Development

.mailmap

@@ -0,0 +1,11 @@
+# Canonical identity
+Gurdip Sira <gurdip@gurdipsira.dev>
+
+# Variations to map → canonical
+Gurdip Sira <gurdip@gurdipsira.dev> <gurdip@TeamCity>
+Gurdip Sira <gurdip@gurdipsira.dev> <87333788+GurdipS5@users.noreply.github.com>
+Gurdip Sira <gurdip@gurdipsira.dev> <Administrator@GLOVSDEV25.GLOBAL.GSSIRA.COM>
+
+# Bots (kept explicit for clarity)
+renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
+snyk-bot <snyk-bot@snyk.io>

cliff.toml

@@ -0,0 +1,92 @@
+# git-cliff ~ configuration file
+# https://git-cliff.org/docs/configuration
+
+
+[changelog]
+# A Tera template to be rendered for each release in the changelog.
+# See https://keats.github.io/tera/docs/#introduction
+body = """
+{% if version %}\
+    ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }}
+{% else %}\
+    ## [unreleased]
+{% endif %}\
+{% for group, commits in commits | group_by(attribute="group") %}
+    ### {{ group | striptags | trim | upper_first }}
+    {% for commit in commits %}
+        - {% if commit.scope %}*({{ commit.scope }})* {% endif %}\
+            {% if commit.breaking %}[**breaking**] {% endif %}\
+            {{ commit.message | upper_first }}\
+    {% endfor %}
+{% endfor %}
+"""
+# Remove leading and trailing whitespaces from the changelog's body.
+trim = true
+# Render body even when there are no releases to process.
+render_always = true
+# An array of regex based postprocessors to modify the changelog.
+postprocessors = [
+    # Replace the placeholder <REPO> with a URL.
+    #{ pattern = '<REPO>', replace = "https://github.com/orhun/git-cliff" },
+]
+# render body even when there are no releases to process
+# render_always = true
+# output file path
+# output = "CHANGELOG.md"
+
+[git]
+# Parse commits according to the conventional commits specification.
+# See https://www.conventionalcommits.org
+conventional_commits = true
+# Exclude commits that do not match the conventional commits specification.
+filter_unconventional = true
+# Require all commits to be conventional.
+# Takes precedence over filter_unconventional.
+require_conventional = false
+# Split commits on newlines, treating each line as an individual commit.
+split_commits = false
+# An array of regex based parsers to modify commit messages prior to further processing.
+commit_preprocessors = [
+    # Replace issue numbers with link templates to be updated in `changelog.postprocessors`.
+    #{ pattern = '\((\w+\s)?#([0-9]+)\)', replace = "([#${2}](<REPO>/issues/${2}))"},
+    # Check spelling of the commit message using https://github.com/crate-ci/typos.
+    # If the spelling is incorrect, it will be fixed automatically.
+    #{ pattern = '.*', replace_command = 'typos --write-changes -' },
+]
+# Prevent commits that are breaking from being excluded by commit parsers.
+protect_breaking_commits = false
+# An array of regex based parsers for extracting data from the commit message.
+# Assigns commits to groups.
+# Optionally sets the commit's scope and can decide to exclude commits from further processing.
+commit_parsers = [
+    { message = "^feat", group = "<!-- 0 -->🚀 Features" },
+    { message = "^fix", group = "<!-- 1 -->🐛 Bug Fixes" },
+    { message = "^doc", group = "<!-- 3 -->📚 Documentation" },
+    { message = "^perf", group = "<!-- 4 -->⚡ Performance" },
+    { message = "^refactor", group = "<!-- 2 -->🚜 Refactor" },
+    { message = "^style", group = "<!-- 5 -->🎨 Styling" },
+    { message = "^test", group = "<!-- 6 -->🧪 Testing" },
+    { message = "^chore\\(release\\): prepare for", skip = true },
+    { message = "^chore\\(deps.*\\)", skip = true },
+    { message = "^chore\\(pr\\)", skip = true },
+    { message = "^chore\\(pull\\)", skip = true },
+    { message = "^chore|^ci", group = "<!-- 7 -->⚙️ Miscellaneous Tasks" },
+    { body = ".*security", group = "<!-- 8 -->🛡️ Security" },
+    { message = "^revert", group = "<!-- 9 -->◀️ Revert" },
+    { message = ".*", group = "<!-- 10 -->💼 Other" },
+]
+# Exclude commits that are not matched by any commit parser.
+filter_commits = false
+# An array of link parsers for extracting external references, and turning them into URLs, using regex.
+link_parsers = []
+# Include only the tags that belong to the current branch.
+use_branch_tags = false
+# Order releases topologically instead of chronologically.
+topo_order = false
+# Order releases topologically instead of chronologically.
+topo_order_commits = true
+# Order of commits in each group/release within the changelog.
+# Allowed values: newest, oldest
+sort_commits = "oldest"
+# Process submodules commits
+recurse_submodules = false

fraim_rules.json

@@ -0,0 +1,15 @@
+{
+  "Example Rule": "Flag this rule on every diff, it is an example to show how the workflow works.",
+  "XSS": "Flag any potential cross-site scripting vulnerabilities, including unescaped user input in HTML output.",
+  "SQL Injection": "Flag any potential SQL injection vulnerabilities, including string concatenation in SQL queries.",
+  "CSRF": "Flag any potential cross-site request forgery vulnerabilities, including missing CSRF tokens.",
+  "Path Traversal": "Flag any potential path traversal vulnerabilities, including unsanitized file paths from user input.",
+  "Command Injection": "Flag any potential command injection vulnerabilities, including unsanitized input in shell commands.",
+  "Hardcoded Secrets": "Flag any hardcoded passwords, API keys, tokens, or other secrets in the code.",
+  "Insecure Deserialization": "Flag any potential insecure deserialization vulnerabilities.",
+  "SSRF": "Flag any potential server-side request forgery vulnerabilities, including unvalidated URLs from user input.",
+  "Open Redirect": "Flag any potential open redirect vulnerabilities, including unvalidated redirect URLs.",
+  "Sensitive Data Exposure": "Flag any potential exposure of sensitive data in logs, error messages, or responses.",
+  "Authentication Bypass": "Flag any potential authentication bypass vulnerabilities or weak authentication logic.",
+  "Insecure Direct Object Reference": "Flag any potential IDOR vulnerabilities where user input directly references objects without authorization checks."
+}