Skip to content

Commit f31ed6f

Browse files
committed
Initial clean commit
0 parents  commit f31ed6f

164 files changed

Lines changed: 64744 additions & 0 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.bearer/bearer.yaml

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
# Bearer configuration file
2+
# Documentation: https://docs.bearer.com/reference/config
3+
4+
# General configuration
5+
general:
6+
# Specify maximum scan duration (in minutes)
7+
max_scan_duration: 60
8+
# Skip test files
9+
skip_test_files: true
10+
# Ignore statements that disable detection
11+
ignore_disables: false
12+
13+
detection:
14+
# Report findings across all sensitivity levels
15+
min_level: LOW
16+
17+
# Override detection rules
18+
overrides:
19+
# Example: Disable specific rules
20+
# - rule_id: ruby_aws_credentials
21+
# level: IGNORE
22+
23+
# Example: Change severity of a rule
24+
# - rule_id: javascript_hardcoded_jwt
25+
# level: HIGH
26+
27+
# Specify sensitive data detectors
28+
sensitive_data:
29+
patterns:
30+
# Example: Define custom pattern
31+
# custom_credit_card:
32+
# pattern: '\b(?:\d[ -]*?){13,16}\b'
33+
# description: "Credit card numbers"
34+
# level: HIGH
35+
36+
# Ignore paths
37+
ignore:
38+
paths:
39+
- "node_modules/"
40+
- ".git/"
41+
- "dist/"
42+
- "build/"
43+
- "vendor/"
44+
- "**/*.min.js"
45+
- "**/test/fixtures/**"
46+
- "**/tests/fixtures/**"
47+
- "**/spec/fixtures/**"
48+
- "**/mock/**"
49+
- "**/mocks/**"

.coverage

52 KB
Binary file not shown.

.github/CODEQL_README.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
# CodeQL: Advanced Setup
2+
3+
- Workflow: `.github/workflows/codeql.yml`
4+
- Config: `.github/codeql/config.yml`
5+
- Custom queries: `.github/codeql/queries/`
6+
- Compliance: `.github/codeql/compliance/`
7+
- Reporting: `.github/codeql/tools/sarif_summary.py`
8+
9+
Triggers: Push/PR to `main`/`master`, weekly schedule, manual dispatch.
10+
Permissions: `contents:read`, `security-events:write`.
11+
Scoping: use `paths`/`paths-ignore` in the config; SARIF filter reinforces exclusions.
12+
Compiled languages: switch to manual build if needed and replace Autobuild.
Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
== CodeQL setup run: 2025-08-27T18:44:42 ==
2+
[INFO] Repo root: C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI
3+
[INFO] Log file : C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\backups\logs\codeql-setup-20250827T184442Z.txt
4+
[OK] Ensured dir: C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github
5+
[OK] Ensured dir: C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\workflows
6+
[OK] Ensured dir: C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql
7+
[OK] Ensured dir: C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config
8+
[OK] Ensured dir: C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\backups
9+
[ERR] Failed to normalize CodeQL dir casing: Destination path cannot be a subdirectory of the source or the source itself: C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\compliance\compliance.
10+
[OK] Backed up .github/workflows/codeql.yml -> C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\backups\safe-20250827T184442Z\.github\workflows\codeql.yml
11+
[OK] Backed up .github/codeql/config/javascript.yml -> C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\backups\safe-20250827T184442Z\.github\codeql\config\javascript.yml
12+
[OK] Backed up .github/codeql/config/python.yml -> C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\backups\safe-20250827T184442Z\.github\codeql\config\python.yml
13+
[OK] Backed up .github/codeql/config/go.yml -> C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\backups\safe-20250827T184442Z\.github\codeql\config\go.yml
14+
[OK] Backed up .github/codeql/config/cpp.yml -> C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\backups\safe-20250827T184442Z\.github\codeql\config\cpp.yml
15+
[OK] Wrote .github/workflows/codeql.yml
16+
[OK] Wrote .github/codeql/config/javascript.yml
17+
[OK] Wrote .github/codeql/config/python.yml
18+
[OK] Wrote .github/codeql/config/go.yml
19+
[OK] Wrote .github/codeql/config/cpp.yml
20+
[INFO] Starting verification...
21+
[OK] Verify: 'language:\s*\[\s*javascript,\s*python,\s*go,\s*cpp\s*\]' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\workflows\codeql.yml
22+
[OK] Verify: 'Setup Go \(for Go only\)' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\workflows\codeql.yml
23+
[OK] Verify: 'if:\s*matrix\.language\s*==\s*'go'' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\workflows\codeql.yml
24+
[OK] Verify: 'Initialize CodeQL' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\workflows\codeql.yml
25+
[OK] Verify: 'config-file:\s*\./\.github/codeql/config/\$\{\{\s*matrix\.language\s*\}\}\.yml' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\workflows\codeql.yml
26+
[OK] Verify: 'Autobuild \(C/C\+\+ only\)' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\workflows\codeql.yml
27+
[OK] Verify: 'if:\s*matrix\.language\s*==\s*'cpp'' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\workflows\codeql.yml
28+
[OK] Verify: 'github/codeql-action/init@v3' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\workflows\codeql.yml
29+
[OK] Verify: 'github/codeql-action/analyze@v3' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\workflows\codeql.yml
30+
[OK] Verify: 'queries:\s*\r?\n\s*-\s*uses:\s*security-extended' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\javascript.yml
31+
[OK] Verify: 'queries:\s*[\s\S]*security-and-quality' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\javascript.yml
32+
[OK] Verify: 'paths:\s*\r?\n\s*-\s*"src/"' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\javascript.yml
33+
[OK] Verify: 'paths:\s*[\s\S]*"bridge/"' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\javascript.yml
34+
[OK] Verify: 'queries:\s*\r?\n\s*-\s*uses:\s*security-extended' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\python.yml
35+
[OK] Verify: 'queries:\s*[\s\S]*security-and-quality' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\python.yml
36+
[OK] Verify: 'paths:\s*\r?\n\s*-\s*"src/"' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\python.yml
37+
[OK] Verify: 'paths:\s*[\s\S]*"bridge/"' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\python.yml
38+
[OK] Verify: 'queries:\s*\r?\n\s*-\s*uses:\s*security-extended' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\go.yml
39+
[OK] Verify: 'queries:\s*[\s\S]*security-and-quality' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\go.yml
40+
[OK] Verify: 'paths:\s*\r?\n\s*-\s*"src/"' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\go.yml
41+
[OK] Verify: 'paths:\s*[\s\S]*"bridge/"' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\go.yml
42+
[OK] Verify: 'queries:\s*\r?\n\s*-\s*uses:\s*security-extended' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\cpp.yml
43+
[OK] Verify: 'queries:\s*[\s\S]*security-and-quality' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\cpp.yml
44+
[OK] Verify: 'paths:\s*\r?\n\s*-\s*"src/"' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\cpp.yml
45+
[OK] Verify: 'paths:\s*[\s\S]*"bridge/"' found in C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\codeql\config\cpp.yml
46+
[ERR] Verification completed: SOME CHECKS FAILED. See log: C:\Users\deskt\Desktop\Project_SECQ_CLI\SECQ_CLI\.github\backups\logs\codeql-setup-20250827T184442Z.txt
Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
name: CodeQL
2+
3+
on:
4+
push:
5+
branches: [ "main", "master" ]
6+
pull_request:
7+
branches: [ "main", "master" ]
8+
paths-ignore:
9+
- '**/*.md'
10+
- 'docs/**'
11+
schedule:
12+
- cron: "14 3 * * 1"
13+
workflow_dispatch:
14+
15+
permissions:
16+
contents: read
17+
security-events: write
18+
actions: read
19+
20+
concurrency:
21+
group: codeql-${{ github.ref }}
22+
cancel-in-progress: true
23+
24+
jobs:
25+
analyze:
26+
runs-on: ubuntu-latest
27+
strategy:
28+
fail-fast: false
29+
matrix:
30+
language: [javascript, python]
31+
32+
steps:
33+
- uses: actions/checkout@v4
34+
35+
- name: Initialize CodeQL
36+
uses: github/codeql-action/init@v3
37+
with:
38+
languages: ${{ matrix.language }}
39+
# IMPORTANT: per-language configs must exist
40+
config-file: ./.github/codeql/config/${{ matrix.language }}.yml
41+
42+
- name: Autobuild
43+
uses: github/codeql-action/autobuild@v3
44+
45+
- name: Analyze
46+
uses: github/codeql-action/analyze@v3
47+
with:
48+
category: "/language:${{ matrix.language }}"
Lines changed: 79 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,79 @@
1+
# This workflow uses actions that are not certified by GitHub.
2+
# They are provided by a third-party and are governed by
3+
# separate terms of service, privacy policy, and support
4+
# documentation.
5+
6+
# A sample workflow which sets up Snyk to analyze the full Snyk platform (Snyk Open Source, Snyk Code,
7+
# Snyk Container and Snyk Infrastructure as Code)
8+
# The setup installs the Snyk CLI - for more details on the possible commands
9+
# check https://docs.snyk.io/snyk-cli/cli-reference
10+
# The results of Snyk Code are then uploaded to GitHub Security Code Scanning
11+
#
12+
# In order to use the Snyk Action you will need to have a Snyk API token.
13+
# More details in https://github.com/snyk/actions#getting-your-snyk-token
14+
# or you can signup for free at https://snyk.io/login
15+
#
16+
# For more examples, including how to limit scans to only high-severity issues
17+
# and fail PR checks, see https://github.com/snyk/actions/
18+
19+
name: Snyk Security
20+
21+
on:
22+
push:
23+
branches: ["main" ]
24+
pull_request:
25+
branches: ["main"]
26+
27+
permissions:
28+
contents: read
29+
30+
jobs:
31+
snyk:
32+
permissions:
33+
contents: read # for actions/checkout to fetch code
34+
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
35+
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
36+
runs-on: ubuntu-latest
37+
steps:
38+
- uses: actions/checkout@v4
39+
- name: Set up Snyk CLI to check for security issues
40+
# Snyk can be used to break the build when it detects security issues.
41+
# In this case we want to upload the SAST issues to GitHub Code Scanning
42+
uses: snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb
43+
44+
# For Snyk Open Source you must first set up the development environment for your application's dependencies
45+
# For example for Node
46+
#- uses: actions/setup-node@v4
47+
# with:
48+
# node-version: 20
49+
50+
env:
51+
# This is where you will need to introduce the Snyk API token created with your Snyk account
52+
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
53+
54+
# Runs Snyk Code (SAST) analysis and uploads result into GitHub.
55+
# Use || true to not fail the pipeline
56+
- name: Snyk Code test
57+
run: snyk code test --sarif > snyk-code.sarif # || true
58+
59+
# Runs Snyk Open Source (SCA) analysis and uploads result to Snyk.
60+
- name: Snyk Open Source monitor
61+
run: snyk monitor --all-projects
62+
63+
# Runs Snyk Infrastructure as Code (IaC) analysis and uploads result to Snyk.
64+
# Use || true to not fail the pipeline.
65+
- name: Snyk IaC test and report
66+
run: snyk iac test --report # || true
67+
68+
# Build the docker image for testing
69+
- name: Build a Docker image
70+
run: docker build -t your/image-to-test .
71+
# Runs Snyk Container (Container and SCA) analysis and uploads result to Snyk.
72+
- name: Snyk Container monitor
73+
run: snyk container monitor your/image-to-test --file=Dockerfile
74+
75+
# Push the Snyk Code results into GitHub Code Scanning tab
76+
- name: Upload result to GitHub Code Scanning
77+
uses: github/codeql-action/upload-sarif@v3
78+
with:
79+
sarif_file: snyk-code.sarif
Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
name: "CodeQL C/C++ Configuration"
2+
3+
queries:
4+
- uses: security-extended
5+
- uses: security-and-quality
6+
7+
paths:
8+
- "**/*.c"
9+
- "**/*.cpp"
10+
- "**/*.cc"
11+
- "**/*.cxx"
12+
- "**/*.h"
13+
- "**/*.hpp"
14+
15+
paths-ignore:
16+
- "build"
17+
- "vendor"
18+
- "third_party"
19+
- "**/*.generated.*"
20+
21+
disable-default-path-filters: true
Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
name: "CodeQL Go Configuration"
2+
3+
queries:
4+
- uses: security-extended
5+
- uses: security-and-quality
6+
7+
paths:
8+
- "**/*.go"
9+
10+
paths-ignore:
11+
- "vendor"
12+
- "**/*_test.go"
13+
- "**/*.pb.go"
14+
15+
disable-default-path-filters: true
Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
name: "CodeQL JavaScript Configuration"
2+
3+
queries:
4+
- uses: security-extended
5+
- uses: security-and-quality
6+
7+
paths:
8+
- "**/*.js"
9+
- "**/*.jsx"
10+
- "**/*.ts"
11+
- "**/*.tsx"
12+
- "**/*.mjs"
13+
14+
paths-ignore:
15+
- "node_modules"
16+
- "test"
17+
- "tests"
18+
- "**/*.test.*"
19+
- "**/*.spec.*"
20+
- "**/*.min.js"
21+
- "dist"
22+
- "build"
23+
24+
disable-default-path-filters: true
Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
name: "CodeQL Python Configuration"
2+
3+
queries:
4+
- uses: security-extended
5+
- uses: security-and-quality
6+
7+
paths:
8+
- "**/*.py"
9+
10+
paths-ignore:
11+
- "test"
12+
- "tests"
13+
- "**/*_test.py"
14+
- "**/test_*.py"
15+
- "venv"
16+
- ".venv"
17+
- "__pycache__"
18+
- "**/*.egg-info"
19+
20+
disable-default-path-filters: true

0 commit comments

Comments
 (0)