Skip to content

Latest commit

 

History

History
61 lines (44 loc) · 2.39 KB

File metadata and controls

61 lines (44 loc) · 2.39 KB

Contributing to CVE Radar

Thank you for improving CVE Radar. This guide covers local checks and CI expectations.

Local setup

make setup
make dev

CI/CD pipeline

Workflows are grouped by prefix under .github/workflows/. Full map: .github/CI-CD.md.

Category CI job Local command
CI App (lint · typecheck · build) make check
CI Extended docs (MkDocs strict) make extended-docs-check
CI Docker image (build only) docker build -t cve-radar:ci .
Security npm audit npm audit --omit=dev --audit-level=high
Security pip audit pip install pip-audit && pip-audit -r extended-docs/requirements.txt --strict
Security dependency-review Automatic on PRs (security-dependency-review.yml)
Security CodeQL Analyze (javascript-typescript) security-codeql.yml
Security Trivy docker build -t cve-radar:scan . then Trivy (security-container-trivy.yml)
Quality Run tests and collect coverage npm run test:ciquality-codecov.yml
Quality SonarCloud Code Analysis npm run test:ci.github/SONARCLOUD.md

Branch protection (maintainers)

On the default branch, require at least:

  • App (lint · typecheck · build)
  • npm audit
  • pip audit
  • dependency-review (PRs)
  • Extended docs (MkDocs strict)
  • Analyze (javascript-typescript)
  • SonarCloud Code Analysis (when SONAR_TOKEN is configured)
  • Run tests and collect coverage (optional; when CODECOV_TOKEN is set)

See .github/workflows/README.md and .github/ACTIONS-SECRETS.md.

Pull requests

  • Update all six UI locales in src/i18n/messages/ when adding strings.
  • Product or API changes: sync extended-docs/ chapters and glossary.
  • Run make check before opening a PR.

Issues

  • Dependabot and bot issues skip AI summarization.
  • Add label no-ai-summary to opt out of the summarizer workflow.

Agent rules (optional)

npm run agent:install

Copies agent/rules and agent/skills into .cursor/ after clone.