%20le%20b%C3%A2ti%20et%20contribue%20%C3%A0%20la%20d%C3%A9saffection%20des%20centres-villes%0A%0AA%20contrario%2C%20la%20remise%20sur%20le%20march%C3%A9%20des%20logements%20vacants%20contribue%20%C3%A0%20constituer%20une%20offre%20de%20logement%20abordable%2C%20%C3%A0%20la%20redynamisation%20des%20centre-villes%2C%20alimente%20l%27activit%C3%A9%20%C3%A9conomique%20locale%20li%C3%A9e%20au%20b%C3%A2timent%20%28r%C3%A9novation%29%2C%20et%20r%C3%A9duit%20la%20construction%20neuve%20%28ZAN%2C%20%C3%A9conomie%20carbone%2C%20%C3%A9conomie%20mati%C3%A8re%29.%0A%0ALes%20aides%20et%20dispositifs%20d%E2%80%99accompagnement%20des%20propri%C3%A9taires%20sont%20nombreux%20pour%20la%20r%C3%A9novation%2C%20la%20mise%20en%20location%20ou%20la%20vente%20des%20logements.%20Leur%20complexit%C3%A9%20freine%20toutefois%20la%20capacit%C3%A9%20des%20acteurs%20du%20logement%20%C3%A0%20mener%20des%20actions%20conjointes%20et%2C%20de%20l%E2%80%99autre%2C%20la%20capacit%C3%A9%20des%20propri%C3%A9taires%20%C3%A0%20se%20mettre%20en%20mouvement.%20En%20outre%2C%20beaucoup%20de%20logements%20et%20leurs%20propri%C3%A9taires%20sont%20dans%20des%20situations%20qui%20ne%20d%C3%A9pendent%20pas%20seulement%20des%20aides%20%28succession%2C%20attachement%20au%20bien%2C%20risques...%29.%0A%0A%23%23%20Accompagner%20le%20charg%C3%A9%20d%27habitat%20en%20charge%20de%20la%20lutte%20contre%20la%20vacance%0A%0AQuand%20la%20lutte%20et%20la%20pr%C3%A9vention%20de%20la%20vacance%20devient%20un%20sujet%20de%20l%27action%20publique%20locale%2C%20ce%20sont%20les%20charg%C3%A9s%20d%27habitat%20des%20EPCI%2C%20ainsi%20que%20des%20communes%20fran%C3%A7aises%2C%20qui%20en%20sont%20les%20chevilles%20ouvri%C3%A8res%2C%20n%C3%A9anmoins%20ils%20%3A%0A%0A%2A%20ont%20en%20r%C3%A8gle%20g%C3%A9n%C3%A9rale%20peu%20de%20temps%20d%C3%A9di%C3%A9%20%C3%A0%20la%20vacance%20%280.5%20jour%20%2F%20semaine%20en%20moyenne%29%2C%20%0A%2A%20ont%20tendance%20%C3%A0%20privil%C3%A9gier%20les%20%C3%A9tudes%20pour%20qualifier%20la%20vacance%20du%20territoire%20notamment%20et%20ont%20besoin%20de%20donn%C3%A9es%20les%20plus%20%C3%A0%20jour%2C%0A%2A%20sont%20soumis%20%C3%A0%20la%20validation%20des%20%C3%A9lus%20car%20le%20sujet%20touche%20%C3%A0%20la%20propri%C3%A9t%C3%A9%20priv%C3%A9%20et%20%C3%A0%20la%20politique%20locale%2C%0A%2A%20Enfin%20sont%20plus%20ou%20moins%20agiles%20dans%20la%20manipulation%20de%20donn%C3%A9es%20brutes%20et%20plus%20ou%20moins%20bien%20outill%C3%A9s%20sur%20le%20plan%20num%C3%A9rique.%0A%0A%23%23%20La%20solution%20Z%C3%A9ro%20Logement%20Vacant%0A%0AZ%C3%A9ro%20Logement%20Vacant%20aide%20ces%20charg%C3%A9s%20d%27habitat%20%C3%A0%20identifier%20et%20mobiliser%20les%20propri%C3%A9taires%20de%20logements%20vacants%20et%20de%20passoires%20%C3%A9nerg%C3%A9tiques%20de%20leur%20territoire%20pour%20les%20remobilier%20et%20les%20faire%20entrer%20dans%20un%20programme%20de%20remise%20sur%20le%20march%C3%A9%20%3A%20financement%20de%20travaux%2C%20interm%C3%A9diation%20locative%2C%20aide%20juridique.%0A%0ALes%20principales%20fonctionnalit%C3%A9s%20de%20l%27outil%20%3A%0A-%20Avoir%20une%20vue%20d%27ensemble%20g%C3%A9olocalis%C3%A9e%20du%20parc%20vacant%20et%20des%20passoires%20%C3%A9nerg%C3%A9tiques%2C%20leurs%20caract%C3%A9ristiques%20et%20leurs%20propri%C3%A9taire%3B%0A-%20Filtrer%20les%20logements%20et%20cr%C3%A9er%20des%20groupes%20pour%20am%C3%A9liorer%20la%20connaissance%20et%20l%27impact%20des%20messages%20port%C3%A9s%20%3B%0A-%20R%C3%A9diger%20des%20courriers%20et%20organiser%20le%20publipostage%20pour%20envoyer%20une%20campagne%20de%20courriers%20postaux%20aux%20propri%C3%A9taires%20cibl%C3%A9s%20%3B%0A-%20Mettre%20%C3%A0%20jour%20les%20fiches%20logement%20et%20propri%C3%A9taires%20afin%20de%20fiabiliser%20la%20donn%C3%A9e%20partag%C3%A9e%20et%20d%27assurer%20une%20continuit%C3%A9%20de%20l%27information%20sur%20le%20territoire.%0A%0A%23%23%20Les%20grandes%20dates%0A%0A%2A%202021%20%3A%20premi%C3%A8re%20version%20prototyp%C3%A9e%20en%20no-code%20pour%20tester%20la%20proposition%20de%20valeur%20aupr%C3%A8s%20d%27une%20vingtaine%20de%20collectivit%C3%A9s%20laur%C3%A9ates%20d%27un%20AMI%0A%2A%202022%20%3A%20d%C3%A9veloppement%20de%20la%C2%A0solution%20open-source%20pour%20pr%C3%A9parer%20un%20d%C3%A9ploiement%20%C3%A0%20plus%20large%20%C3%A9chelle%20France%20enti%C3%A8re%20%28novembre%202022%29%20%0A%2A%202024%20%3A%20int%C3%A9gration%20des%20donn%C3%A9es%20passoires%20%C3%A9nerg%C3%A9tiques%20pour%20int%C3%A9grer%20la%20pr%C3%A9vention%20de%20la%20vacance%0A%0A%23%23%20Impact%20de%20la%20solution%0A%0AL%E2%80%99impact%20principal%20porte%20sur%20la%20remise%20sur%20le%20march%C3%A9%20des%20logements%20en%20situation%20de%20vacance%20structurelle.%C2%A0Le%20processus%20de%20remise%20sur%20le%20march%C3%A9%20%C3%A9tant%20long%20%281%20%C3%A0%204%20ans%29%2C%20nous%20suivons%20les%20logements%20sortis%20et%20en%20cours%20de%20sortis%20de%20la%20vacance.%0A%0AL%27outil%20a%20d%27autres%20externalit%C3%A9s%20positives%20sur%20la%20ZAN%20et%20les%20%C3%A9conomies%20carbone%20en%20particulier.%0A%0A%23%23%20Objectifs%20et%20indicateurs%20pour%20juillet%202024%0A%0A%23%20Objectif%201%20%3A%20renforcer%20la%20capacit%C3%A9%20op%C3%A9rationnelle%20des%20charg%C3%A9s%20d%27habitat%20utilisateurs%0A%2A%20Nombre%20de%20visites%20par%20mois%20%3B%0A%2A%20Nombre%20d%27exports%20r%C3%A9alis%C3%A9s.%0A%0A%23%23%20Objectif%202%20%3A%20ZLV%20comme%20outil%20d%27administration%20partag%C3%A9%20du%20parc%20priv%C3%A9%0A%2A%20Nombre%20de%20mises%20%C3%A0%20jour%20de%20fiches%20logement%20%26%20propri%C3%A9taire%0A%2A%20Bases%20de%20donn%C3%A9es%20int%C3%A9gr%C3%A9es%20%28Lovac%20mill%C3%A9sime%202024%2C%20DPE%2FBDNB%2C%20RNIC%2C%20CoproFF%2C%20etc.%29%0A%0A%23%23%20Objectif%203%20%3A%20engager%20des%20collectivit%C3%A9s%20dans%20la%20lutte%0A%2A%20Nombre%20d%27organisations%20inscrites%20%C3%A0%20ZLV%0A%2A%20Taux%20d%27utilisateurs%20qui%20se%20sont%20connect%C3%A9s%20%C3%A0%20ZLV%20dans%20les%203%20derniers%20mois

Zéro logement vacant

investigation

construction

acceleration

Iteration over a user-controlled object with a potentially unbounded .length property from a user-provided value.

Iterating over an object with a user-controlled .length property can cause indefinite looping.

js/loop-bound-injection

CodeQL

This uses a cryptographically insecure random number generated at Math.random() in a security context.

Using a cryptographically weak pseudo-random number generator to generate a security-sensitive value may allow an attacker to predict what value will be generated.

js/insecure-randomness

Change this code not to store a secret in the image. See more on <a href="https://sonarcloud.io/project/issues?id=MTES-MCT_zero-logement-vacant&issues=AZgLaLiFf1xaVfjBZ8-v&open=AZgLaLiFf1xaVfjBZ8-v">SonarQube Cloud</a>

docker:S6437

SonarCloud

Make sure this PostgreSQL database password gets changed and removed from the code. See more on <a href="https://sonarcloud.io/project/issues?id=MTES-MCT_zero-logement-vacant&issues=AZWu8YjUmO92-uPJCGu5&open=AZWu8YjUmO92-uPJCGu5">SonarQube Cloud</a>

PostgreSQL database passwords should not be disclosed

secrets:S6698

Make sure this PostgreSQL database password gets changed and removed from the code. See more on <a href="https://sonarcloud.io/project/issues?id=MTES-MCT_zero-logement-vacant&issues=AZWu8YJ_mO92-uPJCGpM&open=AZWu8YJ_mO92-uPJCGpM">SonarQube Cloud</a>

Change this code not to store a secret in the image. See more on <a href="https://sonarcloud.io/project/issues?id=MTES-MCT_zero-logement-vacant&issues=AZWu8YeXmO92-uPJCGuR&open=AZWu8YeXmO92-uPJCGuR">SonarQube Cloud</a>

Make sure this PostgreSQL database password gets changed and removed from the code. See more on <a href="https://sonarcloud.io/project/issues?id=MTES-MCT_zero-logement-vacant&issues=AZWu8Ye7mO92-uPJCGud&open=AZWu8Ye7mO92-uPJCGud">SonarQube Cloud</a>

Diagnostics

Metrics

http

https

Look for keys/tokens/passwords in HTTP responses, exposed keys/tokens/secrets requires manual verification for impact evaluation.

Credentials Disclosure Check

A CAA record was discovered. A CAA record is used to specify which certificate authorities (CAs) are allowed to issue certificates for a domain.

CAA Record

DNS DMARC - Detect

SPF Record - Detection

A DNS TXT record was detected. The TXT record lets a domain admin leave notes on a DNS server.

DNS TXT Record Detected

An NS record was detected. An NS record delegates a subdomain to a set of name servers.

NS Record Detection

An MX record was detected. MX records direct emails to a mail exchange server.

MX Record Detection

This template searches for missing HTTP security headers. The impact of these missing headers can vary.


HTTP Missing Security Headers

WAF Detection

Extract the issuer's organization from the target's certificate. Issuers are entities which sign and distribute certificates.


Detect SSL Certificate Issuer

Extract the Subject Alternative Name (SAN) from the target's certificate. SAN facilitates the usage of additional hostnames with the same certificate.


SSL DNS Names

TLS version detection is a security process used to determine the version of the Transport Layer Security (TLS) protocol used by a computer or server.
It is important to detect the TLS version in order to ensure secure communication between two computers or servers.


TLS Version - Detect

Django debug configuration is enabled, which allows an attacker to obtain system configuration information such as paths or settings.

Django Debug Configuration Enabled

main

ph_phc_lit4tFUhTdSfhlHngsM8ih6grNtVmjECmzViBiPpwbT_posthog

Wagtail is a Django content management system (CMS) focused on flexibility and user experience.

Wagtail

Python is an interpreted and general-purpose programming language.

Python

Django is a Python-based free and open-source web application framework.

Django

PostHog is the open-source, all-in-one product analytics platform.

PostHog

Sendinblue is an email marketing solution for small and medium-sized businesses that want to send and automate email marketing campaigns.

Sendinblue

Progressive Web Apps (PWAs) are web apps built and enhanced with modern APIs to deliver enhanced capabilities, reliability, and installability while reaching anyone, anywhere, on any device, all with a single codebase.

Open Graph is a protocol that is used to integrate any web page into the social graph.

severity	service	vulnerability
info	http (port:80)
info	https (port:443)

Impact	Description	Documentation
-25	Content Security Policy (CSP) header not implemented	Implement one, see MDN's Content Security Policy (CSP) documentation.
-20	Does not redirect to an HTTPS site.	Documentation for redirection-to-https
-20	`Strict-Transport-Security` header not implemented.	Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/).

severity	rule	description
warning	js/loop-bound-injection	Loop bound injection
warning	js/insecure-randomness	Insecure randomness
warning	docker:S6437	Credentials should not be hard-coded
warning	secrets:S6698	PostgreSQL database passwords should not be disclosed

badge	name	value
B	bugs	4
A	vulnerabilities	0
F	codeSmells	387

https://zerologementvacant.beta.gouv.fr

Nmap

Mozilla HTTP observatory

SSL

Expiration : 05/10/2025

Alertes Dependabot MTES-MCT/zero-logement-vacant

CodeScan MTES-MCT/zero-logement-vacant

Nuclei11 mois

Qualimétrie SonarCloud MTES-MCT/zero-logement-vacant

Séverité	Name	Matcher
unknown	Credentials Disclosure Check	credentials-disclosure
info	CAA Record	caa-fingerprint
info	DNS DMARC - Detect	dmarc-detect
info	SPF Record - Detection	spf-record-detect
info	DNS TXT Record Detected	txt-fingerprint
info	NS Record Detection	nameserver-fingerprint
info	MX Record Detection	mx-fingerprint
info	HTTP Missing Security Headers	x-permitted-cross-domain-policies
info	HTTP Missing Security Headers	clear-site-data
info	HTTP Missing Security Headers	cross-origin-embedder-policy
info	HTTP Missing Security Headers	cross-origin-resource-policy
info	HTTP Missing Security Headers	content-security-policy
info	HTTP Missing Security Headers	permissions-policy
info	WAF Detection	apachegeneric
info	Detect SSL Certificate Issuer	ssl-issuer
info	SSL DNS Names	ssl-dns-names
info	TLS Version - Detect	tls-version
info	TLS Version - Detect	tls-version
medium	Django Debug Configuration Enabled	django-debug