chore: git cache cleanup

2026-03-04 18:34:49 +00:00
parent c32cce2a88
commit 27c252600a
2001 changed files with 683185 additions and 0 deletions
--- a/scripts/pre-commit-hooks/codeql-js-scan.sh
+++ b/scripts/pre-commit-hooks/codeql-js-scan.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+# Pre-commit CodeQL JavaScript/TypeScript scan - CI-aligned
+set -e
+
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+echo -e "${BLUE}🔍 Running CodeQL JavaScript/TypeScript scan (CI-aligned)...${NC}"
+echo ""
+
+# Remove generated artifacts that can create noisy/false findings during CodeQL analysis
+rm -rf frontend/coverage frontend/dist playwright-report test-results coverage
+
+# Clean previous database
+rm -rf codeql-db-js
+
+# Create database
+echo "📦 Creating CodeQL database..."
+codeql database create codeql-db-js \
+  --language=javascript \
+  --build-mode=none \
+  --source-root=frontend \
+  --codescanning-config=.github/codeql/codeql-config.yml \
+  --threads=0 \
+  --overwrite
+
+echo ""
+echo "📊 Analyzing with security-and-quality suite..."
+# Analyze with CI-aligned suite
+codeql database analyze codeql-db-js \
+  codeql/javascript-queries:codeql-suites/javascript-security-and-quality.qls \
+  --format=sarif-latest \
+  --output=codeql-results-js.sarif \
+  --sarif-add-baseline-file-info \
+  --threads=0
+
+echo -e "${GREEN}✅ CodeQL JavaScript/TypeScript scan complete${NC}"
+echo "Results saved to: codeql-results-js.sarif"
+echo ""
+echo "Run 'pre-commit run codeql-check-findings' to validate findings"