Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
180 commits
Select commit Hold shift + click to select a range
6a62aad
docs(api): fix pagination code fences
ded-furby Jun 2, 2026
14ebca5
test(findings): cover corrupted review state storage
NaitikVerma6776 Jun 2, 2026
03eedf9
fix(frontend): update Vitest dev dependency
eshaanag Jun 2, 2026
0eeae81
feat(security): add scanner network egress policy
Rakshak05 Jun 2, 2026
3f1f8ab
fix(frontend): clear API request timeout on failures
HitanshiThakar Jun 4, 2026
6f1be63
fix: encode task pagination filters (#485)
saurabhhhcodes Jun 4, 2026
25c47cd
feat(reports): add report comparison view (#486)
Pragati5-DEBUG Jun 4, 2026
4cc0ea5
feat(notifications): add delivery service with dedupe and redaction (…
Pragati5-DEBUG Jun 4, 2026
117abbe
fix(security): enforce per-user ownership on tasks and reports (#484)
smirk-dev Jun 4, 2026
61ad823
fix: validate task status query parameter (#487)
HitanshiThakar Jun 4, 2026
f3a493b
Expand Windows contributor guide
utksh1 Jun 4, 2026
990dd43
fix(routes): rate limit the scheduler tick endpoint (#605)
anshul23102 Jun 5, 2026
72ed92e
docs: sync repository map with actual repository structure (#590)
adhavan18 Jun 5, 2026
939516b
fix: wrap bulk delete in transaction for atomicity (issue #402) (#593)
ionfwsrijan Jun 5, 2026
b1ceadc
feat(notifications): dispatch alerts after scan completes (PR 4 of #2…
Pragati5-DEBUG Jun 5, 2026
c7a7765
test: add Scans.test.tsx for paginated Scans page with ConfirmModal (…
khat190 Jun 5, 2026
8cbbf3c
docs: update repository map in README (#616)
kcprdev Jun 5, 2026
35ef0b0
ci: extend artifact guard to cover output exports (#610)
siddiqui7864 Jun 5, 2026
9b587e4
fix: propagate cancellation to process trees (#602)
advikdivekar Jun 5, 2026
0c5f5e1
feat(notifications): add alert rule Settings UI (#612)
Pragati5-DEBUG Jun 5, 2026
4e39309
feat: virtualize Findings list (#488)
khat190 Jun 5, 2026
ef787a0
feat: add workflow run history and rollback (#604)
advikdivekar Jun 5, 2026
0e53a32
ci: add dependency vulnerability auditing (#384)
Rakshak05 Jun 5, 2026
215a4e4
docs: update issue template label taxonomy (#606)
NaitikVerma6776 Jun 5, 2026
96c25b1
fix(task-details): guard async updates after unmount (#603)
siddiqui7864 Jun 5, 2026
c98184e
docs: update plugin schema examples (#617)
Rakshak05 Jun 5, 2026
0e03877
feat: harden scanner backend and execution context
utksh1 Jun 5, 2026
a2a7e02
feat: upgrade analyst findings and scan workflows ui
utksh1 Jun 5, 2026
5af6f97
test: cover execution context and analyst findings
utksh1 Jun 5, 2026
cd36fd8
fix(ci): restore backend and frontend test baseline (#629)
anshul23102 Jun 7, 2026
0d7c0e2
test(container_scanner): add plugin contract coverage (#619)
anshul23102 Jun 7, 2026
0120b2e
test(api_scanner): add plugin contract coverage (#620)
anshul23102 Jun 7, 2026
83f71a2
test(cloud_scanner): add plugin contract coverage (#621)
anshul23102 Jun 7, 2026
a7d7e9b
test(cloud_storage_auditor): add plugin contract coverage (#622)
anshul23102 Jun 7, 2026
b60421e
test(crawler): add plugin contract coverage (#628)
anshul23102 Jun 7, 2026
1f06002
ci: validate issue template label references (#623)
jyotsnak1603 Jun 7, 2026
2837d40
fix: default-deny network policy with empty allowlist (#630)
ionfwsrijan Jun 7, 2026
eca6982
fix(plugins): declare CLI dependency binaries (#653)
eshaanag Jun 7, 2026
d8861ea
test(frontend): cover ThemeToggle persistence behavior (#652)
siddiqui7864 Jun 7, 2026
22810ac
docs(plugins): add uncover field help text (#654)
csmdg7 Jun 7, 2026
dd245ba
ci: add fresh-clone setup smoke test (#609)
siddiqui7864 Jun 7, 2026
6541979
fix(validation): handle mixed IPv4/IPv6 allowlists (#645)
jyotsnak1603 Jun 7, 2026
131bf33
fix(typing): allow optional request IDs (#658)
KBarathraj Jun 8, 2026
1a147fd
test(frontend): cover preferred export format hook (#634)
saurabhhhcodes Jun 8, 2026
ab688aa
docs(plugins): add Kubernetes scanner field help text (#659)
suhanagarg85-hue Jun 8, 2026
975da20
fix(settings): scope localStorage purge to SecuScan keys (#664)
vedasingh00-rgb Jun 8, 2026
bc7bfdb
test(backend): cover amass plugin contract and parser (#661)
Parth-kulkarni300 Jun 8, 2026
ea96e59
test(backend): cover request ID middleware headers (#669)
anshikaagr Jun 8, 2026
b39c665
test(backend): cover logging utilities (#675)
deepsikha-dash Jun 8, 2026
baba933
test(frontend): add settings persistence e2e coverage (#674)
deepsikha-dash Jun 8, 2026
3915c8b
refactor(plugins): use URL validation preset for url-fuzzer-2 (#676)
Rakshak05 Jun 8, 2026
2581add
docs: clarify runtime output directory (#682)
adityamsr2606 Jun 8, 2026
283c826
ci: split backend unit and integration test suites (#673)
nensii21 Jun 8, 2026
2552e82
test: add katana plugin parser and contract coverage (#684)
anshul23102 Jun 8, 2026
b79fda1
test: add request context unit coverage (#641)
indhumitha Jun 8, 2026
da9e794
test: add dnsx plugin parser and contract coverage (#688)
anshul23102 Jun 8, 2026
2686ba2
fix: sanitize plugin command placeholders (#625)
saurabhhhcodes Jun 8, 2026
bea9976
test: add iac_scanner plugin parser and contract coverage (#685)
anshul23102 Jun 8, 2026
8723762
test: add fuzzer plugin parser and contract coverage (#691)
siddiqui7864 Jun 8, 2026
e1a8a1c
fix(a11y): improve Pagination accessibility (#694)
siddiqui7864 Jun 9, 2026
761544f
docs: add backend architecture reference (#695)
Apoorv-Raj777 Jun 9, 2026
1800d0b
test(frontend): add workflow lifecycle E2E coverage (#714)
Pcmhacker-piro Jun 9, 2026
c3b2b93
docs: add README table of contents and contributors section (#716)
Yogender-verma Jun 9, 2026
9a629a9
test(plugins): add google-dorking parser coverage (#729)
Ayushi-hi Jun 9, 2026
27af21e
test(plugins): add xss_exploiter parser coverage (#730)
Pragati5-DEBUG Jun 9, 2026
084a11c
test(frontend): add API request behavior coverage (#642)
HitanshiThakar Jun 9, 2026
9391265
fix(backend): return request ID on error responses (#683)
Rakshak05 Jun 9, 2026
2456b59
test(plugins): add http_request_logger parser coverage (#686)
anshul23102 Jun 9, 2026
d5f959c
test(backend): add request logging smoke coverage (#633)
Rakshak05 Jun 9, 2026
34050b5
docs(plugins): add katana metadata help text (#638)
Srishti-Gupta74 Jun 9, 2026
3f43557
docs(plugins): add people-email-discovery metadata help text (#637)
Srishti-Gupta74 Jun 9, 2026
262d738
docs(plugins): add sitemap_gen metadata help text (#636)
Srishti-Gupta74 Jun 9, 2026
f920c2f
test(settings): add save reset and export coverage (#665)
NaitikVerma6776 Jun 9, 2026
0e0089d
test(frontend): add Pagination component coverage (#663)
jess2937 Jun 9, 2026
94898fd
docs(plugins): add virtual-host-finder metadata help text (#662)
jess2937 Jun 9, 2026
123a240
docs: clarify SQL injection plugin responsibilities (#732)
deepsikha-dash Jun 9, 2026
b7a6cc7
test(sidebar): add coverage for collapse persistence and nav states (…
jyotsnak1603 Jun 9, 2026
9eca941
feat(backend): add LLM-powered executive summaries (#680)
Nish232003 Jun 9, 2026
44551c8
fix: apply security controls to scheduled workflows (#689)
ionfwsrijan Jun 9, 2026
37824d7
docs: make README more readable
utksh1 Jun 9, 2026
74c5541
refactor(plugins): use url validation preset for api_scanner
Pragati5-DEBUG Jun 10, 2026
82563cb
docs(plugins): clarify subdomain plugin overlap
Pcmhacker-piro Jun 10, 2026
40be2fd
Add help text for password auditor plugin fields (#738)
anshikaagr Jun 10, 2026
3223b7a
feat(plugins): add help text to spider metadata fields (#735)
Aaliyahussain27 Jun 10, 2026
dba25ac
fix: help metadata update (#726)
Maria-Niya Jun 10, 2026
3838308
Fix http request logger help text (#670)
anshikaagr Jun 10, 2026
c9e8941
docs: add help text for amass metadata (#677)
Nairayadav Jun 10, 2026
1128033
docs: add help text for cloud_storage_auditor metadata (#678)
Nairayadav Jun 10, 2026
4530a5a
Add help text for SharePoint scanner plugin field (#668)
anshikaagr Jun 10, 2026
d8850b3
Add help text for YARA scan plugin fields (#632)
anshikaagr Jun 10, 2026
55a404e
docs: add field help text for volatility plugin metadata (#624)
rampriya2007 Jun 10, 2026
069046e
test(frontend): add AppShell mobile navigation coverage
kunal-9090 Jun 10, 2026
f3cd5b1
refactor(plugins): support named validation presets
Rakshak05 Jun 10, 2026
53dcfb6
fix: add SSRF protection for webhook delivery
ionfwsrijan Jun 10, 2026
190050d
test: add parser and contract coverage for sniper plugin (fixes #508)…
Pragati5-DEBUG Jun 10, 2026
df3c29d
test: add parser and contract coverage for spider plugin (fixes #509)…
Pragati5-DEBUG Jun 10, 2026
a4866cf
feat(sandbox): add sandbox execution engine
ask-z4ch Jun 10, 2026
9d12a7b
test: add parser and contract coverage for sqli_exploiter plugin (fix…
Pragati5-DEBUG Jun 10, 2026
7027c96
test: add parser and contract coverage for subdomain-finder plugin (f…
Pragati5-DEBUG Jun 10, 2026
78d7caa
test: add sitemap_gen plugin contract coverage (#754)
Vishvadharman Jun 10, 2026
395ac17
test(uncover): add parser and contract coverage (#756)
anjali20006 Jun 10, 2026
ae29576
test: add coverage for waf_detector plugin (#768)
deepsikha-dash Jun 11, 2026
2fabb4f
test: add parser and contract coverage for uncover plugin (fixes #514…
Pragati5-DEBUG Jun 11, 2026
bce664d
test: add parser and contract coverage for subdomain_takeover plugin …
Pragati5-DEBUG Jun 11, 2026
6f1a46a
test: add coverage for zap scanner plugin (#769)
deepsikha-dash Jun 11, 2026
53e7cbd
test: add parser and contract coverage for theharvester plugin (fixes…
Pragati5-DEBUG Jun 11, 2026
8acb476
test: add subdomain-finder plugin contract coverage (#761)
Vishvadharman Jun 11, 2026
f00c500
test: add contract and parser coverage for website-recon-2 (#767)
mythri2405 Jun 11, 2026
8a32476
refactor: consolidate duplicate WAF detector plugins (#748)
deepsikha-dash Jun 11, 2026
32c608a
docs: clarify crawl discovery plugin boundaries (#762)
Vishvadharman Jun 11, 2026
262aa7b
test(plugins): add urlfinder parser contract coverage (#778)
Vishvadharman Jun 11, 2026
4dd149e
test(plugins): add url-fuzzer-2 parser contract coverage (#779)
Vishvadharman Jun 11, 2026
dd14aa5
feat(frontend): add global error boundary (#780)
Shreeya1207 Jun 11, 2026
208faad
feat(findings): prioritize contextual risk scores (#781)
Shreeya1207 Jun 11, 2026
2893879
fix(executor): unify is_filesystem_target to prevent safe-mode bypass…
Ayushi-hi Jun 12, 2026
71332b7
perf: replace AppShell 100ms localStorage polling with event-based si…
Pcmhacker-piro Jun 12, 2026
1998997
feat(plugins): add metadata lint rules (#789)
Pcmhacker-piro Jun 12, 2026
ac10d6b
fix(scans): show timeout failure notifications (#793)
Shreeya1207 Jun 12, 2026
0ccb3c8
fix: disable network policy enforcement by default (#764)
ionfwsrijan Jun 12, 2026
13853ea
test: add Workflows page coverage for create validation, toggles, and…
Rakshak05 Jun 12, 2026
579eca9
refactor: clarify HTTP reconnaissance plugin responsibilities (#751)
deepsikha-dash Jun 13, 2026
7a5da0c
feat: implement semgrep_scanner plugin for multi-language analysis (#…
sahare-mayur-0071 Jun 15, 2026
5da273d
feat(notifications): Implement SMTP email notification delivery (#927)
Rafiaminhaj Jun 15, 2026
4c57f80
fix: avoid graphql detection on 404 responses (#941)
deepsikha-dash Jun 15, 2026
b662dce
test: add issue template label validator coverage (#937)
deepsikha-dash Jun 15, 2026
92a457c
test: add workflow owner persistence regression coverage (#934)
deepsikha-dash Jun 15, 2026
4b6747a
docs: add Quick Links section to README (#861) (#935)
janhaviborade05 Jun 15, 2026
91441aa
docs: add webhook security deployment guidance (#928)
deepsikha-dash Jun 15, 2026
a10a845
docs: add WSL guidance for Windows contributors (#921)
kcprdev Jun 15, 2026
e0e505e
Feature/catalog sync check (#942)
csmdg7 Jun 15, 2026
6e210d4
chore(deps): add audit exception for esbuild vulnerability (#929) (#950)
trivikramkalagi91-commits Jun 15, 2026
5c58066
docs: add startup troubleshooting guide (#949)
mythri2405 Jun 15, 2026
3acc89c
docs: add secret rotation dry-run checklist (#948)
deepsikha-dash Jun 15, 2026
bd3062e
fix: improve findings filter responsiveness (#899)
nensii21 Jun 15, 2026
17adbfa
test(backend): add workflow API edge-case coverage for empty steps an…
shravanithouta108 Jun 15, 2026
26ef76a
test: add start.sh shell smoke coverage (#956)
mythri2405 Jun 15, 2026
43248ab
ci: upload benchmark threshold comparison artifacts (#958)
mythri2405 Jun 15, 2026
b45b522
fix: add SSRF protection for webhook notifications (#763)
ionfwsrijan Jun 15, 2026
f7f489c
fix(ui): resolve layout overlap between TIME_MATRIX and DELETE_RECORD…
trivikramkalagi91-commits Jun 15, 2026
f95e421
fix: safe handling of missing binaries in ToolConfig (#957)
harshi-web-cyber Jun 15, 2026
5ab329d
fix: resolve frontend vulnerabilities via minimal package overrides (…
sahare-mayur-0071 Jun 16, 2026
6a33a9a
feat(plugins): declare network capability for http_inspector (#854) (…
Subramaniyajothi6 Jun 16, 2026
4574544
test: add parser and contract coverage for sharepoint_scanner plugin …
anshul23102 Jun 16, 2026
6f77688
test: add parser and contract coverage for people-email-discovery plu…
anshul23102 Jun 16, 2026
e3d5a4b
test: add parser and contract coverage for password_auditor plugin (#…
anshul23102 Jun 16, 2026
8eb1b9b
test: add parser and contract coverage for network_scanner plugin (#966)
anshul23102 Jun 16, 2026
ad4bc68
test: add parser and contract coverage for kubernetes_scanner plugin …
anshul23102 Jun 16, 2026
99af5c9
test: add paginated api_scanner parser coverage (#970)
deepsikha-dash Jun 16, 2026
270bc80
test: add unit tests for execution context helpers (#977)
tmdeveloper007 Jun 16, 2026
8c2cf90
test: add unit tests for platform_resources helpers (#978)
tmdeveloper007 Jun 16, 2026
9425d8a
feat: improve code_analyzer field help text (#982)
deepsikha-dash Jun 16, 2026
41b37ca
docs: add documentation for the workflow scheduler (#981)
tmdeveloper007 Jun 16, 2026
358976d
test: add unit tests for crawler helper functions (#979)
tmdeveloper007 Jun 16, 2026
b646788
test: add parser and contract coverage for plugin domain-finder (#687)
anshul23102 Jun 16, 2026
4005d83
docs(hashcat): document output artifacts and side effects (#1017)
deepsikha-dash Jun 17, 2026
c4e1d07
docs(scapy_recon): add metadata examples and safer hints (#1016)
deepsikha-dash Jun 17, 2026
11b3376
test(cloud_storage_auditor): add multi-bucket parser fixture coverage…
Subramaniyajothi6 Jun 17, 2026
9286214
test : add unit tests for config Settings and parse_csv_or_list valid…
tmdeveloper007 Jun 17, 2026
11c7813
test : add unit tests for auth owner-resolution helpers (#1004)
tmdeveloper007 Jun 17, 2026
4e2db17
test: add generated docs anchor validation (#969)
deepsikha-dash Jun 17, 2026
498a7f2
Ci/parser family matrix (#983)
HitanshiThakar Jun 17, 2026
a832e4f
feat(dir_discovery): improve wordlist guidance and add coverage (#1024)
Subramaniyajothi6 Jun 17, 2026
ecee9d4
feat(reporting): Add severity distribution chart generation (PR 2/3) …
Rafiaminhaj Jun 17, 2026
e2fe294
docs(secret_scanner): add checksum refresh guidance (#1015)
deepsikha-dash Jun 17, 2026
97b6157
test(whois_lookup): add empty output handling coverage (#1018)
deepsikha-dash Jun 17, 2026
ad27c6c
fix: prevent task deletion race condition (TOCTOU) with in-memory che…
ionfwsrijan Jun 17, 2026
954f1d3
fix: prevent Broken Object Level Authorization (BOLA) in workflow and…
ionfwsrijan Jun 17, 2026
1765592
feat(dns_enum): add metadata examples and output guidance (#856) (#1052)
Subramaniyajothi6 Jun 18, 2026
0ec551e
fix(reports): use usePreferredExportFormat hook consistently across e…
NaitikVerma6776 Jun 18, 2026
628d981
test : add unit tests for database workflow version methods (#1037)
tmdeveloper007 Jun 18, 2026
d5547d0
test : added error-path tests for WorkflowScheduler._run_workflow (#1…
tmdeveloper007 Jun 18, 2026
3a7a8be
test : add unit tests for routes JSON deserialization helpers (#1034)
tmdeveloper007 Jun 18, 2026
65d3354
test : added edge case tests for redact_inputs type dispatch (#980)
tmdeveloper007 Jun 18, 2026
83e7ad3
test : added unit tests for crawler surface-parsing helpers (#1003)
tmdeveloper007 Jun 18, 2026
2e78d5d
test : added unit tests for routes JSON deserialization helpers (#1007)
tmdeveloper007 Jun 18, 2026
e9cdb9e
fix(frontend): prevent mobile navigation menu from overlapping page c…
Varshinigurram Jun 18, 2026
d58fd93
Add request middleware overhead benchmark (#987)
mythri2405 Jun 18, 2026
61fe036
fix(security): resolve Vite and esbuild vulnerabilities by upgrading …
Rafiaminhaj Jun 19, 2026
bea5b3b
ci: restore Node.js 20/22 runtime matrix coverage (#1072)
nensii21 Jun 19, 2026
f4ad0b0
fix(a11y): add focus trap to mobile navigation drawer
cursoragent Jun 19, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions .audit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Dependency Vulnerability Audit Configuration
# This file documents known vulnerabilities and their exceptions

version: 1.0
policy:
# Minimum severity to block CI (critical, high, medium, low)
min_severity_to_block: high

# Require approval for exceptions?
require_approval: true

# Auto-fail if exception expires
enforce_expiry: true

# Fail if any exception is close to expiry (days)
warn_before_expiry_days: 14

# Documented exceptions with business justification
# Format: CVE-XXXX-XXXXX or GHSA-xxxx-xxxx-xxxx
exceptions: {}

# Packages to exclude from audits (use sparingly!)
excluded_packages: []

# Alert channels for new vulnerabilities
alerts:
slack_webhook: null
email_list: []
9 changes: 9 additions & 0 deletions .env.example
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ SECUSCAN_BIND_PORT=8000

# Docker Support
SECUSCAN_DOCKER_ENABLED=false
# Docker sandbox network (auto-created if absent; ICC disabled for isolation)
SECUSCAN_DOCKER_NETWORK=restricted

# Security Defaults
SECUSCAN_SAFE_MODE_DEFAULT=true
Expand All @@ -22,6 +24,13 @@ SECUSCAN_ALLOW_LOOPBACK_SCANS=true
# SECUSCAN_ALLOWED_NETWORKS=127.0.0.1,192.168.*.*,10.*.*.*,172.16.*.*
# SECUSCAN_CORS_ALLOWED_ORIGINS=http://127.0.0.1:5173,http://localhost:5173

# Network Policy & Admin Authentication
# SECUSCAN_NETWORK_ALLOWLIST=
# SECUSCAN_NETWORK_DENYLIST=169.254.169.254/32,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
# SECUSCAN_ENFORCE_NETWORK_POLICY=true
# SECUSCAN_NETWORK_POLICY_FAILURE_MODE=block
# SECUSCAN_ADMIN_API_KEY=replace-with-a-secure-admin-token

# Credential Vault — REQUIRED before first run
# Generate with: python -c "import secrets; print(secrets.token_hex(32))"
# The server refuses to start the vault if this is unset.
Expand Down
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/bug_report.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
name: Bug report
about: Create a report to help us improve SecuScan
title: '[BUG] '
labels: bug
labels: type:bug, priority:medium
assignees: ''

---
Expand Down
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/documentation_task.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
name: Documentation task
about: Propose a documentation improvement contributors can pick up directly
title: '[DOCS] '
labels: documentation
labels: type:docs, area:docs, priority:medium
assignees: ''

---
Expand Down
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/feature_request.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
name: Feature request
about: Suggest an idea for SecuScan
title: '[FEAT] '
labels: feature
labels: type:feature, priority:medium
assignees: ''

---
Expand Down
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/help_wanted_task.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
name: Help wanted task
about: Create a scoped contributor task with clear implementation and verification notes
title: '[TASK] '
labels: help wanted
labels: priority:medium
assignees: ''

---
Expand Down
23 changes: 23 additions & 0 deletions .github/workflows/catalog-sync-check.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: Plugin Catalog Sync Check

on:
push:
branches: [ main ]
pull_request:
branches: [ main ]

jobs:
validate-catalog:
runs-on: ubuntu-latest

steps:
- name: Checkout Repository
uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'

- name: Run Catalog Validation Script
run: python scripts/validate_plugins_catalog.py
16 changes: 13 additions & 3 deletions .github/workflows/check-artifacts.yml
Original file line number Diff line number Diff line change
@@ -1,14 +1,24 @@
name: Check for Frontend Artifacts
name: Check for Committed Artifacts

on:
pull_request:
branches: [main, dev]
paths:
- "frontend/**"
- "output/**"
- "data/**"
- "backend/data/**"
- "logs/**"
- "scripts/check-artifacts.sh"
- ".github/workflows/check-artifacts.yml"

jobs:
artifact-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Run artifact check
run: bash scripts/check-artifacts.sh
- name: Run artifact guard
run: bash scripts/check-artifacts.sh origin/main
176 changes: 168 additions & 8 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,27 @@ jobs:
git fetch origin "${{ github.base_ref }}" --depth=1
git diff --check "origin/${{ github.base_ref }}"...HEAD

issue-template-label-validation:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Validate issue template labels
run: python scripts/validate_issue_template_labels.py

doc-anchor-validation:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"

- name: Validate documentation anchors
run: python scripts/validate_doc_anchors.py

backend-lint:
needs: detect-changes
if: needs.detect-changes.outputs.run_backend == 'true'
Expand All @@ -61,7 +82,29 @@ jobs:
- name: Run backend lint baseline
run: ruff check backend testing/backend

backend-tests:
backend-unit:
needs: [detect-changes, backend-lint, formatting-hygiene]
if: |
always() &&
needs.detect-changes.outputs.run_backend == 'true' &&
(needs.backend-lint.result == 'success' || needs.backend-lint.result == 'skipped') &&
(needs.formatting-hygiene.result == 'success' || needs.formatting-hygiene.result == 'skipped')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install backend system dependencies
run: sudo apt-get update && sudo apt-get install -y libcairo2-dev pkg-config
- name: Install backend dependencies
run: |
python -m pip install --upgrade pip
pip install -r backend/requirements.txt -r backend/requirements-dev.txt
- name: Run unit tests
run: pytest testing/backend/unit -q -m "not benchmark"

backend-integration:
needs: [detect-changes, backend-lint, formatting-hygiene]
if: |
always() &&
Expand All @@ -80,8 +123,100 @@ jobs:
run: |
python -m pip install --upgrade pip
pip install -r backend/requirements.txt -r backend/requirements-dev.txt
- name: Run backend tests
run: pytest testing/backend -q -m "not benchmark"
- name: Run integration tests
run: pytest testing/backend/integration -q -m "not benchmark"

parser-contracts:
needs: [detect-changes, backend-lint, formatting-hygiene]
if: |
always() &&
needs.detect-changes.outputs.run_backend == 'true' &&
(needs.backend-lint.result == 'success' || needs.backend-lint.result == 'skipped') &&
(needs.formatting-hygiene.result == 'success' || needs.formatting-hygiene.result == 'skipped')
runs-on: ubuntu-latest
strategy:
matrix:
capability_group:
- network
- intrusive
- credentials
- exploit
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install backend system dependencies
run: sudo apt-get update && sudo apt-get install -y libcairo2-dev pkg-config
- name: Install backend dependencies
run: |
python -m pip install --upgrade pip
pip install -r backend/requirements.txt -r backend/requirements-dev.txt
- name: Run parser contract tests for capability group ${{ matrix.capability_group }}
run: |
echo "Running parser contract tests for capability group: ${{ matrix.capability_group }}"
PARSER_CAPABILITY_GROUP=${{ matrix.capability_group }} pytest testing/backend/integration/test_parser_output_contract.py -q
backend-tests:
needs:
- backend-unit
- backend-integration
- parser-contracts
runs-on: ubuntu-latest
if: |
always() &&
(needs.backend-unit.result == 'success' || needs.backend-unit.result == 'skipped') &&
(needs.backend-integration.result == 'success' || needs.backend-integration.result == 'skipped') &&
(needs.parser-contracts.result == 'success' || needs.parser-contracts.result == 'skipped')
steps:
- name: Backend test suites completed
run: echo "backend-unit, backend-integration, and parser-contracts completed"
backend-audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install backend system dependencies
run: sudo apt-get update && sudo apt-get install -y libcairo2-dev pkg-config
- name: Install backend dependencies
run: |
python -m pip install --upgrade pip
pip install -r backend/requirements.txt -r backend/requirements-dev.txt

- name: Run pip-audit on backend
id: pip_audit
run: |
mkdir -p ${{ github.workspace }}/backend
pip-audit -r backend/requirements.txt --desc --format json > ${{ github.workspace }}/backend/pip-audit-report.json || {
EXIT_CODE=$?
echo "EXIT_CODE=$EXIT_CODE" >> $GITHUB_OUTPUT
exit 0 # Check severity next
}
continue-on-error: true

- name: Check pip-audit results
run: |
python ${{ github.workspace }}/scripts/check_pip_audit.py \
--report ${{ github.workspace }}/backend/pip-audit-report.json \
--config ${{ github.workspace }}/.audit-config.yaml

- name: Generate CycloneDX SBOM
run: |
python ${{ github.workspace }}/scripts/generate_sbom.py --output ${{ github.workspace }}/sbom.json --include-dev

- name: Upload pip-audit report
if: always()
uses: actions/upload-artifact@v4
with:
name: pip-audit-report
path: ${{ github.workspace }}/backend/pip-audit-report.json

- name: Upload SBOM
uses: actions/upload-artifact@v4
with:
name: sbom
path: ${{ github.workspace }}/sbom.json

benchmark:
runs-on: ubuntu-latest
Expand All @@ -101,35 +236,60 @@ jobs:
id: run_benchmarks
run: python3 scripts/run_benchmarks.py
continue-on-error: true
- name: Upload benchmark results artifact
- name: Upload benchmark comparison artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: benchmark-results
path: benchmark_results.json
name: benchmark-threshold-comparison
path: |
benchmark_results.json
benchmark_threshold_comparison.json
- name: Add warning annotation on failure
if: steps.run_benchmarks.outcome == 'failure'
run: |
echo "::warning::Performance benchmark thresholds exceeded or benchmarks failed to run. Check the job logs for details."

frontend-checks:
needs: [detect-changes, formatting-hygiene]
if: |
always() &&
needs.detect-changes.outputs.run_frontend == 'true' &&
(needs.formatting-hygiene.result == 'success' || needs.formatting-hygiene.result == 'skipped')
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [20, 22]

defaults:
run:
working-directory: frontend
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "20"
node-version: ${{ matrix.node-version }}
cache: "npm"
cache-dependency-path: frontend/package-lock.json
- name: Install frontend dependencies
run: npm ci
- name: Run npm audit
id: npm_audit
run: |
npm audit --json > ${{ github.workspace }}/frontend/npm-audit-report.json || {
EXIT_CODE=$?
echo "EXIT_CODE=$EXIT_CODE" >> $GITHUB_OUTPUT
exit 0 # Check severity next
}
continue-on-error: true
- name: Install Python YAML library
run: pip install pyyaml
- name: Check npm audit results
run: python ${{ github.workspace }}/scripts/check_npm_audit.py --report ${{ github.workspace }}/frontend/npm-audit-report.json --config ${{ github.workspace }}/.audit-config.yaml
- name: Upload npm-audit report
if: always()
uses: actions/upload-artifact@v4
with:
name: npm-audit-report
path: frontend/npm-audit-report.json
- name: Run frontend TypeScript typecheck
run: npm run typecheck
- name: Note TypeScript typecheck in job summary
Expand Down
Loading
Loading