v0.5.0

.all-contributorsrc

@@ -56,6 +56,15 @@
         "design",
         "ideas"
       ]
+    },
+    {
+      "login": "ViktorLindstrm",
+      "name": "Viktor Lindström",
+      "avatar_url": "https://avatars.githubusercontent.com/u/3715582?v=4",
+      "profile": "https://github.com/ViktorLindstrm",
+      "contributions": [
+        "code"
+      ]
     }
   ]
-}
+}

.github/CODEOWNERS

@@ -1,3 +1,3 @@
-# This project is maintained with love by:
+# This project is maintained with love by
 
-- @geekmasher
+- @advanced-security/oss-maintainers

.github/action/src/codeql.ts

@@ -7,7 +7,7 @@ import * as github from "@actions/github";
 import * as toolrunner from "@actions/exec/lib/toolrunner";
 
 export const EXTRACTOR_REPOSITORY = "advanced-security/codeql-extractor-iac";
-export const EXTRACTOR_VERSION = "v0.4.1"; // stable version
+export const EXTRACTOR_VERSION = "v0.5.0"; // stable version
 
 export interface CodeQLConfig {
   // The path to the codeql bundle.

.github/dependabot.yml

@@ -5,19 +5,38 @@
 
 version: 2
 updates:
-  - package-ecosystem: "cargo"
+  - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
     reviewers:
-      - "geekmasher"
+      - "advanced-security/oss-maintainers"
+    target-branch: "main"
+    commit-message:
+      prefix: deps
+      prefix-development: chore
+    labels:
+      - "Dependencies"
     groups:
-      extractor:
+      production-dependencies:
         dependency-type: "production"
+      development-dependencies:
+        dependency-type: "development"
 
-  - package-ecosystem: "github-actions"
+  - package-ecosystem: "cargo"
     directory: "/"
     schedule:
       interval: "weekly"
     reviewers:
-      - "geekmasher"
+      - "advanced-security/oss-maintainers"
+    target-branch: "main"
+    commit-message:
+      prefix: deps
+      prefix-development: chore
+    labels:
+      - "Dependencies"
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+      development-dependencies:
+        dependency-type: "development"

.github/workflows/build.yml

@@ -69,79 +69,80 @@ jobs:
         run: |
           ./scripts/run-tests.sh "ql/test/${{ matrix.test-folders }}"
 
-  scanning:
-    runs-on: ubuntu-latest
-    needs: [tests]
-
-    strategy:
-      matrix:
-        project: ["hashicorp/terraform-guides", "akamai/terraform-examples", "aws-samples/aws-sam-terraform-examples"]
-
-    steps:
-      - name: "Checkout"
-        uses: actions/checkout@v5
-        with:
-          submodules: true
-
-      - name: "Checkout"
-        uses: actions/checkout@v5
-        with:
-          repository: ${{ matrix.project }}
-          path: project
-
-      - name: "Check for changes"
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-        id: extractor-changes
-        with:
-          filters: |
-            src:
-              - 'extractor/**'
-              - 'rust-toolchain.toml'
-              - 'Cargo.*'
-
-      - name: "Download Extracter"
-        if: steps.extractor-changes.outputs.src == 'false'
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          set -e
-          gh release list -L 1 -R "advanced-security/codeql-extractor-iac"
-
-          gh release download \
-              -R "advanced-security/codeql-extractor-iac" \
-              --clobber \
-              --pattern 'extractor-iac.tar.gz'
-
-          tar -zxf extractor-iac.tar.gz
-
-      - uses: dtolnay/rust-toolchain@4305c38b25d97ef35a8ad1f985ccf2d2242004f2 # stable
-        if: steps.extractor-changes.outputs.src == 'true'
-
-      - name: "Build Extractor"
-        if: steps.extractor-changes.outputs.src == 'true'
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          set -e
-          gh extensions install github/gh-codeql
-          gh codeql set-version latest
-
-          ./scripts/create-extractor-pack.sh
-
-          gh codeql resolve languages --format=json --search-path ./extractor-pack
-
-      - name: "Run CodeQL Analysis"
-        env:
-          GH_TOKEN: ${{ github.token }}
-          PROJECT_REPO: ${{ matrix.project }}
-        run: |
-          set -e
-          gh extensions install github/gh-codeql
-          gh codeql set-version latest
-
-          gh codeql database create iac-db --language=iac --source-root=./project --search-path ./extractor-pack
-
-          gh codeql database analyze iac-db "advanced-security/iac-queries" --format=sarifv2.1.0 --output="iac-${PROJECT_REPO}.sarif"
+  # scanning:
+  #   runs-on: ubuntu-latest
+  #   needs: [tests]
+
+  #   strategy:
+  #     matrix:
+  #       # project: ["hashicorp/terraform-guides", "akamai/terraform-examples", "aws-samples/aws-sam-terraform-examples"]
+  #       project: []
+
+  #   steps:
+  #     - name: "Checkout"
+  #       uses: actions/checkout@v5
+  #       with:
+  #         submodules: true
+
+  #     - name: "Checkout"
+  #       uses: actions/checkout@v5
+  #       with:
+  #         repository: ${{ matrix.project }}
+  #         path: project
+
+  #     - name: "Check for changes"
+  #       uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+  #       id: extractor-changes
+  #       with:
+  #         filters: |
+  #           src:
+  #             - 'extractor/**'
+  #             - 'rust-toolchain.toml'
+  #             - 'Cargo.*'
+
+  #     - name: "Download Extracter"
+  #       if: steps.extractor-changes.outputs.src == 'false'
+  #       env:
+  #         GH_TOKEN: ${{ github.token }}
+  #       run: |
+  #         set -e
+  #         gh release list -L 1 -R "advanced-security/codeql-extractor-iac"
+
+  #         gh release download \
+  #             -R "advanced-security/codeql-extractor-iac" \
+  #             --clobber \
+  #             --pattern 'extractor-iac.tar.gz'
+
+  #         tar -zxf extractor-iac.tar.gz
+
+  #     - uses: dtolnay/rust-toolchain@4305c38b25d97ef35a8ad1f985ccf2d2242004f2 # stable
+  #       if: steps.extractor-changes.outputs.src == 'true'
+
+  #     - name: "Build Extractor"
+  #       if: steps.extractor-changes.outputs.src == 'true'
+  #       env:
+  #         GH_TOKEN: ${{ github.token }}
+  #       run: |
+  #         set -e
+  #         gh extensions install github/gh-codeql
+  #         gh codeql set-version latest
+
+  #         ./scripts/create-extractor-pack.sh
+
+  #         gh codeql resolve languages --format=json --search-path ./extractor-pack
+
+  #     - name: "Run CodeQL Analysis"
+  #       env:
+  #         GH_TOKEN: ${{ github.token }}
+  #         PROJECT_REPO: ${{ matrix.project }}
+  #       run: |
+  #         set -e
+  #         gh extensions install github/gh-codeql
+  #         gh codeql set-version latest
+
+  #         gh codeql database create --language=iac --source-root=./project --search-path ./extractor-pack iac-db
+
+  #         gh codeql database analyze --search-path ./extractor-pack --format sarif-latest --output="iac-${PROJECT_REPO}.sarif" iac-db ./ql/src
 
 
   docs:

.release.yml

@@ -1,27 +1,23 @@
 name: codeql-extractor-iac
-version: 0.4.1
-default: false
+repository: advanced-security/codeql-extractor-iac
+version: 0.5.0
+
+ecosystems:
+  - "Docs"
+  - "CodeQL"
+
+exclude:
+  - "target/"
+  - "extractor-pack/"
 
 locations:
-  - name: "Release file"
-    paths:
-      - ".release.yml"
-    patterns:
-      - '\nversion:\s*([0-9]+\.[0-9]+\.[0-9])'
-  - name: "Docs"
-    paths:
-      - "README.md"
-    patterns:
-      - 'advanced-security/codeql-extractor-iac@v\s*([0-9]+\.[0-9]+\.[0-9])'
-  - name: "CodeQL Extractor / Packs"
+  - name: "CodeQL Extractor"
     paths:
       - "codeql-extractor.yml"
-      - "ql/lib/qlpack.yml"
-      - "ql/src/qlpack.yml"
     exclude:
       - ".codeql"
     patterns:
-      - '\nversion:\s*([0-9]+\.[0-9]+\.[0-9])'
+      - '\nversion:\s*{version}'
   - name: "Cargo"
     exclude:
       - "/target/"
@@ -30,9 +26,9 @@ locations:
     paths:
       - "*/Cargo.toml"
     patterns:
-      - '\nversion\s*=\s*"([0-9]+\.[0-9]+\.[0-9])"'
+      - '\nversion\s*=\s*"{version}"'
   - name: "Extractor Action"
     paths:
-      - ".github/action/src/codeql.ts"
+      - "action.yml"
     patterns:
-      - 'EXTRACTOR_VERSION\s*=\s*"v([0-9]+\.[0-9]+\.[0-9])";'
+      - '{repository}@v{version}'

CONTRIBUTING.md

@@ -1,33 +1,89 @@
-# Contributing
+# Contributing 🤝
 
-Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.
+Thank you for your interest in contributing to this project! Your help makes it better for everyone.
 
-Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](LICENSE.md).
+## Code of Conduct 📝
 
-Please note that this project is released with a [Contributor Code of Conduct][code-of-conduct]. By participating in this project you agree to abide by its terms.
+By participating, you agree to abide by our [Contributor Code of Conduct](CODE_OF_CONDUCT.md).
 
-## Submitting a pull request
+## Getting Started
 
-1. [Fork][fork] and clone the repository
-2. Make sure the tests pass on your machine: `./tests/run-tests.sh`
-   - Tests can be run from VSCode
-3. Create a new branch: `git checkout -b my-branch-name`
-4. Make your change, add tests, and make sure the tests still pass
-5. Push to your fork and [submit a pull request][pr]
-6. Pat yourself on the back and wait for your pull request to be reviewed and merged.
+### Build the extractor
 
-Here are a few things you can do that will increase the likelihood of your pull request being accepted:
+To build the extractor, use the following command:
 
-- Write tests.
-- Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
-- Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
+```sh
+./scripts/create-extractor-pack.sh
+```
+
+This will create the extractor pack in the `./extractor-pack` directory.
+
+### Installing Dependencies
+
+To install the dependencies of the queries, run the following command:
+
+```sh
+codeql pack install ./ql/lib
+```
+
+This will install the necessary dependencies for the library queries.
+Alternatively, you can install them using VSCode's CodeQL extension.
+
+### Compiling the Library
+
+To compile the library queries, run:
+
+```sh
+codeql pack create ./ql/lib
+```
+
+You can also install these packs into the CodeQL home directory using:
+
+```sh
+codeql pack install --output=$HOME/.codeql/packages ./ql/lib
+```
+
+This will allow your to use the library on your local machine with CodeQL CLI.
+
+### Run Tests
+
+To run all tests:
+
+```sh
+./scripts/run-tests.sh
+```
+
+Or use VSCode's test runner for supported tests.
+
+## Submitting a Pull Request
+
+1. Fork and clone the repository
+2. Create a new branch: `git checkout -b my-feature`
+3. Make your changes and add tests if needed
+4. Ensure all tests pass
+5. Push your branch and open a pull request
+
+### Tips for a Successful PR
+
+- Keep changes focused and minimal
+- Write clear commit messages
+- Add or update tests as needed
+
+## Reporting Issues & Discussions
+
+- Report bugs or request features via [GitHub Issues](https://github.com/advanced-security/codeql-extractor-iac/issues)
+- Use [GitHub Discussions](https://github.com/advanced-security/codeql-extractor-iac/discussions) for questions and ideas
+
+## License 📄
+
+Contributions are released under the [MIT License](LICENSE.md).
 
 ## Resources
 
 - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
 - [Using Pull Requests](https://help.github.com/articles/about-pull-requests/)
 - [GitHub Help](https://help.github.com)
 
-[fork]: https://github.com/advanced-security/codeql-extractor-iac/fork
-[pr]: https://github.com/advanced-security/codeql-extractor-iac/compare
-[code-of-conduct]: CODE_OF_CONDUCT.md
+---
+
+If you have any questions, open an issue or start a discussion. Thank you for helping improve this project! 🚀