Mapping Loi 05-20 ↔ ISO/IEC 27001:2022 #2819
Conversation
When writing a custom `get_object` method in a viewset, we must perform call `self.check_object_permissions(request, obj)`. Otherwise, `RBACPermissions.has_object_permission` will **not** be called.
New format is <branch>-<timestamp>-<artifact name>
…-uploaded-artifacts
fix broken word export when IG name is a number
Update README.md
Fix autocomplete arraysEqual
* starting point * variant with filesystem - experimental * First implementation * checkpoint * checkpoint * checkpoint valkey * sqlite backend for huey, compatible with pg for the rest of the app * compose preperation * Introduce MAIL_DEBUG env variable * checkpoint * logging and error management * wip * target value * slow down the scheduler given the current use cases to save CPU * fixup * back to default worker class for now * Use the global setting and default to false
…em#1430) * small optimizations of library presentation headers * Ajustement du code pour CI Semantics
* Check permissions for each model to import before attempting to create objects * Wrap form return values with withFiles wrapper * Localize domain import permission denied error * Style domain import button * Remove dead code * Tidy import domain functions * Use RoleAsignment.is_access_allowed rather than user.permissions * Enforce RBAC on domain export * chore: Remove duplicate import
Co-authored-by: Mohamed-Hacene <mohamedhacene.b@gmail.com>
intuitem#1431) Add files via upload Added so called elementary threats by german BSI in order to assign in risk-management
annotated base query for better perf
…em#1444) * wip * wip * wip * checkpoint * ready for review
…ios (intuitem#1442) * freat: current/residual criticality filters for risk scenarios * fix: created correct filter * fix: minor fix
…item#1445) Expose extra variables for a more flexible infra tuning
* checkpoint * error management * Moving component * counters asynchronously as well * clean up and cleaner syntax
* Align EE settings * Fix languages
* feat: check required libraries after domain creation * feat: improve error handling * chore: format
* Add a progress field on applied controls * changed save model function & regionalize * inverse colors and add a validator on the progress field model
* fix: diffentiate cell's tooltips using matrixName% * fix: typo and code readability
* Increase limit_request_line param for gunicorn Increase limit_request_line param for gunicorn, this allows some IDP (such as GoAuthentik) provider to work as the request line often goes beyond the default value of 4094. * Update startup.sh Forgot backslash...
…1451) * put entityy mendatory with red star UI * changed implementation
|
Caution Review failedFailed to post review comments WalkthroughThis PR comprehensively restructures the project foundation, introducing Django app configuration, extensive database schema migrations, a full API testing framework, new CI/CD workflows, calendar functionality, and substantial documentation updates. Changes span configuration files, backend infrastructure, test infrastructure, and project documentation. Changes
Estimated code review effort🎯 5 (Critical) | ⏱️ ~120+ minutes Areas requiring extra attention:
Possibly related PRs
Suggested labels
Suggested reviewers
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 inconclusive)
✅ Passed checks (1 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 53
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
backend/core/filters.py (1)
237-241: Update the placeholder to match the new naming.
Line 240 still reads “Search function…”, which conflicts with the new “Reference control” terminology. Please update the placeholder so the UI doesn’t surface the deprecated label.
🧹 Nitpick comments (37)
CODE_OF_CONDUCT.md (1)
63-63: Address bare URL flagged by markdownlint.The static analysis tool flagged a bare URL issue (MD034) on this line. While the Discord link is properly formatted as a markdown link, the email address
contact@intuitem.comis left bare. Consider wrapping it as a mailto link for consistency:-contact@intuitem.com or our [Discord](https://discord.gg/qvkaMdQ8da). +[contact@intuitem.com](mailto:contact@intuitem.com) or our [Discord](https://discord.gg/qvkaMdQ8da).This also improves accessibility for users viewing the document.
.pre-commit-config.yaml (2)
15-17: Refine the exclusion pattern for ruff-format.The
exclude: (migrations)filter uses simple string matching. Consider using a more explicit regex pattern to ensure consistency across different directory structures.- exclude: (migrations) + exclude: migrations/
11-13: Consider enabling the ruff linter alongside the formatter.The ruff linter is currently commented out. Running both the linter and formatter provides more comprehensive code quality checks (not just formatting consistency).
If linting is desired, uncomment and adjust the ruff linter hook:
- # Run the linter. - # - id: ruff - # args: [--fix, backend] + # Run the linter. + - id: ruff + args: [--fix, backend] + exclude: migrations/This assumes your ruff configuration file (
.ruff.tomlorpyproject.toml) is already set up appropriately for your project's linting rules.backend/core/admin_config.py (1)
11-13: Consider simplifying the getter function.The
get_configfunction is a thin wrapper around dictionary access. You could either:
- Simplify by removing the redundant
Noneparameter:return config.get(key)(sinceNoneis the default)- Or consider whether direct dictionary access (
config[key]orconfig.get(key)) would suffice, unless you plan to add validation or logging here later.Apply this diff to remove the redundant parameter:
def get_config(key): - value = config.get(key, None) - return value + return config.get(key)README.md (3)
297-297: Use proper markdown headings instead of emphasis for section headers (MD036).Lines 297, 301, and 318 use bold emphasis (
**...**) where proper markdown headings (###) should be used. This improves semantic markup and document structure.Apply these diffs:
-**Mandatory variables** +### Mandatory variables All variables in the backend have handy default values. -**Recommended variables** +### Recommended variables ```sh export DJANGO_DEBUG=True-**Other variables** +### Other variables ```sh # CISO Assistant will use SQLite by default, but you can setup PostgreSQL by declaring these variablesAlso applies to: 301-301, 318-318
552-552: Fix compound adjective hyphenation in license section.Line 552 uses "Open Source edition" which should be "Open-Source edition" when used as a compound adjective modifying "CISO Assistant."
Apply this diff:
-This repository contains the source code for both the Open Source edition of CISO Assistant (Community Edition), released under the AGPL v3, as well as the commercial edition of CISO Assistant (Pro and Enterprise Editions), released under the intuitem Commercial Software License. This mono-repository approach is adopted for simplicity. +This repository contains the source code for both the Open-Source edition of CISO Assistant (Community Edition), released under the AGPL v3, as well as the commercial edition of CISO Assistant (Pro and Enterprise Editions), released under the intuitem Commercial Software License. This mono-repository approach is adopted for simplicity.
474-487: Clarify testing and API documentation sections.The test suite section could be enhanced with:
- Expected test output examples or pass/fail criteria
- Notes on test prerequisites (fixtures, test databases, clean state requirements)
- Information on test coverage reporting
For the API section: Consider adding a note about token expiration behavior given the new AUTH_TOKEN_TTL and AUTH_TOKEN_AUTO_REFRESH variables documented earlier.
Also applies to: 488-496
.github/workflows/cla.yml (3)
20-20: Clarify the conditional logic for event-specific contexts.The
ifcondition combines checks ongithub.event.comment.body(which isnullforpull_request_targetevents) with an OR to the event type. While this works due to short-circuit evaluation, consider restructuring for clarity.- if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' + if: github.event_name == 'pull_request_target' || github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA'Placing the event check first avoids evaluating comment context when not applicable.
30-30: Avoid hardcoding commit hashes in URLs; use branch references instead.The CLA document URL includes a specific commit hash (
154b96e4e7879845567cdedfbd6c326af56afe29), which may become stale if the file is updated or the repository is restructured.- path-to-document: 'https://github.com/intuitem/ciso-assistant-community/blob/154b96e4e7879845567cdedfbd6c326af56afe29/Contributor%20License%20Agreement.md' # e.g. a CLA or a DCO document + path-to-document: 'https://github.com/intuitem/ciso-assistant-community/blob/main/Contributor%20License%20Agreement.md' # e.g. a CLA or a DCO documentReference the stable default branch (
main) instead of a commit hash.
34-34: Fix indentation inconsistency.Line 34 has 7 leading spaces instead of the standard 2 or 4 used elsewhere in the file.
- # the followings are the optional inputs - If the optional inputs are not given, then default values will be taken + # the followings are the optional inputs - If the optional inputs are not given, then default values will be takenbackend/core/generators.py (2)
19-307: Consider consolidating duplicate code in chart functions.The default color palette is repeated across multiple functions (lines 36-42, 80-86, 131-137, 199-205, 267-273). Additionally,
plot_spider_chart(lines 248-307) andplot_category_radar(lines 177-245) have very similar implementations with only minor differences in data structure handling.Consider extracting the color palette as a module-level constant and potentially merging the two radar chart functions:
# At module level DEFAULT_CHART_COLORS = [ "#2196F3", # Blue "#4CAF50", # Green "#FFC107", # Amber "#F44336", # Red "#9C27B0", # Purple ]For the radar functions, consider a unified implementation that handles both data formats or documents why two separate functions are necessary.
310-568: Consider refactoring the large gen_audit_context function.This function is 258 lines long and performs multiple responsibilities: data aggregation, score calculation, chart generation, and context assembly. This violates the Single Responsibility Principle and makes the function difficult to test and maintain.
Consider refactoring into smaller, focused functions:
def gen_audit_context(id, doc, tree, lang): """Generate context for audit report document.""" audit = ComplianceAssessment.objects.get(id=id) # Delegate to focused helper functions result_counts = _count_category_results(tree) category_scores = _aggregate_category_scores(tree) aggregated = _aggregate_results(result_counts) spider_data, agg_drifts = _prepare_chart_data(tree, result_counts) donut_data = _prepare_donut_data(aggregated, lang) charts = _generate_charts(doc, spider_data, donut_data, category_scores, ...) controls_data = _gather_controls_data(audit) return _build_context(audit, aggregated, charts, controls_data, ...)Additionally, add type hints and a comprehensive docstring documenting the expected structure of the
treeparameter and returned context dictionary.backend/cal/migrations/0001_initial.py (1)
24-27: Consider adding database-level validation for event dates.The Event model lacks validation to ensure
start_timeoccurs beforeend_time. While this can be validated in the model layer, adding a database check constraint would provide an additional safety layer.To add a check constraint, you could modify the migration:
migrations.CreateModel( name="Event", fields=[ # ... existing fields ... ], ), migrations.AddConstraint( model_name="event", constraint=models.CheckConstraint( check=models.Q(start_time__lt=models.F('end_time')), name='event_start_before_end' ), ),backend/.gitignore (1)
17-17: Minor: Unnecessary leading./in pattern.The pattern
./db/can be simplified todb/since gitignore patterns are relative to the.gitignorefile location. The leading./is redundant, though it doesn't affect functionality.-./db/ +db/.github/workflows/docker-build-and-push.yml (1)
39-47: Quote$GITHUB_ENVwrites to satisfy shellcheck.Shellcheck (SC2086) flags these echo commands because
$GITHUB_ENVisn’t quoted. Quote the redirection targets (and consider quoting.metacopies) to avoid unintended word splitting and keep the workflow lint-clean. Example fix:- echo "VERSION=$(git describe --tags --always)" >> $GITHUB_ENV - echo "BUILD=$(git rev-parse --short HEAD)" >> $GITHUB_ENV + echo "VERSION=$(git describe --tags --always)" >> "$GITHUB_ENV" + echo "BUILD=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV" ... - cp .meta ./backend/ - cp .meta ./backend/ciso_assistant/ + cp .meta ./backend/ + cp .meta ./backend/ciso_assistant/Based on learnings
.github/workflows/docker-build-and-push-dummy.yml (1)
30-37: Quote writes to$GITHUB_ENVto resolve shellcheck warning.The inline script triggers SC2086 because
$GITHUB_ENVisn’t quoted. Wrap the target in double quotes for each redirection so the workflow remains shellcheck-clean:- echo "VERSION=$(git describe --tags --always)" >> $GITHUB_ENV - echo "BUILD=$(git rev-parse --short HEAD)" >> $GITHUB_ENV + echo "VERSION=$(git describe --tags --always)" >> "$GITHUB_ENV" + echo "BUILD=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV"Based on learnings
backend/core/management/commands/status.py (1)
2-2: Import only the models you use.
Line 2’sfrom core.models import *obscures dependencies and makes static analysis tougher. Please switch to explicit model imports (e.g.,AppliedControl,RiskAssessment, etc.) for clarity..github/workflows/backend-coverage.yaml (3)
37-39: Update GitHub Actions to latest versions.The
actions/checkout@v3andactions/setup-python@v4actions use runners that are deprecated on GitHub Actions. Update to@v4and@v5respectively.Apply this diff:
- - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@v5
53-67: Consider using a multi-line redirect for cleaner shell script.Multiple individual redirects can be consolidated into a single block redirect for better readability.
- touch .env - echo DJANGO_DEBUG='True' >> .env - echo POSTGRES_NAME=postgres >> .env - echo POSTGRES_USER=postgres >> .env - echo POSTGRES_PASSWORD=postgres >> .env - echo DB_HOST=localhost >> .env - echo EMAIL_HOST=localhost >> .env - echo EMAIL_PORT=1025 >> .env - echo EMAIL_HOST_USER='' >> .env - echo EMAIL_HOST_PASSWORD='' >> .env - #echo EMAIL_USE_TLS=False >> .env - echo DEFAULT_FROM_EMAIL='ciso-assistant@alsigo.net' >> .env - echo CISO_ASSISTANT_SUPERUSER_EMAIL='' >> .env - echo CISO_ASSISTANT_URL=http://127.0.0.1:5173 >> .env + cat > .env << 'EOF' + DJANGO_DEBUG=True + POSTGRES_NAME=postgres + POSTGRES_USER=postgres + POSTGRES_PASSWORD=postgres + DB_HOST=localhost + EMAIL_HOST=localhost + EMAIL_PORT=1025 + EMAIL_HOST_USER= + EMAIL_HOST_PASSWORD= + DEFAULT_FROM_EMAIL=ciso-assistant@alsigo.net + CISO_ASSISTANT_SUPERUSER_EMAIL= + CISO_ASSISTANT_URL=http://127.0.0.1:5173 + EOF
71-71: Quote the command substitution to prevent word splitting.The
export $(grep ...)command should quote the substitution to handle values with spaces correctly.- export $(grep -v '^#' .env | xargs) + export "$(grep -v '^#' .env | xargs)"Apply the same change on line 78.
Also applies to: 78-78
.github/workflows/frontend-coverage.yaml (1)
26-26: Update to latest checkout action version.The
actions/checkout@v3action uses a deprecated runner.- - uses: actions/checkout@v3 + - uses: actions/checkout@v4.github/workflows/backend-api-tests.yml (2)
29-31: Update GitHub Actions to latest versions.The actions use deprecated runners.
- - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@v5
45-56: Consider using a heredoc for environment file creation.Same suggestion as backend-coverage.yaml for cleaner shell script formatting.
- touch .env - echo DJANGO_DEBUG='True' >> .env - echo DB_HOST=localhost >> .env - echo EMAIL_HOST=localhost >> .env - echo EMAIL_PORT=1025 >> .env - echo EMAIL_HOST_USER='' >> .env - echo EMAIL_HOST_PASSWORD='' >> .env - #echo EMAIL_USE_TLS=False >> .env - echo DEFAULT_FROM_EMAIL='ciso-assistant@alsigo.net' >> .env - echo CISO_ASSISTANT_SUPERUSER_EMAIL='' >> .env - echo CISO_ASSISTANT_URL=http://127.0.0.1:5173 >> .env + cat > .env << 'EOF' + DJANGO_DEBUG=True + DB_HOST=localhost + EMAIL_HOST=localhost + EMAIL_PORT=1025 + EMAIL_HOST_USER= + EMAIL_HOST_PASSWORD= + DEFAULT_FROM_EMAIL=ciso-assistant@alsigo.net + CISO_ASSISTANT_SUPERUSER_EMAIL= + CISO_ASSISTANT_URL=http://127.0.0.1:5173 + EOF.github/workflows/backend-migrations-check.yaml (5)
21-24: Simplify matrix strategy.The
max-parallel: 4setting is unnecessary when the matrix contains only a single Python version. The strategy can be simplified or removed entirely.Apply this diff:
- strategy: - max-parallel: 4 - matrix: - python-version: ["3.12"] + strategy: + matrix: + python-version: ["3.12"]
43-55: Improve shell script formatting.Consider using a single group redirect for better readability and to address the shellcheck SC2129 hint.
Apply this diff:
- name: Create backend environment variables file working-directory: ${{ env.backend-directory }} run: | - touch .env - echo DJANGO_DEBUG=True >> .env - echo DJANGO_SUPERUSER_EMAIL=admin@tests.com >> .env - echo DJANGO_SUPERUSER_PASSWORD=1234 >> .env - echo DB_HOST=localhost >> .env - echo CISO_ASSISTANT_SUPERUSER_EMAIL='' >> .env - echo CISO_ASSISTANT_URL=http://localhost:4173 >> .env - echo DEFAULT_FROM_EMAIL='ciso-assistant@tests.net' >> .env - echo EMAIL_HOST=localhost >> .env - echo EMAIL_HOST_USER=user@tests.com >> .env - echo EMAIL_HOST_PASSWORD=password >> .env - echo EMAIL_PORT=1025 >> .env + { + echo DJANGO_DEBUG=True + echo DJANGO_SUPERUSER_EMAIL=admin@tests.com + echo DJANGO_SUPERUSER_PASSWORD=1234 + echo DB_HOST=localhost + echo CISO_ASSISTANT_SUPERUSER_EMAIL='' + echo CISO_ASSISTANT_URL=http://localhost:4173 + echo DEFAULT_FROM_EMAIL='ciso-assistant@tests.net' + echo EMAIL_HOST=localhost + echo EMAIL_HOST_USER=user@tests.com + echo EMAIL_HOST_PASSWORD=password + echo EMAIL_PORT=1025 + } > .env
58-60: Quote variable expansion to prevent word splitting.The
export $(grep ...)command should quote the command substitution to prevent word splitting issues.Apply this diff:
- name: Check that migrations were made working-directory: ${{ env.backend-directory }} run: | - export $(grep -v '^#' .env | xargs) + export "$(grep -v '^#' .env | xargs)" poetry run python manage.py makemigrations --check --dry-run --verbosity=3
65-68: Simplify matrix strategy.Same issue as the migrations-check job:
max-parallel: 4is unnecessary with a single matrix value.Apply this diff:
- strategy: - max-parallel: 4 - matrix: - python-version: ["3.12"] + strategy: + matrix: + python-version: ["3.12"]
90-104: Improve shell script formatting.Same shellcheck hint (SC2129): consider using grouped redirects.
Apply this diff:
- name: Create backend environment variables file working-directory: ${{ env.backend-directory }} run: | - touch .env - echo DJANGO_DEBUG=True >> .env - echo DJANGO_SUPERUSER_EMAIL=admin@tests.com >> .env - echo DJANGO_SUPERUSER_PASSWORD=1234 >> .env - echo DB_HOST=localhost >> .env - echo CISO_ASSISTANT_SUPERUSER_EMAIL='' >> .env - echo CISO_ASSISTANT_URL=http://localhost:4173 >> .env - echo DEFAULT_FROM_EMAIL='ciso-assistant@tests.net' >> .env - echo EMAIL_HOST=localhost >> .env - echo EMAIL_HOST_USER=user@tests.com >> .env - echo EMAIL_HOST_PASSWORD=password >> .env - echo EMAIL_PORT=1025 >> .env - echo DJANGO_SETTINGS_MODULE=enterprise_core.settings >> .env - echo LICENSE_SEATS=999 >> .env + { + echo DJANGO_DEBUG=True + echo DJANGO_SUPERUSER_EMAIL=admin@tests.com + echo DJANGO_SUPERUSER_PASSWORD=1234 + echo DB_HOST=localhost + echo CISO_ASSISTANT_SUPERUSER_EMAIL='' + echo CISO_ASSISTANT_URL=http://localhost:4173 + echo DEFAULT_FROM_EMAIL='ciso-assistant@tests.net' + echo EMAIL_HOST=localhost + echo EMAIL_HOST_USER=user@tests.com + echo EMAIL_HOST_PASSWORD=password + echo EMAIL_PORT=1025 + echo DJANGO_SETTINGS_MODULE=enterprise_core.settings + echo LICENSE_SEATS=999 + } > .envbackend/core/migrations/0018_appliedcontrol_csf_function_and_more.py (1)
12-47: LGTM with optional DRY improvement.The migration correctly adds the CSF function fields to both models with appropriate NIST CSF 2.0 function choices. The fields are properly configured as optional.
For better maintainability, consider extracting the duplicate choices definition:
+CSF_FUNCTION_CHOICES = [ + ("govern", "Govern"), + ("identify", "Identify"), + ("protect", "Protect"), + ("detect", "Detect"), + ("respond", "Respond"), + ("recover", "Recover"), +] + class Migration(migrations.Migration): dependencies = [ ("core", "0017_requirementassessment_mapping_inference_and_more"), ] operations = [ migrations.AddField( model_name="appliedcontrol", name="csf_function", field=models.CharField( blank=True, - choices=[ - ("govern", "Govern"), - ("identify", "Identify"), - ("protect", "Protect"), - ("detect", "Detect"), - ("respond", "Respond"), - ("recover", "Recover"), - ], + choices=CSF_FUNCTION_CHOICES, max_length=20, null=True, verbose_name="CSF Function", ), ), migrations.AddField( model_name="referencecontrol", name="csf_function", field=models.CharField( blank=True, - choices=[ - ("govern", "Govern"), - ("identify", "Identify"), - ("protect", "Protect"), - ("detect", "Detect"), - ("respond", "Respond"), - ("recover", "Recover"), - ], + choices=CSF_FUNCTION_CHOICES, max_length=20, null=True, verbose_name="CSF Function", ), ), ]backend/core/migrations/0014_auto_20240522_1731.py (1)
6-27: Consider migration best practices improvements.The migration logic is functionally correct, but has some areas for improvement:
- Logging: Use Django's migration logging instead of
print()for consistency- Safe indexing: Check collection length before accessing
[0]- URN validation: The string slice check
[:4]is fragileApply these improvements:
-def fix_urns_for_enisa_5g_scm(apps, schema_editor): +def fix_urns_for_enisa_5g_scm(apps, schema_editor, *args, **kwargs): StoredLibrary = apps.get_model("core", "StoredLibrary") LoadedLibrary = apps.get_model("core", "LoadedLibrary") + enisa_5g_scm_stored_library = StoredLibrary.objects.filter( urn="urn:intuitem:risk:library:enisa-5g-scm-v1.3" ) - if enisa_5g_scm_stored_library: - enisa_5g_scm_stored_library[ - 0 - ].delete() # the lib will be added again in the store at the end of the migration + if enisa_5g_scm_stored_library.exists(): + enisa_5g_scm_stored_library.first().delete() + enisa_5g_scm_loaded_library = LoadedLibrary.objects.filter( urn="urn:intuitem:risk:library:enisa-5g-scm-v1.3" ) - if enisa_5g_scm_loaded_library: + if enisa_5g_scm_loaded_library.exists(): count = 0 - for b in enisa_5g_scm_loaded_library[0].reference_controls.all(): - if b.urn[:4] != "urn:": + for b in enisa_5g_scm_loaded_library.first().reference_controls.all(): + if not b.urn.startswith("urn:"): b.urn = "urn:intuitem:" + b.urn b.save() count += 1 - print(f"fixed {count} URNs") + if kwargs.get('verbosity', 1) >= 1: + schema_editor.connection.ops.execute_sql_flush( + None, [f"Fixed {count} URNs for ENISA 5G SCM library"] + ) if hasattr(schema_editor.connection.ops, 'execute_sql_flush') else None.github/workflows/functional-tests.yml (4)
79-96: Improve shell script formatting.Use grouped redirects for better readability and to address shellcheck SC2129.
Apply this diff:
- name: Create backend environment variables file working-directory: ${{ env.backend-directory }} run: | - touch .env - echo LOG_LEVEL=DEBUG >> .env - echo LOG_OUTFILE=ciso-assistant.log >> .env - echo DJANGO_DEBUG=True >> .env - echo DJANGO_SUPERUSER_EMAIL=admin@tests.com >> .env - echo DJANGO_SUPERUSER_PASSWORD=1234 >> .env - echo POSTGRES_NAME=postgres >> .env - echo POSTGRES_USER=postgres >> .env - echo POSTGRES_PASSWORD=postgres >> .env - echo DB_HOST=localhost >> .env - echo CISO_ASSISTANT_SUPERUSER_EMAIL='' >> .env - echo CISO_ASSISTANT_URL=http://localhost:4173 >> .env - echo DEFAULT_FROM_EMAIL='ciso-assistant@tests.net' >> .env - echo EMAIL_HOST=localhost >> .env - echo EMAIL_HOST_USER=user@tests.com >> .env - echo EMAIL_HOST_PASSWORD=password >> .env - echo EMAIL_PORT=1025 >> .env + { + echo LOG_LEVEL=DEBUG + echo LOG_OUTFILE=ciso-assistant.log + echo DJANGO_DEBUG=True + echo DJANGO_SUPERUSER_EMAIL=admin@tests.com + echo DJANGO_SUPERUSER_PASSWORD=1234 + echo POSTGRES_NAME=postgres + echo POSTGRES_USER=postgres + echo POSTGRES_PASSWORD=postgres + echo DB_HOST=localhost + echo CISO_ASSISTANT_SUPERUSER_EMAIL='' + echo CISO_ASSISTANT_URL=http://localhost:4173 + echo DEFAULT_FROM_EMAIL='ciso-assistant@tests.net' + echo EMAIL_HOST=localhost + echo EMAIL_HOST_USER=user@tests.com + echo EMAIL_HOST_PASSWORD=password + echo EMAIL_PORT=1025 + } > .env
99-108: Quote variable expansion.Quote the command substitution in export statements to prevent word splitting (SC2046).
Apply this diff:
- name: Run migrations working-directory: ${{ env.backend-directory }} run: | - export $(grep -v '^#' .env | xargs) + export "$(grep -v '^#' .env | xargs)" poetry run python manage.py makemigrations poetry run python manage.py migrate - name: Start test server working-directory: ${{ env.backend-directory }} run: | - export $(grep -v '^#' .env | xargs) + export "$(grep -v '^#' .env | xargs)" poetry run python manage.py createsuperuser --noinput
118-120: Quote variable references.Quote the variable expansions to prevent word splitting (SC2086).
Apply this diff:
- name: Set current date as env variable run: echo "NOW=$(date +'%Y-%m-%dT%H-%M-%S')" >> $GITHUB_ENV - name: Sanitize branch name - run: echo "BRANCH_SANITIZED=$(echo "${{ env.BRANCH_NAME }}" | tr "/()" "_")" >> $GITHUB_ENV + run: echo "BRANCH_SANITIZED=$(echo "${{ env.BRANCH_NAME }}" | tr '/()" "_")" >> "$GITHUB_ENV"
187-217: Apply same improvements to enterprise job.The enterprise-functional-tests job has the same shell script issues. Apply grouped redirects and proper quoting.
Apply similar improvements as suggested for the standard job:
- Lines 187-204: Use grouped redirects for .env creation
- Lines 209-217: Quote the export command substitutions
backend/core/migrations/0008_alter_complianceassessment_status_and_more.py (1)
12-47: LGTM with optional DRY improvement.The migration correctly updates the status field for both assessment models with appropriate choices and configuration. The fields properly allow null/blank for flexibility.
Similar to migration 0018, consider extracting the duplicate choices definition for maintainability:
+ASSESSMENT_STATUS_CHOICES = [ + ("planned", "Planned"), + ("in_progress", "In progress"), + ("in_review", "In review"), + ("done", "Done"), + ("deprecated", "Deprecated"), +] + class Migration(migrations.Migration): dependencies = [ ("core", "0007_alter_requirementlevel_framework_and_more"), ] operations = [ migrations.AlterField( model_name="complianceassessment", name="status", field=models.CharField( blank=True, - choices=[ - ("planned", "Planned"), - ("in_progress", "In progress"), - ("in_review", "In review"), - ("done", "Done"), - ("deprecated", "Deprecated"), - ], + choices=ASSESSMENT_STATUS_CHOICES, default="planned", max_length=100, null=True, verbose_name="Status", ), ), migrations.AlterField( model_name="riskassessment", name="status", field=models.CharField( blank=True, - choices=[ - ("planned", "Planned"), - ("in_progress", "In progress"), - ("in_review", "In review"), - ("done", "Done"), - ("deprecated", "Deprecated"), - ], + choices=ASSESSMENT_STATUS_CHOICES, default="planned", max_length=100, null=True, verbose_name="Status", ), ), ]backend/core/migrations/0011_auto_20240501_1342.py (1)
24-31: Avoid printing from migrations.Direct
.github/workflows/startup-tests.yml (1)
88-94: Source.envwithout word-splitting hazards.The pattern
export $(grep -v '^#' .env | xargs)drops quoting, so any value containing spaces,#, or=will be mangled and shellcheck already flags it here. Usingset -a; source .env; set +a(or another quoted variant) keeps the workflow robust as soon as one of those env vars gains a space.Apply this diff to load the variables safely:
- export $(grep -v '^#' .env | xargs) + set -a + source .env + set +a @@ - export $(grep -v '^#' .env | xargs) + set -a + source .env + set +a @@ - export $(grep -v '^#' .env | xargs) + set -a + source .env + set +aAlso applies to: 230-237, 275-277
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (5)
backend/app_tests/sample_640x480.jpgis excluded by!**/*.jpgbackend/app_tests/test_image.jpgis excluded by!**/*.jpgbackend/core/templates/core/audit_report_template.docxis excluded by!**/*.docxbackend/core/templates/core/audit_report_template_en.docxis excluded by!**/*.docxbackend/core/templates/core/audit_report_template_fr.docxis excluded by!**/*.docx
📒 Files selected for processing (107)
.dockerignore(1 hunks).eslintrc.js(1 hunks).github/ISSUE_TEMPLATE/feature_request.md(1 hunks).github/workflows/backend-api-tests.yml(1 hunks).github/workflows/backend-coverage.yaml(1 hunks).github/workflows/backend-linters.yaml(1 hunks).github/workflows/backend-migrations-check.yaml(1 hunks).github/workflows/cla.yml(1 hunks).github/workflows/docker-build-and-push-dummy.yml(1 hunks).github/workflows/docker-build-and-push-ee.yml(1 hunks).github/workflows/docker-build-and-push.yml(1 hunks).github/workflows/frontend-coverage.yaml(1 hunks).github/workflows/frontend-linters.yaml(1 hunks).github/workflows/frontend-unit-tests.yml(1 hunks).github/workflows/functional-tests.yml(1 hunks).github/workflows/startup-tests.yml(1 hunks).github/workflows/unit-test-ciso-assistant.yml(0 hunks).github/workflows/version-change-check.yml(1 hunks).gitignore(1 hunks).pre-commit-config.yaml(1 hunks)CODE_OF_CONDUCT.md(1 hunks)CONTRIBUTING.md(1 hunks)Caddyfile(1 hunks)Dockerfile(0 hunks)LICENSE(0 hunks)LICENSE-AGPL.txt(1 hunks)LICENSE.md(1 hunks)README.md(3 hunks)SECURITY.md(1 hunks)backend/.dockerignore(1 hunks)backend/.gitignore(1 hunks)backend/Dockerfile(1 hunks)backend/app_tests/api/test_api_applied_controls.py(1 hunks)backend/app_tests/api/test_api_assets.py(1 hunks)backend/app_tests/api/test_api_compliance_assessments.py(1 hunks)backend/app_tests/api/test_api_evidences.py(1 hunks)backend/app_tests/api/test_api_folders.py(1 hunks)backend/app_tests/api/test_api_libraries.py(1 hunks)backend/app_tests/api/test_api_policies.py(1 hunks)backend/app_tests/api/test_api_projects.py(1 hunks)backend/app_tests/api/test_api_reference_controls.py(1 hunks)backend/app_tests/api/test_api_requirement_assessments.py(1 hunks)backend/app_tests/api/test_api_requirement_nodes.py(1 hunks)backend/app_tests/api/test_api_risk_acceptances.py(1 hunks)backend/app_tests/api/test_api_risk_assessments.py(1 hunks)backend/app_tests/api/test_api_risk_scenarios.py(1 hunks)backend/app_tests/api/test_api_threats.py(1 hunks)backend/app_tests/api/test_api_user_groups.py(1 hunks)backend/app_tests/api/test_api_users.py(1 hunks)backend/app_tests/api/test_utils.py(1 hunks)backend/app_tests/conftest.py(1 hunks)backend/app_tests/test_file.txt(1 hunks)backend/app_tests/test_vars.py(1 hunks)backend/cal/admin.py(1 hunks)backend/cal/apps.py(1 hunks)backend/cal/migrations/0001_initial.py(1 hunks)backend/cal/models.py(1 hunks)backend/cal/tests/test_models.py(1 hunks)backend/cal/tests/test_utils.py(1 hunks)backend/cal/utils.py(1 hunks)backend/ciso_assistant/VERSION(1 hunks)backend/ciso_assistant/asgi.py(1 hunks)backend/ciso_assistant/build.json(1 hunks)backend/ciso_assistant/scripts/generate_build_file.sh(1 hunks)backend/ciso_assistant/settings.py(1 hunks)backend/ciso_assistant/urls.py(1 hunks)backend/ciso_assistant/wsgi.py(1 hunks)backend/core/__init__.py(1 hunks)backend/core/admin_config.py(1 hunks)backend/core/apps.py(1 hunks)backend/core/base_models.py(1 hunks)backend/core/filters.py(7 hunks)backend/core/generators.py(1 hunks)backend/core/helpers.py(1 hunks)backend/core/locale/fr/LC_MESSAGES/django.po(1 hunks)backend/core/management/commands/reset_mail.py(1 hunks)backend/core/management/commands/status.py(1 hunks)backend/core/management/commands/welcome_mail.py(1 hunks)backend/core/migrations/0001_initial.py(1 hunks)backend/core/migrations/0002_initial.py(1 hunks)backend/core/migrations/0003_alter_riskscenario_strength_of_knowledge.py(1 hunks)backend/core/migrations/0004_complianceassessment_is_published_and_more.py(1 hunks)backend/core/migrations/0005_alter_project_lc_status_alter_securitymeasure_effort.py(1 hunks)backend/core/migrations/0006_remove_securitymeasure_security_function_and_more.py(1 hunks)backend/core/migrations/0007_alter_requirementlevel_framework_and_more.py(1 hunks)backend/core/migrations/0008_alter_complianceassessment_status_and_more.py(1 hunks)backend/core/migrations/0009_framework_max_score_framework_min_score_and_more.py(1 hunks)backend/core/migrations/0010_rename_score_definition_framework_scores_definition_and_more.py(1 hunks)backend/core/migrations/0011_auto_20240501_1342.py(1 hunks)backend/core/migrations/0012_alter_appliedcontrol_updated_at_and_more.py(1 hunks)backend/core/migrations/0013_requirementnode_typical_evidence.py(1 hunks)backend/core/migrations/0014_auto_20240522_1731.py(1 hunks)backend/core/migrations/0015_remove_complianceassessment_result_and_more.py(1 hunks)backend/core/migrations/0016_riskscenario_owner.py(1 hunks)backend/core/migrations/0017_requirementassessment_mapping_inference_and_more.py(1 hunks)backend/core/migrations/0018_appliedcontrol_csf_function_and_more.py(1 hunks)backend/core/migrations/0018_framework_translations_loadedlibrary_translations_and_more.py(1 hunks)backend/core/migrations/0019_merge_20240726_2156.py(1 hunks)backend/core/migrations/0020_fix_libraries_objects_meta.py(1 hunks)backend/core/migrations/0021_alter_framework_urn_alter_loadedlibrary_urn_and_more.py(1 hunks)backend/core/migrations/0022_riskscenario_qualifications.py(1 hunks)backend/core/migrations/0023_alter_appliedcontrol_status.py(1 hunks)backend/core/migrations/0024_appliedcontrol_owner.py(1 hunks)backend/core/migrations/0025_complianceassessment_folder_riskassessment_folder_and_more.py(1 hunks)backend/core/migrations/0026_appliedcontrol_cost.py(1 hunks)backend/core/migrations/0027_requirementassessment_answer_and_more.py(1 hunks)backend/core/migrations/0028_complianceassessment_observation_and_more.py(1 hunks)
⛔ Files not processed due to max files limit (22)
- backend/core/migrations/0029_alter_appliedcontrol_link_alter_evidence_link.py
- backend/core/migrations/0030_appliedcontrol_start_date.py
- backend/core/migrations/0031_vulnerability_riskscenario_vulnerabilities.py
- backend/core/migrations/0032_vulnerability_applied_controls_filteringlabel_and_more.py
- backend/core/migrations/0033_fix_mitre_lib_version.py
- backend/core/migrations/0034_fix_loaded_libraries_objects_meta.py
- backend/core/migrations/0035_riskscenario_existing_applied_controls.py
- backend/core/migrations/0036_asset_owner.py
- backend/core/migrations/0037_appliedcontrol_priority.py
- backend/core/migrations/0038_asset_disaster_recovery_objectives_and_more.py
- backend/core/migrations/0039_make_urn_lowercase.py
- backend/core/migrations/0040_riskscenario_ref_id.py
- backend/core/migrations/0041_add_ref_id_to_project_appliedcontrol_assessment.py
- backend/core/migrations/0042_asset_filtering_labels.py
- backend/core/migrations/0043_historicalmetric.py
- backend/core/migrations/0044_qualification.py
- backend/core/migrations/0045_alter_appliedcontrol_category_and_more.py
- backend/core/migrations/0046_riskassessment_ebios_rm_study.py
- backend/core/migrations/0047_loadedlibrary_publication_date_and_more.py
- backend/core/migrations/0048_alter_asset_security_objectives.py
- backend/core/migrations/0049_complianceassessment_show_documentation_score_and_more.py
- backend/core/migrations/0050_appliedcontrol_progress_field.py
💤 Files with no reviewable changes (3)
- LICENSE
- .github/workflows/unit-test-ciso-assistant.yml
- Dockerfile
🧰 Additional context used
🧠 Learnings (3)
📚 Learning: 2025-09-19T08:44:33.744Z
Learnt from: Mohamed-Hacene
Repo: intuitem/ciso-assistant-community PR: 2550
File: backend/core/views.py:3753-3762
Timestamp: 2025-09-19T08:44:33.744Z
Learning: In the domain export/import functionality in backend/core/views.py, Evidence.owner M2M relationships are intentionally not set during import because User objects are not exported. The owner_ids are collected in _process_model_relationships only to prevent M2M field validation errors during import, but they are deliberately not applied in _set_many_to_many_relations since users are environment-specific.
Applied to files:
backend/core/migrations/0016_riskscenario_owner.pybackend/core/migrations/0024_appliedcontrol_owner.py
📚 Learning: 2025-08-25T08:51:15.404Z
Learnt from: Mohamed-Hacene
Repo: intuitem/ciso-assistant-community PR: 2422
File: backend/core/serializers.py:1018-1030
Timestamp: 2025-08-25T08:51:15.404Z
Learning: The CISO Assistant project uses a custom permission system where RoleAssignment.get_accessible_object_ids() provides special handling for Permission objects by filtering them by content_type app_label rather than folder hierarchy, since Permission objects don't belong to folders. This allows safe CRUD operations on permissions while preventing privilege escalation by restricting access to only application-specific permissions from allowed apps: "core", "ebios_rm", "tprm", "privacy", "resilience", and "cal".
Applied to files:
backend/core/filters.py
📚 Learning: 2025-08-12T12:36:17.078Z
Learnt from: nas-tabchiche
Repo: intuitem/ciso-assistant-community PR: 2397
File: backend/privacy/migrations/0005_alter_datacontractor_country_and_more.py:12-214
Timestamp: 2025-08-12T12:36:17.078Z
Learning: In Django migrations, country choices should be hardcoded as static lists rather than referencing dynamic constants like COUNTRY_CHOICES from backend.core.constants, to ensure migrations remain stable over time and don't break if the referenced constants change.
Applied to files:
backend/core/migrations/0023_alter_appliedcontrol_status.py
🧬 Code graph analysis (15)
backend/app_tests/api/test_api_user_groups.py (1)
backend/iam/models.py (2)
RoleAssignment(563-796)get_permissions(778-786)
backend/app_tests/api/test_api_compliance_assessments.py (3)
backend/core/models.py (2)
ComplianceAssessment(2737-3291)Framework(950-1025)backend/iam/models.py (1)
Folder(55-177)backend/app_tests/api/test_utils.py (2)
EndpointTestsQueries(117-1070)Auth(340-1070)
backend/core/management/commands/status.py (1)
backend/iam/models.py (2)
get_editors(539-544)get_root_folder(62-64)
backend/core/base_models.py (1)
backend/ebios_rm/models.py (10)
name(669-674)get_scope(482-483)get_scope(555-556)get_scope(600-601)save(254-256)save(372-374)save(488-490)save(558-560)save(603-606)save(652-654)
backend/app_tests/api/test_api_projects.py (3)
backend/core/models.py (2)
Project(1351-1394)create(1962-1964)backend/iam/models.py (1)
Folder(55-177)backend/app_tests/api/test_utils.py (3)
EndpointTestsQueries(117-1070)Auth(340-1070)get_object_options(501-558)
backend/app_tests/api/test_api_users.py (1)
backend/app_tests/api/test_utils.py (10)
EndpointTestsQueries(117-1070)get_object(120-178)get_object(343-499)create_object(180-209)create_object(560-694)update_object(211-266)update_object(696-844)delete_object(268-317)delete_object(846-957)Auth(340-1070)
backend/app_tests/api/test_api_libraries.py (2)
backend/core/models.py (2)
Framework(950-1025)StoredLibrary(243-356)backend/iam/models.py (2)
Folder(55-177)get_root_folder(62-64)
backend/app_tests/api/test_api_requirement_assessments.py (2)
backend/core/models.py (8)
ComplianceAssessment(2737-3291)RequirementNode(1028-1098)RequirementAssessment(3294-3459)Framework(950-1025)AppliedControl(1740-1955)associated_reference_controls(1063-1070)associated_threats(1073-1080)parent_requirement(1083-1094)backend/app_tests/api/test_utils.py (3)
EndpointTestsQueries(117-1070)Auth(340-1070)get_object_options(501-558)
backend/app_tests/api/test_api_risk_scenarios.py (2)
backend/iam/models.py (1)
Folder(55-177)backend/app_tests/api/test_utils.py (13)
EndpointTestsQueries(117-1070)get_object(120-178)get_object(343-499)create_object(180-209)create_object(560-694)update_object(211-266)update_object(696-844)delete_object(268-317)delete_object(846-957)Auth(340-1070)import_object(319-338)import_object(959-1009)get_object_options(501-558)
backend/core/generators.py (1)
backend/core/models.py (5)
ComplianceAssessment(2737-3291)get_requirement_assessments(2908-2939)AppliedControl(1740-1955)RequirementAssessment(3294-3459)get_selected_implementation_groups(2895-2906)
backend/core/migrations/0001_initial.py (1)
backend/core/validators.py (2)
validate_file_size(23-34)validate_file_name(37-65)
backend/app_tests/api/test_api_assets.py (2)
backend/core/models.py (1)
Type(1400-1410)backend/app_tests/api/test_utils.py (3)
EndpointTestsQueries(117-1070)Auth(340-1070)get_object_options(501-558)
backend/core/helpers.py (4)
backend/iam/models.py (6)
Folder(55-177)RoleAssignment(563-796)User(338-544)get_accessible_object_ids(673-759)get_parent_folders(116-120)get_sub_folders(105-113)backend/library/helpers.py (1)
get_referential_translation(9-46)backend/core/utils.py (1)
camel_case(7-12)backend/core/models.py (14)
AppliedControl(1740-1955)RequirementAssessment(3294-3459)Status(1741-1747)Status(1983-1988)Status(2046-2051)Status(3295-3299)Project(1351-1394)ComplianceAssessment(2737-3291)RequirementNode(1028-1098)RiskScenario(2436-2734)RiskAssessment(2097-2427)Threat(754-782)Result(3301-3306)progress(3279-3291)
backend/ciso_assistant/settings.py (1)
enterprise/backend/enterprise_core/settings.py (1)
set_ciso_assistant_url(34-36)
backend/app_tests/api/test_utils.py (2)
backend/core/models.py (1)
StoredLibrary(243-356)backend/iam/models.py (4)
Folder(55-177)UserGroup(214-241)create_user(301-311)create_superuser(313-326)
🪛 actionlint (1.7.8)
.github/workflows/frontend-coverage.yaml
26-26: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
.github/workflows/functional-tests.yml
49-49: the runner of "actions/setup-python@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
79-79: shellcheck reported issue in this script: SC2129:style:2:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects
(shellcheck)
99-99: shellcheck reported issue in this script: SC2046:warning:1:8: Quote this to prevent word splitting
(shellcheck)
105-105: shellcheck reported issue in this script: SC2046:warning:1:8: Quote this to prevent word splitting
(shellcheck)
118-118: shellcheck reported issue in this script: SC2086:info:1:44: Double quote to prevent globbing and word splitting
(shellcheck)
120-120: shellcheck reported issue in this script: SC2086:info:1:76: Double quote to prevent globbing and word splitting
(shellcheck)
187-187: shellcheck reported issue in this script: SC2129:style:2:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects
(shellcheck)
209-209: shellcheck reported issue in this script: SC2046:warning:1:8: Quote this to prevent word splitting
(shellcheck)
214-214: shellcheck reported issue in this script: SC2046:warning:1:8: Quote this to prevent word splitting
(shellcheck)
224-224: shellcheck reported issue in this script: SC2086:info:1:44: Double quote to prevent globbing and word splitting
(shellcheck)
226-226: shellcheck reported issue in this script: SC2086:info:1:76: Double quote to prevent globbing and word splitting
(shellcheck)
.github/workflows/backend-linters.yaml
27-27: the runner of "actions/setup-python@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
.github/workflows/backend-api-tests.yml
10-10: unexpected key "workflow_dispatch" for "pull_request" section. expected one of "branches", "branches-ignore", "paths", "paths-ignore", "tags", "tags-ignore", "types", "workflows"
(syntax-check)
29-29: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
31-31: the runner of "actions/setup-python@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
45-45: shellcheck reported issue in this script: SC2129:style:2:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects
(shellcheck)
59-59: shellcheck reported issue in this script: SC2046:warning:1:8: Quote this to prevent word splitting
(shellcheck)
64-64: shellcheck reported issue in this script: SC2046:warning:1:8: Quote this to prevent word splitting
(shellcheck)
.github/workflows/docker-build-and-push-ee.yml
39-39: shellcheck reported issue in this script: SC2086:info:1:51: Double quote to prevent globbing and word splitting
(shellcheck)
39-39: shellcheck reported issue in this script: SC2086:info:2:47: Double quote to prevent globbing and word splitting
(shellcheck)
.github/workflows/frontend-linters.yaml
26-26: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
.github/workflows/backend-migrations-check.yaml
29-29: the runner of "actions/setup-python@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
43-43: shellcheck reported issue in this script: SC2129:style:2:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects
(shellcheck)
58-58: shellcheck reported issue in this script: SC2046:warning:1:8: Quote this to prevent word splitting
(shellcheck)
90-90: shellcheck reported issue in this script: SC2129:style:2:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects
(shellcheck)
107-107: shellcheck reported issue in this script: SC2046:warning:1:8: Quote this to prevent word splitting
(shellcheck)
107-107: shellcheck reported issue in this script: SC2181:style:3:6: Check exit code directly with e.g. 'if ! mycmd;', not indirectly with $?
(shellcheck)
.github/workflows/startup-tests.yml
72-72: shellcheck reported issue in this script: SC2129:style:2:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects
(shellcheck)
87-87: shellcheck reported issue in this script: SC2046:warning:1:8: Quote this to prevent word splitting
(shellcheck)
92-92: shellcheck reported issue in this script: SC2046:warning:1:8: Quote this to prevent word splitting
(shellcheck)
103-103: shellcheck reported issue in this script: SC2086:info:1:44: Double quote to prevent globbing and word splitting
(shellcheck)
105-105: shellcheck reported issue in this script: SC2086:info:1:76: Double quote to prevent globbing and word splitting
(shellcheck)
109-109: property "playwright-browser" is not defined in object type {python-version: number}
(expression)
139-139: shellcheck reported issue in this script: SC2046:warning:2:8: Quote this to prevent word splitting
(shellcheck)
214-214: shellcheck reported issue in this script: SC2129:style:2:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects
(shellcheck)
230-230: shellcheck reported issue in this script: SC2046:warning:1:8: Quote this to prevent word splitting
(shellcheck)
235-235: shellcheck reported issue in this script: SC2046:warning:1:8: Quote this to prevent word splitting
(shellcheck)
243-243: shellcheck reported issue in this script: SC2086:info:1:44: Double quote to prevent globbing and word splitting
(shellcheck)
245-245: shellcheck reported issue in this script: SC2086:info:1:76: Double quote to prevent globbing and word splitting
(shellcheck)
249-249: property "playwright-browser" is not defined in object type {python-version: number}
(expression)
274-274: shellcheck reported issue in this script: SC2046:warning:2:8: Quote this to prevent word splitting
(shellcheck)
.github/workflows/frontend-unit-tests.yml
25-25: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
.github/workflows/docker-build-and-push-dummy.yml
30-30: shellcheck reported issue in this script: SC2086:info:1:51: Double quote to prevent globbing and word splitting
(shellcheck)
30-30: shellcheck reported issue in this script: SC2086:info:2:47: Double quote to prevent globbing and word splitting
(shellcheck)
.github/workflows/backend-coverage.yaml
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
39-39: the runner of "actions/setup-python@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
53-53: shellcheck reported issue in this script: SC2129:style:2:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects
(shellcheck)
70-70: shellcheck reported issue in this script: SC2046:warning:1:8: Quote this to prevent word splitting
(shellcheck)
76-76: property access of object must be type of string but got "number"
(expression)
77-77: shellcheck reported issue in this script: SC2046:warning:1:8: Quote this to prevent word splitting
(shellcheck)
77-77: shellcheck reported issue in this script: SC2038:warning:2:1: Use 'find .. -print0 | xargs -0 ..' or 'find .. -exec .. +' to allow non-alphanumeric filenames
(shellcheck)
83-83: property access of object must be type of string but got "number"
(expression)
.github/workflows/docker-build-and-push.yml
39-39: shellcheck reported issue in this script: SC2086:info:1:51: Double quote to prevent globbing and word splitting
(shellcheck)
39-39: shellcheck reported issue in this script: SC2086:info:2:47: Double quote to prevent globbing and word splitting
(shellcheck)
🪛 Biome (2.1.2)
.eslintrc.js
[error] 2-2: Expected a semicolon or an implicit semicolon after a statement, but found none
An explicit or implicit semicolon is expected here...
...Which is required to end this statement
(parse)
[error] 3-3: Expected a semicolon or an implicit semicolon after a statement, but found none
An explicit or implicit semicolon is expected here...
...Which is required to end this statement
(parse)
[error] 6-6: Expected a semicolon or an implicit semicolon after a statement, but found none
An explicit or implicit semicolon is expected here...
...Which is required to end this statement
(parse)
[error] 14-14: Expected a statement but instead found ']'.
Expected a statement here.
(parse)
🪛 Checkov (3.2.334)
.github/workflows/backend-coverage.yaml
[medium] 76-77: Basic Auth Credentials
(CKV_SECRET_4)
🪛 LanguageTool
LICENSE-AGPL.txt
[style] ~16-~16: Consider using only “Public” to avoid wordiness.
Context: ...and change the works. By contrast, our General Public Licenses are intended to guarantee your...
(GENERAL_XX)
[style] ~21-~21: Consider using only “Public” to avoid wordiness.
Context: ...e referring to freedom, not price. Our General Public Licenses are designed to make sure that...
(GENERAL_XX)
[style] ~27-~27: Consider using only “Public” to avoid wordiness.
Context: ...hese things. Developers that use our General Public Licenses protect your rights with two s...
(GENERAL_XX)
[style] ~177-~177: ‘with respect to’ might be wordy. Consider a shorter alternative.
Context: ...by exercising rights under this License with respect to the covered work, and you disclaim any ...
(EN_WORDINESS_PREMIUM_WITH_RESPECT_TO)
[style] ~407-~407: ‘prior to’ might be wordy. Consider a shorter alternative.
Context: ... the violation by some reasonable means prior to 60 days after the cessation. Moreove...
(EN_WORDINESS_PREMIUM_PRIOR_TO)
[style] ~414-~414: ‘prior to’ might be wordy. Consider a shorter alternative.
Context: ...ight holder, and you cure the violation prior to 30 days after your receipt of the notic...
(EN_WORDINESS_PREMIUM_PRIOR_TO)
[style] ~425-~425: Consider a more concise word here.
Context: ...are not required to accept this License in order to receive or run a copy of the Program. ...
(IN_ORDER_TO_PREMIUM)
[style] ~427-~427: To make your writing clearer, consider a shorter, more direct phrase.
Context: ...tion of a covered work occurring solely as a consequence of using peer-to-peer transmission to rece...
(AS_A_CONSEQUENCE_OF)
[uncategorized] ~516-~516: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...conveying the work, and under which the third party grants, to any of the parties who would...
(EN_COMPOUND_ADJECTIVE_INTERNAL)
[style] ~522-~522: ‘prior to’ might be wordy. Consider a shorter alternative.
Context: ...nt, or that patent license was granted, prior to 28 March 2007. Nothing in this Licen...
(EN_WORDINESS_PREMIUM_PRIOR_TO)
[style] ~533-~533: ‘So as to’ expresses purpose and is used in formal texts. Consider using “to”.
Context: ...e. If you cannot convey a covered work so as to satisfy simultaneously your obligations...
(SO_AS_TO)
CONTRIBUTING.md
[uncategorized] ~6-~6: The official name of this software platform is spelled with a capital “H”.
Context: ... the bug was not previously reported on Github issues (see above). - If it's the case,...
(GITHUB)
[uncategorized] ~25-~25: The official name of this software platform is spelled with a capital “H”.
Context: ...contact us if you are not familiar with Github.
(GITHUB)
README.md
[grammar] ~42-~42: Use a hyphen to join words.
Context: ...neration Our vision is to provide a one stop shop for cyber security posture man...
(QB_NEW_EN_HYPHEN)
[uncategorized] ~552-~552: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...y contains the source code for both the Open Source edition of CISO Assistant (Community Ed...
(EN_COMPOUND_ADJECTIVE_INTERNAL)
🪛 markdownlint-cli2 (0.18.1)
CODE_OF_CONDUCT.md
63-63: Bare URL used
(MD034, no-bare-urls)
.github/ISSUE_TEMPLATE/feature_request.md
12-12: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
README.md
25-25: Images should have alternate text (alt text)
(MD045, no-alt-text)
48-48: Images should have alternate text (alt text)
(MD045, no-alt-text)
61-61: Bare URL used
(MD034, no-bare-urls)
80-80: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
100-100: Blank line inside blockquote
(MD028, no-blanks-blockquote)
297-297: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
301-301: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
318-318: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
356-356: Bare URL used
(MD034, no-bare-urls)
505-505: Blank line inside blockquote
(MD028, no-blanks-blockquote)
530-530: Images should have alternate text (alt text)
(MD045, no-alt-text)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: GitGuardian Security Checks
| { | ||
| "rules": { | ||
| "@typescript-eslint/no-unused-vars": [ | ||
| "error", | ||
| { | ||
| "args": "all", | ||
| "argsIgnorePattern": "^_", | ||
| "caughtErrors": "all", | ||
| "caughtErrorsIgnorePattern": "^_", | ||
| "destructuredArrayIgnorePattern": "^_", | ||
| "varsIgnorePattern": "^_", | ||
| "ignoreRestSiblings": true | ||
| } | ||
| ] | ||
| } | ||
| } No newline at end of file |
There was a problem hiding this comment.
Critical: Invalid file format - JSON content in .js file.
The file has a .js extension but contains pure JSON syntax, which is invalid JavaScript. ESLint will fail to load this configuration file.
Two solutions:
- Rename to
.eslintrc.json(simpler):
git mv .eslintrc.js .eslintrc.json- Convert to JavaScript module format:
-{
- "rules": {
- "@typescript-eslint/no-unused-vars": [
- "error",
- {
- "args": "all",
- "argsIgnorePattern": "^_",
- "caughtErrors": "all",
- "caughtErrorsIgnorePattern": "^_",
- "destructuredArrayIgnorePattern": "^_",
- "varsIgnorePattern": "^_",
- "ignoreRestSiblings": true
- }
- ]
- }
- }
+module.exports = {
+ rules: {
+ "@typescript-eslint/no-unused-vars": [
+ "error",
+ {
+ args: "all",
+ argsIgnorePattern: "^_",
+ caughtErrors: "all",
+ caughtErrorsIgnorePattern: "^_",
+ destructuredArrayIgnorePattern: "^_",
+ varsIgnorePattern: "^_",
+ ignoreRestSiblings: true
+ }
+ ]
+ }
+};The Biome static analysis errors confirm this issue.
Additional concern: The PR objectives describe adding a YAML mapping file for Loi 05-20 ↔ ISO/IEC 27001:2022 compliance, but this file is an ESLint configuration. Please verify this is the intended file for this PR.
🧰 Tools
🪛 Biome (2.1.2)
[error] 2-2: Expected a semicolon or an implicit semicolon after a statement, but found none
An explicit or implicit semicolon is expected here...
...Which is required to end this statement
(parse)
[error] 3-3: Expected a semicolon or an implicit semicolon after a statement, but found none
An explicit or implicit semicolon is expected here...
...Which is required to end this statement
(parse)
[error] 6-6: Expected a semicolon or an implicit semicolon after a statement, but found none
An explicit or implicit semicolon is expected here...
...Which is required to end this statement
(parse)
[error] 14-14: Expected a statement but instead found ']'.
Expected a statement here.
(parse)
🤖 Prompt for AI Agents
.eslintrc.js around lines 1-16: The file is named .js but contains pure JSON
which is invalid JS and prevents ESLint from loading; either rename the file to
.eslintrc.json (git mv .eslintrc.js .eslintrc.json) or convert its contents into
a valid JS module (export default { rules: { ... } } or module.exports = {
rules: { ... } }); after fixing, run the linter to confirm no load errors and
verify this change matches the PR intent (ensure you actually meant to add an
ESLint config and not the YAML mapping file for Loi 05-20 ↔ ISO/IEC 27001:2022).
| **Problem statement** | ||
| I want to be able to do X, but the current implementation only allows for Y. | ||
|
|
||
| **Expected behavior** | ||
|
|
||
| 1. Go to '...' | ||
| 2. Click on '....' | ||
| 3. Scroll down to '....' | ||
| 4. See error | ||
|
|
||
| **Mock** | ||
| If applicable, add screenshots to help explain the expectation. | ||
|
|
||
| **Additional context** | ||
| Add any other context about the problem here. |
There was a problem hiding this comment.
Use markdown headings instead of bold emphasis for section headers.
Lines 9, 12, 19, and 22 use bold emphasis (**...**) for section headers. For proper document structure and accessibility, these should be converted to markdown headings using # or ## syntax.
Apply this diff to use proper markdown headings:
-**Problem statement**
+## Problem statement
I want to be able to do X, but the current implementation only allows for Y.
-**Expected behavior**
+## Expected behavior
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
-**Mock**
+## Mock
If applicable, add screenshots to help explain the expectation.
-**Additional context**
+## Additional context
Add any other context about the problem here.This aligns with Markdown best practices (MD036 from markdownlint).
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| **Problem statement** | |
| I want to be able to do X, but the current implementation only allows for Y. | |
| **Expected behavior** | |
| 1. Go to '...' | |
| 2. Click on '....' | |
| 3. Scroll down to '....' | |
| 4. See error | |
| **Mock** | |
| If applicable, add screenshots to help explain the expectation. | |
| **Additional context** | |
| Add any other context about the problem here. | |
| ## Problem statement | |
| I want to be able to do X, but the current implementation only allows for Y. | |
| ## Expected behavior | |
| 1. Go to '...' | |
| 2. Click on '....' | |
| 3. Scroll down to '....' | |
| 4. See error | |
| ## Mock | |
| If applicable, add screenshots to help explain the expectation. | |
| ## Additional context | |
| Add any other context about the problem here. |
🧰 Tools
🪛 markdownlint-cli2 (0.18.1)
12-12: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
🤖 Prompt for AI Agents
In .github/ISSUE_TEMPLATE/feature_request.md around lines 9 to 23, the section
headers use bold emphasis instead of Markdown headings; replace the bolded lines
(lines 9, 12, 19, 22) with proper Markdown headings (for example "## Problem
statement", "## Expected behavior", "## Mock", "## Additional context") so each
header uses #/## syntax and the surrounding content remains unchanged to satisfy
markdownlint MD036 and improve document structure and accessibility.
| on: | ||
| pull_request: | ||
| branches: [main, develop] | ||
| types: [opened, synchronize] | ||
| paths: | ||
| - "backend/**" | ||
| - ".github/workflows/backend-api-tests.yml" | ||
| workflow_dispatch: |
There was a problem hiding this comment.
Fix workflow trigger syntax error.
The workflow_dispatch key is incorrectly nested under pull_request. It should be at the root on: level as a separate trigger.
Apply this diff:
on:
pull_request:
branches: [main, develop]
types: [opened, synchronize]
paths:
- "backend/**"
- ".github/workflows/backend-api-tests.yml"
+ workflow_dispatch:
- workflow_dispatch:📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| on: | |
| pull_request: | |
| branches: [main, develop] | |
| types: [opened, synchronize] | |
| paths: | |
| - "backend/**" | |
| - ".github/workflows/backend-api-tests.yml" | |
| workflow_dispatch: | |
| on: | |
| pull_request: | |
| branches: [main, develop] | |
| types: [opened, synchronize] | |
| paths: | |
| - "backend/**" | |
| - ".github/workflows/backend-api-tests.yml" | |
| workflow_dispatch: |
🧰 Tools
🪛 actionlint (1.7.8)
10-10: unexpected key "workflow_dispatch" for "pull_request" section. expected one of "branches", "branches-ignore", "paths", "paths-ignore", "tags", "tags-ignore", "types", "workflows"
(syntax-check)
🤖 Prompt for AI Agents
In .github/workflows/backend-api-tests.yml around lines 3 to 10, the
workflow_dispatch trigger is incorrectly nested under pull_request; move
workflow_dispatch out to be a sibling of pull_request under the top-level on:
key (so on: contains pull_request: {...} and workflow_dispatch: {} at the same
indentation), remove it from inside pull_request, and ensure YAML indentation is
valid so both triggers are applied.
| - name: Run coverage | ||
| working-directory: ${{env.backend-directory}} | ||
| env: | ||
| DATABASE_URL: "postgres://postgres:postgres@localhost:${{ job.services.postgres.ports[5432] }}/postgres" |
There was a problem hiding this comment.
Fix DATABASE_URL port access syntax.
The expression ${{ job.services.postgres.ports[5432] }} uses a numeric index on an object, which will cause a workflow error. GitHub Actions requires string keys for property access.
Apply this diff:
- DATABASE_URL: "postgres://postgres:postgres@localhost:${{ job.services.postgres.ports[5432] }}/postgres"
+ DATABASE_URL: "postgres://postgres:postgres@localhost:${{ job.services.postgres.ports['5432'] }}/postgres"Apply the same fix on line 83.
Also applies to: 83-83
🧰 Tools
🪛 actionlint (1.7.8)
76-76: property access of object must be type of string but got "number"
(expression)
🪛 Checkov (3.2.334)
[medium] 76-77: Basic Auth Credentials
(CKV_SECRET_4)
🤖 Prompt for AI Agents
.github/workflows/backend-coverage.yaml lines 76 and 83: the workflow expression
currently uses a numeric object index `${{ job.services.postgres.ports[5432] }}`
which is invalid in GitHub Actions; replace the numeric index with a string key
so the expression becomes `${{ job.services.postgres.ports['5432'] }}` (apply on
both line 76 and line 83).
| - name: Set up python ${{ matrix.python-version }} | ||
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: ${{ matrix.python-version }} | ||
| cache: "pip" | ||
| - name: Install ruff | ||
| working-directory: ${{env.working-directory}} | ||
| run: | | ||
| python -m pip install ruff==0.9.2 |
There was a problem hiding this comment.
Bump actions/setup-python to a Node20+ release.
actions/setup-python@v4 still targets the retired Node16 runtime, which GitHub removed from hosted runners in late 2024. Upgrade to the current major (v6) so the job stays runnable on ubuntu-24.04.(github.blog)
Use this change:
- - name: Set up python ${{ matrix.python-version }}
- uses: actions/setup-python@v4
+ - name: Set up python ${{ matrix.python-version }}
+ uses: actions/setup-python@v6📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Set up python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: "pip" | |
| - name: Install ruff | |
| working-directory: ${{env.working-directory}} | |
| run: | | |
| python -m pip install ruff==0.9.2 | |
| - name: Set up python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: "pip" | |
| - name: Install ruff | |
| working-directory: ${{env.working-directory}} | |
| run: | | |
| python -m pip install ruff==0.9.2 |
🧰 Tools
🪛 actionlint (1.7.8)
27-27: the runner of "actions/setup-python@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🤖 Prompt for AI Agents
In .github/workflows/backend-linters.yaml around lines 26 to 34, the workflow
uses actions/setup-python@v4 which depends on the retired Node16 runtime; update
the action to actions/setup-python@v6 (Node20+) to restore compatibility with
ubuntu-24.04 runners, keeping the same inputs (python-version and cache) and
verify the workflow runs locally or via a test commit; also scan the workflow
for any other actions pinned to v4/v5 that may require similar updates and bump
them consistently if needed.
| - SOC2 | ||
| - PCI DSS 4.0 | ||
| - CMMC v2 | ||
| Our vision is to provide a one stop shop for cyber security posture management and cover the layers of **GRC** (Governance, Risk and Compliance). As practitioners interacting with multiple cybersecurity and IT professionals, we have struggled with fragmentation and lack of efficient tooling. We keep improving CISO Assistant with anything that could bring clarity and productivity to cybersecurity teams and reduce the effort of research, audit management and paperwork. |
There was a problem hiding this comment.
Fix hyphenation in compound adjective.
Line 42 uses "one stop shop" which should be hyphenated as "one-stop shop" when used as a compound adjective modifying "cyber security posture management."
Apply this diff:
-Our vision is to provide a one stop shop for cyber security posture management and cover the layers of **GRC** (Governance, Risk and Compliance).
+Our vision is to provide a one-stop shop for cyber security posture management and cover the layers of **GRC** (Governance, Risk and Compliance).📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| Our vision is to provide a one stop shop for cyber security posture management and cover the layers of **GRC** (Governance, Risk and Compliance). As practitioners interacting with multiple cybersecurity and IT professionals, we have struggled with fragmentation and lack of efficient tooling. We keep improving CISO Assistant with anything that could bring clarity and productivity to cybersecurity teams and reduce the effort of research, audit management and paperwork. | |
| Our vision is to provide a one-stop shop for cyber security posture management and cover the layers of **GRC** (Governance, Risk and Compliance). As practitioners interacting with multiple cybersecurity and IT professionals, we have struggled with fragmentation and lack of efficient tooling. We keep improving CISO Assistant with anything that could bring clarity and productivity to cybersecurity teams and reduce the effort of research, audit management and paperwork. |
🧰 Tools
🪛 LanguageTool
[grammar] ~42-~42: Use a hyphen to join words.
Context: ...neration Our vision is to provide a one stop shop for cyber security posture man...
(QB_NEW_EN_HYPHEN)
🤖 Prompt for AI Agents
In README.md around line 42, change the unhyphenated compound adjective "one
stop shop" to the hyphenated form "one-stop shop" so the phrase correctly
modifies "cyber security posture management"; update the sentence accordingly
and ensure spacing and punctuation remain consistent.
| Here is an illustration of the **decoupling** principle and its advantages: | ||
|
|
||
| ### Requirements | ||
| https://github.com/user-attachments/assets/87bd4497-5cc2-4221-aeff-396f6b6ebe62 |
There was a problem hiding this comment.
Replace bare URL with proper markdown link syntax.
Line 61 contains a bare URL which violates markdown linting rule MD034. Embed it in a proper link or code block.
Apply this diff (or similar formatting that suits the context):
-https://github.com/user-attachments/assets/87bd4497-5cc2-4221-aeff-396f6b6ebe62
+
+[View decoupling principle video](https://github.com/user-attachments/assets/87bd4497-5cc2-4221-aeff-396f6b6ebe62)📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| https://github.com/user-attachments/assets/87bd4497-5cc2-4221-aeff-396f6b6ebe62 | |
| [View decoupling principle video](https://github.com/user-attachments/assets/87bd4497-5cc2-4221-aeff-396f6b6ebe62) |
🧰 Tools
🪛 markdownlint-cli2 (0.18.1)
61-61: Bare URL used
(MD034, no-bare-urls)
🤖 Prompt for AI Agents
In README.md around line 61, there is a bare URL which violates markdown lint
rule MD034; replace the raw URL with proper Markdown link syntax (e.g., [link
text](https://github.com/user-attachments/assets/87bd4497-5cc2-4221-aeff-396f6b6ebe62))
or wrap it in a code block if you intend to show it as literal text, ensuring
the link text is descriptive and the URL remains unchanged.
| clone the repo: | ||
|
|
||
| 💡 *Advice*: run everything inside a virtual environment. It is a good practice concerning python projects! | ||
| ``` |
There was a problem hiding this comment.
Specify language for code block.
Line 80's fenced code block is missing a language identifier. Add sh to enable proper syntax highlighting and comply with markdown linting (MD040).
Apply this diff:
-```
+```sh
git clone https://github.com/intuitem/ciso-assistant-community.git
-```
+```sh🧰 Tools
🪛 markdownlint-cli2 (0.18.1)
80-80: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
In README.md around line 80, the fenced code block lacks a language identifier;
update the closing/opening fence so the block is labeled with sh by changing the
block to use ```sh for both fences (i.e., add the language tag to the opening
fence) so the snippet becomes a shell code block and satisfies MD040.
|
|
||
| > [!WARNING] | ||
| > If you're getting warnings or errors about image's platform not matching host platform, raise an issue with the details and we'll add it shortly after. You can also use `docker-compose-build.sh` instead (see below) to build for your specific architecture. | ||
There was a problem hiding this comment.
Remove blank lines inside blockquotes (MD028).
Lines 100 and 505 contain blank lines within blockquote sections, which violates markdown linting rule MD028.
Apply these diffs to remove blank lines within blockquotes:
> [!WARNING]
> If you're getting warnings or errors about image's platform not matching host platform, raise an issue with the details and we'll add it shortly after. You can also use `docker-compose-build.sh` instead (see below) to build for your specific architecture.
-
-> [!CAUTION]
+> [!CAUTION] > [!NOTE]
> The frontend cannot infer the host automatically, so you need to either set the ORIGIN variable, or the HOST_HEADER and PROTOCOL_HEADER variables. Please see [the sveltekit doc](https://kit.svelte.dev/docs/adapter-node#environment-variables-origin-protocolheader-hostheader-and-port-header) on this tricky issue. Beware that this approach does not work with "pnpm run dev", which should not be a worry for production.
-
-> [!NOTE]
+> [!NOTE]Also applies to: 505-505
🧰 Tools
🪛 markdownlint-cli2 (0.18.1)
100-100: Blank line inside blockquote
(MD028, no-blanks-blockquote)
🤖 Prompt for AI Agents
In README.md around lines 100 and 505, there are blank lines inside blockquote
sections that violate MD028; remove the empty lines so that every line inside
each blockquote begins with the blockquote marker (>) and there are no
standalone blank lines between quoted lines, preserving the existing quoted text
and spacing only outside the blockquote.
| 3. Choose the tool of your choice, either python-venv or virtualenv. For example: | ||
| 3. Install poetry | ||
|
|
||
| Visit the poetry website for instructions: https://python-poetry.org/docs/#installation |
There was a problem hiding this comment.
Replace bare URL with proper markdown link.
Line 356 contains a bare URL pointing to the Poetry documentation. Wrap it in markdown link syntax for consistency with the rest of the document (MD034).
Apply this diff:
-Visit the poetry website for instructions: https://python-poetry.org/docs/#installation
+Visit the [poetry website](https://python-poetry.org/docs/#installation) for instructions.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| Visit the poetry website for instructions: https://python-poetry.org/docs/#installation | |
| Visit the [poetry website](https://python-poetry.org/docs/#installation) for instructions. |
🧰 Tools
🪛 markdownlint-cli2 (0.18.1)
356-356: Bare URL used
(MD034, no-bare-urls)
🤖 Prompt for AI Agents
In README.md around line 356, the line contains a bare URL to the Poetry docs;
replace it with proper Markdown link syntax by wrapping the URL in square
brackets for link text and parentheses for the URL (e.g., [Poetry
installation](https://python-poetry.org/docs/#installation)) to satisfy MD034
and match existing document style.
18 participants
Cette Pull Request ajoute le fichier map_loi05-20_iso27001-2022_.yaml, qui établit la correspondance entre les exigences de la Loi 05-20 et les clauses de la norme ISO/IEC 27001 : 2022.
Contenu du fichier :
Associations article-par-article avec les contrôles ISO 27001 (Annexe A 2022)
Mise en évidence des exigences juridiques équivalentes aux bonnes pratiques internationales
Liens entre responsabilités légales marocaines et objectifs de sécurité ISO
Objectif :
Faciliter la mise en œuvre d’un cadre de conformité intégré entre la réglementation marocaine (Loi 05-20) et les standards internationaux (ISO/IEC 27001 : 2022).
Summary by CodeRabbit
New Features
Chores
Documentation
Refactor