akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
Files
0022b43c8db3f4fa6d16ca0d2f6cd82ee41a6aab
Charon/.vscode/tasks.json
GitHub Actions 70bd60dbce chore: Implement CodeQL CI Alignment and Security Scanning 
- Added comprehensive QA report for CodeQL CI alignment implementation, detailing tests, results, and findings.
- Created CodeQL security scanning guide in documentation, outlining usage and common issues.
- Developed pre-commit hooks for CodeQL scans and findings checks, ensuring security issues are identified before commits.
- Implemented scripts for running CodeQL Go and JavaScript scans, aligned with CI configurations.
- Verified all tests passed, including backend and frontend coverage, TypeScript checks, and SARIF file generation.
2025-12-24 14:35:33 +00:00

338 lines
15 KiB
JSON
Raw Blame History

{
"version": "2.0.0",
"tasks": [
{
"label": "Build & Run: Local Docker Image",
"type": "shell",
"command": "docker build -t charon:local . && docker compose -f docker-compose.test.yml up -d && echo 'Charon running at http://localhost:8080'",
"group": "build",
"problemMatcher": [],
"presentation": {
"reveal": "always",
"panel": "new"
}
},
{
"label": "Build & Run: Local Docker Image No-Cache",
"type": "shell",
"command": "docker build --no-cache -t charon:local . && docker compose -f docker-compose.test.yml up -d && echo 'Charon running at http://localhost:8080'",
"group": "build",
"problemMatcher": [],
"presentation": {
"reveal": "always",
"panel": "new"
}
},
{
"label": "Build: Backend",
"type": "shell",
"command": "cd backend && go build ./...",
"group": "build",
"problemMatcher": ["$go"]
},
{
"label": "Build: Frontend",
"type": "shell",
"command": "cd frontend && npm run build",
"group": "build",
"problemMatcher": []
},
{
"label": "Build: All",
"type": "shell",
"dependsOn": ["Build: Backend", "Build: Frontend"],
"group": {
"kind": "build",
"isDefault": true
},
"problemMatcher": []
},
{
"label": "Test: Backend Unit Tests",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh test-backend-unit",
"group": "test",
"problemMatcher": ["$go"]
},
{
"label": "Test: Backend with Coverage",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh test-backend-coverage",
"group": "test",
"problemMatcher": []
},
{
"label": "Test: Frontend",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh test-frontend-unit",
"group": "test",
"problemMatcher": []
},
{
"label": "Test: Frontend with Coverage",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh test-frontend-coverage",
"group": "test",
"problemMatcher": []
},
{
"label": "Lint: Pre-commit (All Files)",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh qa-precommit-all",
"group": "test",
"problemMatcher": [],
"presentation": {
"reveal": "always",
"panel": "shared"
}
},
{
"label": "Lint: Go Vet",
"type": "shell",
"command": "cd backend && go vet ./...",
"group": "test",
"problemMatcher": ["$go"]
},
{
"label": "Lint: GolangCI-Lint (Docker)",
"type": "shell",
"command": "cd backend && docker run --rm -v $(pwd):/app:ro -w /app golangci/golangci-lint:latest golangci-lint run -v",
"group": "test",
"problemMatcher": []
},
{
"label": "Lint: Frontend",
"type": "shell",
"command": "cd frontend && npm run lint",
"group": "test",
"problemMatcher": []
},
{
"label": "Lint: Frontend (Fix)",
"type": "shell",
"command": "cd frontend && npm run lint -- --fix",
"group": "test",
"problemMatcher": []
},
{
"label": "Lint: TypeScript Check",
"type": "shell",
"command": "cd frontend && npm run type-check",
"group": "test",
"problemMatcher": []
},
{
"label": "Lint: Markdownlint",
"type": "shell",
"command": "markdownlint '**/*.md' --ignore node_modules --ignore frontend/node_modules --ignore .venv --ignore test-results --ignore codeql-db --ignore codeql-agent-results",
"group": "test",
"problemMatcher": []
},
{
"label": "Lint: Markdownlint (Fix)",
"type": "shell",
"command": "markdownlint '**/*.md' --fix --ignore node_modules --ignore frontend/node_modules --ignore .venv --ignore test-results --ignore codeql-db --ignore codeql-agent-results",
"group": "test",
"problemMatcher": []
},
{
"label": "Lint: Hadolint Dockerfile",
"type": "shell",
"command": "docker run --rm -i hadolint/hadolint < Dockerfile",
"group": "test",
"problemMatcher": []
},
{
"label": "Security: Trivy Scan",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh security-scan-trivy",
"group": "test",
"problemMatcher": []
},
{
"label": "Security: CodeQL Go Scan (DEPRECATED)",
"type": "shell",
"command": "codeql database create codeql-db-go --language=go --source-root=backend --overwrite && codeql database analyze codeql-db-go /projects/codeql/codeql/go/ql/src/codeql-suites/go-security-extended.qls --format=sarif-latest --output=codeql-results-go.sarif",
"group": "test",
"problemMatcher": []
},
{
"label": "Security: CodeQL JS Scan (DEPRECATED)",
"type": "shell",
"command": "codeql database create codeql-db-js --language=javascript --source-root=frontend --overwrite && codeql database analyze codeql-db-js /projects/codeql/codeql/javascript/ql/src/codeql-suites/javascript-security-extended.qls --format=sarif-latest --output=codeql-results-js.sarif",
"group": "test",
"problemMatcher": []
},
{
"label": "Security: CodeQL Go Scan (CI-Aligned) [~60s]",
"type": "shell",
"command": "bash -c 'set -e && \\\n echo \"🔍 Creating CodeQL database for Go...\" && \\\n rm -rf codeql-db-go && \\\n codeql database create codeql-db-go \\\n --language=go \\\n --source-root=backend \\\n --overwrite \\\n --threads=0 && \\\n echo \"\" && \\\n echo \"📊 Running CodeQL analysis (security-and-quality suite)...\" && \\\n codeql database analyze codeql-db-go \\\n codeql/go-queries:codeql-suites/go-security-and-quality.qls \\\n --format=sarif-latest \\\n --output=codeql-results-go.sarif \\\n --sarif-add-baseline-file-info \\\n --threads=0 && \\\n echo \"\" && \\\n echo \"✅ CodeQL scan complete. Results: codeql-results-go.sarif\" && \\\n echo \"\" && \\\n echo \"📋 Summary of findings:\" && \\\n codeql database interpret-results codeql-db-go \\\n --format=text \\\n --output=/dev/stdout \\\n codeql/go-queries:codeql-suites/go-security-and-quality.qls 2>/dev/null || \\\n (echo \"⚠️ Use SARIF Viewer extension to view detailed results\" && jq -r \".runs[].results[] | \\\"\\(.level): \\(.message.text) (\\(.locations[0].physicalLocation.artifactLocation.uri):\\(.locations[0].physicalLocation.region.startLine))\\\"\" codeql-results-go.sarif 2>/dev/null | head -20 || echo \"No findings or jq not available\")'",
"group": "test",
"problemMatcher": [],
"presentation": {
"echo": true,
"reveal": "always",
"focus": false,
"panel": "shared",
"showReuseMessage": false,
"clear": false
}
},
{
"label": "Security: CodeQL JS Scan (CI-Aligned) [~90s]",
"type": "shell",
"command": "bash -c 'set -e && \\\n echo \"🔍 Creating CodeQL database for JavaScript/TypeScript...\" && \\\n rm -rf codeql-db-js && \\\n codeql database create codeql-db-js \\\n --language=javascript \\\n --source-root=frontend \\\n --overwrite \\\n --threads=0 && \\\n echo \"\" && \\\n echo \"📊 Running CodeQL analysis (security-and-quality suite)...\" && \\\n codeql database analyze codeql-db-js \\\n codeql/javascript-queries:codeql-suites/javascript-security-and-quality.qls \\\n --format=sarif-latest \\\n --output=codeql-results-js.sarif \\\n --sarif-add-baseline-file-info \\\n --threads=0 && \\\n echo \"\" && \\\n echo \"✅ CodeQL scan complete. Results: codeql-results-js.sarif\" && \\\n echo \"\" && \\\n echo \"📋 Summary of findings:\" && \\\n codeql database interpret-results codeql-db-js \\\n --format=text \\\n --output=/dev/stdout \\\n codeql/javascript-queries:codeql-suites/javascript-security-and-quality.qls 2>/dev/null || \\\n (echo \"⚠️ Use SARIF Viewer extension to view detailed results\" && jq -r \".runs[].results[] | \\\"\\(.level): \\(.message.text) (\\(.locations[0].physicalLocation.artifactLocation.uri):\\(.locations[0].physicalLocation.region.startLine))\\\"\" codeql-results-js.sarif 2>/dev/null | head -20 || echo \"No findings or jq not available\")'",
"group": "test",
"problemMatcher": [],
"presentation": {
"echo": true,
"reveal": "always",
"focus": false,
"panel": "shared",
"showReuseMessage": false,
"clear": false
}
},
{
"label": "Security: CodeQL All (CI-Aligned)",
"type": "shell",
"dependsOn": ["Security: CodeQL Go Scan (CI-Aligned) [~60s]", "Security: CodeQL JS Scan (CI-Aligned) [~90s]"],
"dependsOrder": "sequence",
"group": "test",
"problemMatcher": []
},
{
"label": "Security: CodeQL Scan (Skill)",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh security-scan-codeql",
"group": "test",
"problemMatcher": [],
"presentation": {
"reveal": "always",
"panel": "shared"
}
},
{
"label": "Security: Go Vulnerability Check",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh security-scan-go-vuln",
"group": "test",
"problemMatcher": []
},
{
"label": "Docker: Start Dev Environment",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh docker-start-dev",
"group": "none",
"problemMatcher": []
},
{
"label": "Docker: Stop Dev Environment",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh docker-stop-dev",
"group": "none",
"problemMatcher": []
},
{
"label": "Docker: Start Local Environment",
"type": "shell",
"command": "docker compose -f .docker/compose/docker-compose.local.yml up -d",
"group": "none",
"problemMatcher": []
},
{
"label": "Docker: Stop Local Environment",
"type": "shell",
"command": "docker compose -f .docker/compose/docker-compose.local.yml down",
"group": "none",
"problemMatcher": []
},
{
"label": "Docker: View Logs",
"type": "shell",
"command": "docker compose -f .docker/compose/docker-compose.yml logs -f",
"group": "none",
"problemMatcher": [],
"isBackground": true
},
{
"label": "Docker: Prune Unused Resources",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh docker-prune",
"group": "none",
"problemMatcher": []
},
{
"label": "Integration: Run All",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh integration-test-all",
"group": "test",
"problemMatcher": [],
"presentation": {
"reveal": "always",
"panel": "new"
}
},
{
"label": "Integration: Coraza WAF",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh integration-test-coraza",
"group": "test",
"problemMatcher": []
},
{
"label": "Integration: CrowdSec",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh integration-test-crowdsec",
"group": "test",
"problemMatcher": []
},
{
"label": "Integration: CrowdSec Decisions",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh integration-test-crowdsec-decisions",
"group": "test",
"problemMatcher": []
},
{
"label": "Integration: CrowdSec Startup",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh integration-test-crowdsec-startup",
"group": "test",
"problemMatcher": []
},
{
"label": "Utility: Check Version Match Tag",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh utility-version-check",
"group": "none",
"problemMatcher": []
},
{
"label": "Utility: Clear Go Cache",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh utility-clear-go-cache",
"group": "none",
"problemMatcher": []
},
{
"label": "Utility: Bump Beta Version",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh utility-bump-beta",
"group": "none",
"problemMatcher": []
},
{
"label": "Utility: Database Recovery",
"type": "shell",
"command": ".github/skills/scripts/skill-runner.sh utility-db-recovery",
"group": "none",
"problemMatcher": [],
"presentation": {
"reveal": "always",
"panel": "new"
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink