akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity
Files
9d76c33992635bc7f2e2737caa5eea87c7938962
Charon/COMMIT_MSG.txt
GitHub Actions 70bd60dbce chore: Implement CodeQL CI Alignment and Security Scanning 
- Added comprehensive QA report for CodeQL CI alignment implementation, detailing tests, results, and findings.
- Created CodeQL security scanning guide in documentation, outlining usage and common issues.
- Developed pre-commit hooks for CodeQL scans and findings checks, ensuring security issues are identified before commits.
- Implemented scripts for running CodeQL Go and JavaScript scans, aligned with CI configurations.
- Verified all tests passed, including backend and frontend coverage, TypeScript checks, and SARIF file generation.
2025-12-24 14:35:33 +00:00

33 lines
1.4 KiB
Plaintext
Raw Blame History

chore(security): align local CodeQL scans with CI execution
Fixes recurring CI failures by ensuring local CodeQL tasks use identical
parameters to GitHub Actions workflows. Implements pre-commit integration
and enhances CI reporting with blocking on high-severity findings.
Changes:
- Update VS Code tasks to use security-and-quality suite (61 Go, 204 JS queries)
- Add CI-aligned pre-commit hooks for CodeQL scans (manual stage)
- Enhance CI workflow with result summaries and HIGH/CRITICAL blocking
- Create comprehensive security scanning documentation
- Update Definition of Done with CI-aligned security requirements
Technical details:
- Local tasks now use codeql/go-queries:codeql-suites/go-security-and-quality.qls
- Pre-commit hooks include severity-based blocking (error-level fails)
- CI workflow adds step summaries with finding counts
- SARIF output viewable in VS Code or GitHub Security tab
- Upgraded CodeQL CLI: v2.16.0 → v2.23.8 (resolved predicate incompatibility)
Coverage maintained:
- Backend: 85.35% (threshold: 85%)
- Frontend: 87.74% (threshold: 85%)
Testing:
- All CodeQL tasks verified (Go: 79 findings, JS: 105 findings)
- All pre-commit hooks passing (12/12)
- Zero type errors
- All security scans passing
Closes issue: CodeQL CI/local mismatch causing recurring security failures
See: docs/plans/current_spec.md, docs/reports/qa_codeql_ci_alignment.md
Reference in New Issue View Git Blame Copy Permalink