chore: Implement CodeQL CI Alignment and Security Scanning

- Added comprehensive QA report for CodeQL CI alignment implementation, detailing tests, results, and findings. - Created CodeQL security scanning guide in documentation, outlining usage and common issues. - Developed pre-commit hooks for CodeQL scans and findings checks, ensuring security issues are identified before commits. - Implemented scripts for running CodeQL Go and JavaScript scans, aligned with CI configurations. - Verified all tests passed, including backend and frontend coverage, TypeScript checks, and SARIF file generation.
2025-12-24 14:35:33 +00:00
parent 369182f460
commit 70bd60dbce
23 changed files with 6049 additions and 652 deletions
--- a/scripts/pre-commit-hooks/codeql-js-scan.sh
+++ b/scripts/pre-commit-hooks/codeql-js-scan.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+# Pre-commit CodeQL JavaScript/TypeScript scan - CI-aligned
+set -e
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+echo -e "${BLUE}🔍 Running CodeQL JavaScript/TypeScript scan (CI-aligned)...${NC}"
+echo ""
+
+# Clean previous database
+rm -rf codeql-db-js
+
+# Create database
+echo "📦 Creating CodeQL database..."
+codeql database create codeql-db-js \
+  --language=javascript \
+  --source-root=frontend \
+  --threads=0 \
+  --overwrite
+
+echo ""
+echo "📊 Analyzing with security-and-quality suite..."
+# Analyze with CI-aligned suite
+codeql database analyze codeql-db-js \
+  codeql/javascript-queries:codeql-suites/javascript-security-and-quality.qls \
+  --format=sarif-latest \
+  --output=codeql-results-js.sarif \
+  --sarif-add-baseline-file-info \
+  --threads=0
+
+echo -e "${GREEN}✅ CodeQL JavaScript/TypeScript scan complete${NC}"
+echo "Results saved to: codeql-results-js.sarif"
+echo ""
+echo "Run 'pre-commit run codeql-check-findings' to validate findings"