Updating the doc (#1)

* updating document

* Fix: remove yarn

* feat: removing yarn from husky

.github/workflows/gh-pages.yml

@@ -18,8 +18,7 @@ jobs:
 
       - name: Build
         run: |
-          make install
-          make build
+          npm run build
 
       - name: Deploy
         uses: peaceiris/actions-gh-pages@v3

.gitignore

@@ -1,14 +1,14 @@
-# dependencies
+# Dependencies
 /node_modules
 
-# production
+# Production
 /build
 
-# generated files
+# Generated files
 .docusaurus
 .cache-loader
 
-# misc
+# Misc
 .DS_Store
 .env.local
 .env.development.local
@@ -18,3 +18,4 @@
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
+.talismanrc

LICENSE

@@ -1,6 +1,6 @@
 BSD 3-Clause License
 
-Copyright (c) 2019, Globo.com
+Copyright (c) 2023, Globo.com
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

README.md

@@ -1,7 +1,3 @@
-<h1 align="center">
-  <p align="center">huskyCI site</p>
-</h1>
-
 <p align="center">
   <img src="https://raw.githubusercontent.com/wiki/globocom/huskyCI/images/huskyCI-logo.png" align="center" height="" />
   <!-- logo font: Anton -->
@@ -12,31 +8,25 @@
   <a href="https://www.blackhat.com/eu-19/arsenal/schedule/#huskyci-performing-security-tests-inside-your-ci-17792"><img src="https://img.shields.io/badge/Black%20Hat%20Arsenal-Europe%202019-black"/></a>
 </p>
 
-This is the huskyCI product site and is inspired by [Docusaurus](https://docusaurus.io/en/). Please check [this repository](https://github.com/globocom/huskyCI) to check the huskyCI project. 
+This is the Husky CI product site and is inspired by [Docusaurus](https://docusaurus.io/). Please check [this repository](https://github.com/globocom/huskyCI) to check the Husky CI project. 
 
 ## Requirements
 
 ### Node
 
 If you don't have Node installed in your environment, follow the instructions [here](https://gist.github.com/d2s/372b5943bce17b964a79) for your correspondent OS.
 
-### Yarn
-
-```sh
-npm install -g yarn
-```
-
-## Installing
+## Running
 
 ```sh
-make install
-```
+npm start
+``` 
 
-## Running
+### Build 
 
 ```sh
-make run
-```
+npm run build
+``` 
 
 ## Contributing
 

babel.config.js

@@ -0,0 +1,3 @@
+module.exports = {
+  presets: [require.resolve('@docusaurus/core/lib/babel/preset')],
+};

docs/api/env-vars.md

@@ -3,7 +3,7 @@ id: env-vars
 title: Environment Variables
 ---
 
-This section describes each environment variable that is used by huskyCI API. Use your own organization configuration in each of them.
+This section describes each environment variable that is used by HuskyCI API. Use your own organization configuration in each of them.
 
 ## Required
 

docs/api/routes.md

@@ -36,8 +36,6 @@ curl -i localhost:8888/healthcheck
 WORKING
 ```
 
-[^](#top)
-
 ---
 
 <a name="getversion"></a>
@@ -56,8 +54,6 @@ curl -i localhost:8888/version
 }
 ```
 
-[^](#top)
-
 ---
 
 <a name="getanalysisid"></a>
@@ -196,10 +192,6 @@ curl -i localhost:8888/analysis/Ym3CjUl3H9nfaHbhaeXuEz7ILBtXiP0J
       "banditoutput": {},
       "safetyoutput": {}
     },
-    "javascriptresults": {
-      "npmauditoutput": {},
-      "yarnauditoutput": {}
-    },
     "rubyresults": {
       "brakemanoutput": {}
     },
@@ -230,9 +222,6 @@ curl -i localhost:8888/analysis/Ym3CjUl3H9nfaHbhaeXuEz7ILBtXiP0J
 ```
 {"error":"internal error","success":false}
 ```
-
-[^](#top)
-
 ---
 
 <a name="postanalysis"></a>
@@ -275,8 +264,6 @@ curl -i -H "Content-Type: application/json" -d '{"repositoryURL":"https://github
 {"error":"internal error","success":false}
 ```
 
-[^](#top)
-
 ---
 
 <a name="postsecuritytest"></a>
@@ -311,8 +298,6 @@ curl -i -H "Content-Type: application/json" -d '{"name":"newSecTest", "image":"h
 {"error":"internal error","success":false}
 ```
 
-[^](#top)
-
 ---
 
 <a name="postrepository"></a>
@@ -343,6 +328,4 @@ curl -i -H "Content-Type: application/json" -d '{"repositoryURL":"https://github
 {"error":"internal error","success":false}
 ```
 
-[^](#top)
-
 ---

docs/welcome/about.md → docs/feedback/about.md

@@ -2,13 +2,6 @@
 id: about
 title: About the Documentation
 ---
-
-Welcome to the huskyCI documentation!
-
-## Navigation
-
-You can find different topics in the table of contents. On desktop, you should see it in the left sidebar. On mobile, you should see it after pressing an icon with arrows in the top left corner.
-
 ## Something Missing?
 
 If you have ideas for more “Guides” recipes that should be on this page, [let us know](https://github.com/globocom/huskyCI/issues).

docs/guides/accessing-internal-repositories.md

@@ -3,15 +3,15 @@ id: accessing-internal-repositories
 title: Accessing interal repositories
 ---
 
-If you're trying to run huskyCI inside your internal remote and has been facing some dificulties along the way, this section will guide you on how to overcome it.
+If you're trying to run HuskyCI inside your internal remote and has been facing some dificulties along the way, this section will guide you on how to overcome it.
 
 ## GoSec
 
 If the project you're trying to analyze has internal dependencies, is written in GoLang and does not have a `Vendor` folder, you might face an `Error Cloning` error.
 
 This error is caused due to the way GoSec fetches it's dependencies through the `go get` command, which, by default, uses HTTPS for cloning.
 
-In order to overcome this issue, huskyCI has 2 environment variables to "force" `go get` to do it's cloning through SSH with the user's key. It's important to notice that no extra key is needed, only the one provided to huskyCI's API (the key must have access to the desired repository and should already have been set).
+In order to overcome this issue, HuskyCI has 2 environment variables to "force" `go get` to do it's cloning through SSH with the user's key. It's important to notice that no extra key is needed, only the one provided to HuskyCI's API (the key must have access to the desired repository and should already have been set).
 
 An example on how the environment variables should be set is as follows:
 
@@ -20,6 +20,6 @@ [email protected]
 HUSKYCI_API_GIT_URL_TO_SUBSTITUTE=https://gitlab.example.com/
 ```
 
-**Note**: If one of the environment variables is filled but the other is not, being left empty or not set, both will be set by huskyCI as being empty.
+**Note**: If one of the environment variables is filled but the other is not, being left empty or not set, both will be set by HuskyCI as being empty.
 
-Now, you should be able to run huskyCI with the internal remote you desire.
+Now, you should be able to run HuskyCI with the internal remote you desire.

docs/guides/handling-false-positives.md

@@ -3,56 +3,38 @@ id: handling-false-positives
 title: Handling false positives
 ---
 
-## Handling False Positives
-
 Vulnerabilities may fail your CI pipeline even if you consider them as false positives. This section will guide you to overcome this situation when handling issues.
 
 ## .huskyci
 
-A file named `.huskyci` can be placed on your project's root directory to be read and have it's contents ignored by a huskyCI analysis. To create this file, you can follow the example below:
-
-```sh
-[huskyCI-Ignore]
-
-# Bandit ignore:
-tests/
-
-# Safety ignore:
-vendor/
-
-# Gosec ignore:
-api/server.go
-```
+A file named `.huskyci` can be placed on your project's root directory to be read and have it's contents ignored by a HuskyCI analysis. To create this file, you can follow the example below:
 
-A `.huskyci` file must have a `[huskyCI-Ignore]` header, so it can be recognized by huskyCI, after that, all folders or files will be removed from future analyses. It's important to notice that the file path is relative to the project's root directory and adding comments in between entries serves only as a way of better organizing.
+The `.huskyignore` file is used by HuskyCI to define which folders and files should be ignored during the tool's execution.
 
-**Note:** Not all security tests currently support this feature, for more information on which are supported, please visit this [GitHub issue](https://github.com/globocom/huskyCI/issues/461):
+When configuring the `.huskyignore`, only the folders "vendor", "vendors", "tests", "test", "scripts", "script", "doc", and "docs" are allowed to be ignored. To do this, you should create a file named `.huskyignore` in the root directory of your project. Within this file, list the folders that will be excluded from analysis. Additionally, if you wish to ignore specific folders or files, you can do so by following the format `folder/specific-folder` or `folder/file.json`.
 
-## False positives generated by NPM Audit or Yarn Audit
-
-When running [npm audit](https://docs.npmjs.com/cli/audit) or [yarn audit](https://classic.yarnpkg.com/en/docs/cli/audit/), even though being told explicitly by huskyCI not to include sub-dependencies, some might appear in the final output. In order to overcome this issue, it is possible to modify your project's `package.json` file to define version overrides.
-
-### How to use it?
-
-Add a `resolutions` field to your `package.json` file and define your version overrides, as shown by the image below:
-
-<p align="center">
-<img src="/img/package_lock_resolutions.png"/>
-</p>
+```sh
+[HuskyCI-Ignore]
 
-It's important to notice that if you define an invalid `resolution`, such as invalid package name or invalid version range, you will receive a warning. More on selective version resolutions [here](https://classic.yarnpkg.com/en/docs/selective-version-resolutions/).
+# Folders to be ignored
+vendor
+scripts
+doc
 
-If you're using Yarn, run `yarn install`.
+# Specific folders or files to be ignored
+doc/arquivos
+scripts/arquivo.json
+```
 
-For NPM, first run `npx npm-force-resolutions` followed by `npm install`.
+Remember to replace "doc/files" and "scripts/file.json" with the actual paths of the files you want to exclude. Additionally, ensure to keep the `.huskyignore` updated as your project evolves, adding or removing folders and files as necessary.
 
-After installing, running `npm audit` or `yarn audit` should no longer generate an entry for the dependency version provided.
+When configuring the `.huskyignore`, be careful not to include extra spaces or disallowed characters in the folder or file names. This will ensure that the configuration is correctly interpreted by HuskyCI during execution.
 
 ## False positives generated by GitLeaks
 
 ### .gitleaks.toml
 
-As huskyCI uses [`gitleaks`](https://github.com/zricethezav/gitleaks) to audit git repositories for secrets, a `.gitleaks.toml` file can be used to add an allow list when needed. To do that, simply add this file into the root of your repository, as the following example:
+As HuskyCI uses [`gitleaks`](https://github.com/zricethezav/gitleaks) to audit git repositories for secrets, a `.gitleaks.toml` file can be used to add an allow list when needed. To do that, simply add this file into the root of your repository, as the following example:
 
 ```yml
 title = "huskyCI gitleaks config"
@@ -127,7 +109,7 @@ func ConnectDB() error {
     return err
 ```
 
-When running huskyCI again, you may realize that [`gitleaks`](https://github.com/zricethezav/gitleaks) will still fail your CI, because the old commit `444f28d5437ad3127702bf1b0779ae6cd00ab146` stills has credentials in it. 
+When running HuskyCI again, you may realize that [`gitleaks`](https://github.com/zricethezav/gitleaks) will still fail your CI, because the old commit `444f28d5437ad3127702bf1b0779ae6cd00ab146` stills has credentials in it. 
 
 The point is: you should **NOT** whitelist the `connect.go` file into  `.gitleaks.toml`! By doing that, any new hardcoded passwords in this file will not be checked anymore. The correct way is to add the commit itself: