- Added comprehensive QA report for CodeQL CI alignment implementation, detailing tests, results, and findings.
- Created CodeQL security scanning guide in documentation, outlining usage and common issues.
- Developed pre-commit hooks for CodeQL scans and findings checks, ensuring security issues are identified before commits.
- Implemented scripts for running CodeQL Go and JavaScript scans, aligned with CI configurations.
- Verified all tests passed, including backend and frontend coverage, TypeScript checks, and SARIF file generation.
- Apply URL validation using security.ValidateWebhookURL() to all webhook
HTTP request paths in notification_service.go
- Block private IPs (RFC 1918), cloud metadata endpoints, and loopback
- Add comprehensive SSRF test coverage
- Add CodeQL VS Code tasks for local security scanning
- Update Definition of Done to include CodeQL scans
- Clean up stale SARIF files from repo root
Resolves CI security gate failure for CWE-918.
- Introduced markdown content rules and validation requirements in markdown.instructions.md
- Added React controls and platform libraries guidelines in pcf-react-platform-libraries.instructions.md
- Created extensive performance optimization instructions covering frontend, backend, and database best practices in performance-optimization.instructions.md
- Established Playwright test writing guidelines and structure in playwright-typescript.instructions.md
- Developed secure coding practices based on OWASP Top 10 in security-and-owasp.instructions.md
- Defined directives for managing Copilot interactions and code generation in taming-copilot.instructions.md
- Provided TypeScript 5.x and ES2022 development guidelines in typescript-5-es2022.instructions.md
