Bifrost Portal Report
Trivy
Trivy has been reviewed, and there are only three vulnerabilities left, which do not apply to the project.
The first and second vulnerabilities are related to ansi-regex. However, the versions that are not patched are not used in the web application (even if they are installed in the docker image). The third vulnerability is related to next is described in detail here: https://github.com/advisories/GHSA-fmvm-x8mv-47mj BifrostWeb is not affected since the next.config.js file does not assign images.domains :
NPM Audit
Currently, it is only showing the same alert related to next
Lighthouse
When generating Lighthouse reports for the website the overall evaluation of the webiste was very good. Pages related to the IDE present performance problems, but that can be expected.
Evaluation for Main Page
Evaluation for Project Page
Evaluation for IDE
Currently, the report is shown like this. However, in another run (which finished succesfully), the performance score was still not as good as other pages (this is normal due to the nature of the IDE). It is very recommended to run this again and try to improve the webiste when there is time, but there were no critical issues found in the last succesfully generated Lightouse reporte for the IDE.
Refactoring Plan
Global Refactors
Add IDs to components
Fix messages/warnings that appear on DevTools
Move to Node 12 if possible
Check if logic for licensing components can be simplified somewhat
Large methods constantly appear in pages/api
Continue adding coverage to both front-end and back-end
The proposed strategy is to check the coverage for the different files and select the file with the most uncovered lines as the new target for unit testing.
Continue this until the targer 80% coverage has been reached and any feature that is worth testing has been tested. That includes mainly:
All API endpoints
Licensing UX/UI
Creation of projects
Edition of projects
Initialization of IDE
Conversion
Extraction
Tests should be in the test folder, no in src
Solve Code Smells that are detected by Sonar Qube
Specific Refactors
src
assets -> Review if there are images that are not being used anywhere. Discuss moving these images to Azure Storage
componets -> Rename to components
BreadcrumbNav.tsx -> Rename type Fnk
InputLicenseKey.tsx -> Move utilities like isSubstringOf to another file
FormInputField.tsx -> Is this component needed? Or can it be erased?
SystemAlert.tsx -> Is this component needed? Or can it be erased?
utils
apiQueries/ externalRequests.ts -> Replace ValidProductNameFromPlatform with method from PlatformName module
apiQueries/swrFetchers.ts -> Multiple TO DOs
gitlab/gitlab-api.ts: Has a TO DO
middleware/auth.test.ts: Move to test/utils/middleware folder
response-contracts/reference-response.ts -> Is this used anywhere? Or can it be erased?
tests/MakeFetchResponse.ts -> Is this used anywhere? Or can it be erased?
appUtils.ts -> Check if validateForSubmit can be deleted
viewModelsUtils.ts -> Check if can be deleted
modules
conversionSettings/source-platform.ts -> This is duplicated code
errorBoundary/components/ErrorBoundary.tsx -> Class component
project/components/ProjectNameForm.tsx -> Complex methods
project/index.ts -> Check if can be deleted
project/project-model-validation -> Complex methods
pages
api/auth/[...nextauth].ts -> Complex methods
project/index.tsx -> Complex methods
401.tsx -> Not used?
403.tsx -> Not used?
502.tsx -> Not used?
503.tsx -> Not used?
Last updated