Thank you for helping improve CVE Radar.
git clone https://github.com/RaminNietzsche/CVE-Radar.git
cd CVE-Radar
make setup
make dev
make check
make test| Service | URL |
|---|---|
| Web UI (dev) | http://localhost:5173 |
| API health | http://localhost:3001/api/health |
Node 24 for local dev and CI (see .nvmrc). Production Docker image currently ships Node 20 LTS. Optional: docker compose up --build or docker pull raminnietzsche/cve-radar → http://localhost:3001 (docs/DOCKER.md)
- Live docs: https://blog.raminnietzsche.ir/CVE-Radar/
- Architecture map:
ARCHITECTURE.md - Canonical site:
extended-docs/— runmake extended-docs-checkbefore doc PRs - Legacy
docs/: ADRs and ops guides only — seedocs/README.md
| Change type | Edit here |
|---|---|
| Product docs (6 langs) | extended-docs/docs/content/{en,fa,ar,ru,zh,fr}/ — keep same ## section count per chapter; run scripts/check-extended-docs-locale-sync.sh |
| README (6 langs) | README.md + README.{fa,ar,ru,zh,fr}.md — same structure; run scripts/check-readme-locale-sync.sh |
| Glossary | extended-docs/docs/glossary.md only |
| UI strings | src/i18n/messages/*.ts (all six locales) |
| API behaviour / routes | server/ + sync OpenAPI (below) |
| Shared API types | shared/ — update both src/ and server/ consumers |
| OpenAPI spec | server/openapi/spec.json and extended-docs/docs/assets/cve-openapi.json |
| Tests / coverage | tests/README.md; extended-docs/docs/content/*/10-operations.md (×6) |
| ADRs | docs/adr/ |
| Deploy / Docker | docs/DOCKER.md, docs/GITHUB_PAGES.md |
| Releases | docs/RELEASE.md |
| GitHub Models prompts | .github/prompts/README.md |
| Any product change | Follow agent rule code-to-docs-sync — full map in agent/rules/code-to-docs-sync.mdc |
npm run check:openapi # verify both OpenAPI copies matchCursor agent assets: optional — run npm run agent:install to sync from agent/ when present, or use committed .cursor/ locally (see AGENTS.md). Agent rule code-to-docs-sync maps code paths to doc files — apply on every product change.
Before opening the PR: local checks green; after push, all required GitHub checks green on the PR (use workflow_dispatch if path filters skipped a job). See agent rule pr-ready-ci-changelog.
-
make checkpasses (lint + typecheck) -
make testpasses (tests/server/,tests/client/,tests/integration/) - E2E (when UI/export paths change):
npm run test:e2e:installonce, thennpm run test:e2e -
npm run format:check(ornpm run format) -
CHANGELOG.md— at least one bullet under[Unreleased](version bump not required) - i18n:
en,fa,ar,ru,zh,frif UI text changed -
extended-docschapters synced if behaviour or API changed (make extended-docs-check) - No secrets (
.env, tokens, API keys)
- TypeScript strict patterns in
src/andserver/ - Prefer small, focused PRs
- Comments only for non-obvious logic
Ruleset main is active on the default branch (Settings → Rules → Rulesets):
| Required check | Workflow |
|---|---|
App (lint · typecheck · build) |
CI / App |
Run tests and collect coverage |
Quality / Codecov |
SonarCloud Code Analysis |
Quality / SonarCloud |
Trivy |
Security / Container scan |
Analyze (javascript-typescript) |
Security / CodeQL |
Analyze (python) |
CodeQL |
Analyze (actions) |
CodeQL |
Also enforced: no branch deletion, no force-push / non-fast-forward on main.
Path filters: several workflows run only when matching paths change. If a required check does not appear on a PR, push a commit that touches those paths (e.g. src/ for App/Sonar/Codecov, Dockerfile for Trivy) or use a maintainer bypass. See .github/workflows/README.md.
Optional: require Mergify Merge Protections after Mergify is enabled — .github/MERGIFY.md.
Use GitHub issue templates (bug / feature). For security, see SECURITY.md — no public issues for vulnerabilities.