Trivy

Trivy has been reviewed, and there are only three vulnerabilities left, which do not apply to the project.

The first and second vulnerabilities are related to ansi-regex. However, the versions that are not patched are not used in the web application (even if they are installed in the docker image). The third vulnerability is related to next is described in detail here: https://github.com/advisories/GHSA-fmvm-x8mv-47mj BifrostWeb is not affected since the next.config.js file does not assign images.domains :

NPM Audit

Currently, it is only showing the same alert related to next

Lighthouse

When generating Lighthouse reports for the website the overall evaluation of the webiste was very good. Pages related to the IDE present performance problems, but that can be expected.

Evaluation for Main Page

Evaluation for Project Page

Evaluation for IDE

Currently, the report is shown like this. However, in another run (which finished succesfully), the performance score was still not as good as other pages (this is normal due to the nature of the IDE). It is very recommended to run this again and try to improve the webiste when there is time, but there were no critical issues found in the last succesfully generated Lightouse reporte for the IDE.

Refactoring Plan

Global Refactors

• Add IDs to components

• Fix messages/warnings that appear on DevTools

• Move to Node 12 if possible

• Check if logic for licensing components can be simplified somewhat

• Large methods constantly appear in pages/api

• Continue adding coverage to both front-end and back-end

  • The proposed strategy is to check the coverage for the different files and select the file with the most uncovered lines as the new target for unit testing.

  • Continue this until the targer 80% coverage has been reached and any feature that is worth testing has been tested. That includes mainly:

    • All API endpoints

    • Licensing UX/UI

    • Creation of projects

    • Edition of projects

    • Initialization of IDE

    • Conversion

    • Extraction

• Tests should be in the test folder, no in src

• Solve Code Smells that are detected by Sonar Qube

Specific Refactors

• src

  • assets -> Review if there are images that are not being used anywhere. Discuss moving these images to Azure Storage

  • componets -> Rename to components

    • BreadcrumbNav.tsx -> Rename type Fnk

    • InputLicenseKey.tsx -> Move utilities like isSubstringOf to another file

    • FormInputField.tsx -> Is this component needed? Or can it be erased?

    • SystemAlert.tsx -> Is this component needed? Or can it be erased?

  • utils

    • apiQueries/ externalRequests.ts -> Replace ValidProductNameFromPlatform with method from PlatformName module

    • apiQueries/swrFetchers.ts -> Multiple TO DOs

    • gitlab/gitlab-api.ts: Has a TO DO

    • middleware/auth.test.ts: Move to test/utils/middleware folder

    • response-contracts/reference-response.ts -> Is this used anywhere? Or can it be erased?

    • tests/MakeFetchResponse.ts -> Is this used anywhere? Or can it be erased?

    • appUtils.ts -> Check if validateForSubmit can be deleted

    • viewModelsUtils.ts -> Check if can be deleted

  • modules

    • conversionSettings/source-platform.ts -> This is duplicated code

    • errorBoundary/components/ErrorBoundary.tsx -> Class component

    • project/components/ProjectNameForm.tsx -> Complex methods

    • project/index.ts -> Check if can be deleted

    • project/project-model-validation -> Complex methods

  • pages

    • api/auth/[...nextauth].ts -> Complex methods

    • project/index.tsx -> Complex methods

    • 401.tsx -> Not used?

    • 403.tsx -> Not used?

    • 502.tsx -> Not used?

    • 503.tsx -> Not used?