{"id":17689126,"url":"https://github.com/isnackable/g8-codeql","last_synced_at":"2025-03-30T21:44:17.661Z","repository":{"id":73284511,"uuid":"347899494","full_name":"ISnackable/G8-CodeQL","owner":"ISnackable","description":"DISM Final Year Project, Security Software Tool Development, CodeQL Scanner","archived":false,"fork":false,"pushed_at":"2021-07-30T04:45:34.000Z","size":60384,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-02-06T02:19:29.556Z","etag":null,"topics":["advance-security","code-scanning","codeql","security-tools"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ISnackable.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-03-15T08:59:29.000Z","updated_at":"2024-09-05T02:52:47.000Z","dependencies_parsed_at":null,"dependency_job_id":"ee1fbbb1-6271-419a-88f2-078d838bab48","html_url":"https://github.com/ISnackable/G8-CodeQL","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ISnackable%2FG8-CodeQL","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ISnackable%2FG8-CodeQL/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ISnackable%2FG8-CodeQL/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ISnackable%2FG8-CodeQL/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ISnackable","download_url":"https://codeload.github.com/ISnackable/G8-CodeQL/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246385410,"owners_count":20768668,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["advance-security","code-scanning","codeql","security-tools"],"created_at":"2024-10-24T11:46:36.718Z","updated_at":"2025-03-30T21:44:17.643Z","avatar_url":"https://github.com/ISnackable.png","language":"JavaScript","readme":"\u003cbr /\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/ISnackable/DISMFYP2021GRP8/\"\u003e\n    \u003cimg src=\"G8/frontend/src/assets/img/g8-logo.png\" alt=\"Logo\" width=\"80\"\u003e\n  \u003c/a\u003e\n\n  \u003ch3 align=\"center\"\u003eDISMFYP2021GRP8\u003c/h3\u003e\n\n  \u003cp align=\"center\"\u003e\n    FYP Project utilizing CodeQL for code analysis\n    \u003cbr /\u003e\n    \u003ca href=\"https://github.com/ISnackable/DISMFYP2021GRP8/\"\u003e\u003cstrong\u003eExplore the docs »\u003c/strong\u003e\u003c/a\u003e\n    \u003cbr /\u003e\n    \u003cbr /\u003e\n    \u003ca href=\"https://github.com/github/codeql\"\u003eCodeQL\u003c/a\u003e\n    ·\n    \u003ca href=\"https://www.youtube.com/watch?v=Y6PjAaZKNYk\"\u003eView Demo\u003c/a\u003e\n    ·\n    \u003ca href=\"https://neo4j.com/\"\u003eNeo4J\u003c/a\u003e\n\u003c/p\u003e\n\n## Welcome\n\n**DISMFYP2021GRP8**, also known as **G8**, is a static code scanning security tool designed with ReactJS and ExpressJS. It utilizes the CodeQL semantic code analysis engine to find all variants of a vulnerability. Below are some features of G8 but are not limited to.\n\n### Features\n\n- Uploading of project with folders, (_zipped_) files and Git repositories\n- Alert results in a neat and concise page of CodeFlow\n- Alert results visualization with Neo4J integration\n- Interpret custom CodeQL queries\n- Report generation for researcher\n- Viewing custom SARIF file with [sarif-web-components](https://github.com/microsoft/sarif-web-component)\n- Documentation of CodeQL queries\n\n\u003cbr /\u003e\n\n![G8 Pages](G8/frontend/src/assets/img/allphoto.png)\n\n## Dependencies\n\nThe following tools should be installed before starting:\n\n- [Docker](https://www.docker.com/get-started)\n\n## Installation\n\nUse the provided [docker configuration](./G8/docker-compose.yml) to deploy the project:\n\n```shell\n$ docker-compose up -d\n```\n\nThen, visit 127.0.0.1:3000, visit the dashboard page and upload a project you wish to analyze. Click analyze to begin the analysis and watch the magic unfold.\n\nYou can optionally edit the configuration file depending on your needs:\n\n[Backend Configuration File](./G8/backend/config/index.js)\n\n### Usage\n\nTo start trying out the project, follow the steps below.\n\n1. Visit http://127.0.0.1:3000/#/dashboard/\n2. Click on the `Git Repo` button and paste in https://github.com/ISnackable/DISMFYP2021GRP8.git\n3. Click `Submit` to upload the project\n4. Under the Existing Project table, click on `Start Analysis` and wait for the analysis to be done\n5. Click `Load Project` and navigate to CodeQL Alert to view the results\n\n## Development\n\n### Getting Started\n\nTo get a local copy up and running follow these simple example steps.\n\n### Prerequisites\n\nClone this repository on the latest version using git and update all submodules to the latest version.\n\n```shell\n$ git clone https://github.com/ISnackable/DISMFYP2021GRP8/ --recursive --depth 1\n```\n\n#### Install CodeQL CLI\n\n1. [Download](https://github.com/github/codeql-cli-binaries/releases) the CodeQL CLI zip package.\n2. Create a new CodeQL directory where you can place the CLI and any queries and libraries you want to use. For example, `D:/programs/codeql-home` or `/opt/codeql`.\n3. Extract the zip archive in the CodeQL directory; `D:/programs/codeql-home/codeql`\n4. Add CodeQL to Path.\n\n   - Windows\n\n     1. Go to `Control Panel\\System and Security\\System`\n     2. Click on `Advance System Settings`\n     3. Click on `Enviroment Variables`\n     4. Edit `Path` for both User variables and System variables\n     5. Click on `New` and add the CodeQL directory; `D:/programs/codeql-home/codeql`\n\n   - Linux\n\n     ```shell\n     $ export PATH=/opt/codeql:$PATH\n     ```\n\n5. Verify your CodeQL CLI setup.\n\n   ```shell\n   $ codeql --help\n   ```\n\n6. Download \u0026 Install the [CodeQL VSCode Extension](https://marketplace.visualstudio.com/items?itemName=GitHub.vscode-codeql). (Optional)\n\n#### Install MariaDB \u0026 Neo4J\n\n##### Installation with Docker (Recommended)\n\n- [Docker](https://www.docker.com/get-started)\n\n```shell\n$ docker run -p 3306:3306 -d -v G8/backend/init.sql:/docker-entrypoint-initdb.d --env MYSQL_ROOT_PASSWORD=secret docker.io/library/mariadb:10\n```\n\n```shell\n$ docker run -p 7474:7474 -p 7687:7687 -d -v $HOME/neo4j/data:/data --env NEO4J_AUTH=neo4j/s3cr3t neo4j:4.2.7\n```\n\n##### Install Manually\n\n- [MariaDB](https://mariadb.org/download/)\n- [Neo4J Community Edition](https://neo4j.com/download-center/#community)\n\n1. Download \u0026 Install [MariaDB](https://mariadb.org/download/) on the latest version\n2. Verify MariaDB is installed by running the following command\n\n```shell\n$ sudo service mysql status\n```\n\n3. Download \u0026 Install [Neo4J Community Server](https://neo4j.com/download-center/#community) on the latest version\n4. Verify Neo4J is installed by visiting http://localhost:7474.\n\n### Configuration\n\nYou can optionally edit the configuration file depending on your needs:\n\n[Backend Configuration File](./G8/backend/config/index.js)\n\n### Setup and start the frontend\n\n```shell\n$ cd G8/frontend\n$ yarn install\n$ yarn start\n```\n\n### Setup and start the backend\n\n```shell\n$ cd G8/backend\n$ yarn install\n$ yarn start\n```\n\n## License\n\nThe version of CodeQL used by the G8 is subject to the [CodeQL Research Terms \u0026 Conditions](https://securitylab.github.com/tools/codeql/license). \n\nBy using G8, you agree to GitHub CodeQL Terms and Conditions. If you do not accept these Terms, do not download, install, use, or copy the Software.\n\n## Acknowledgements\n\n- [CodeQL](https://github.com/github/codeql)\n- [CodeQL Logo](https://github.com/github/vscode-codeql/blob/main/extensions/ql-vscode/media/VS-marketplace-CodeQL-icon.png)\n- [Themesberg Volt React Dashboard](https://github.com/themesberg/volt-react-dashboard)\n- [Sarif Web Component](https://github.com/microsoft/sarif-web-component)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fisnackable%2Fg8-codeql","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fisnackable%2Fg8-codeql","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fisnackable%2Fg8-codeql/lists"}