shivasurya · shivasurya · Oct 21, 2024 · Oct 20, 2024 · Oct 20, 2024 · Oct 21, 2024
diff --git a/docs/astro.config.mjs b/docs/astro.config.mjs
@@ -26,7 +26,10 @@ export default defineConfig({
       }, {
         label: 'CLI Reference',
         slug: 'cli-reference'
-      }]
+      }, {
+          label: 'CI Integration',
+          slug: 'ci'
+        }]
     }, {
       label: 'PathFinder Queries',
       autogenerate: {

diff --git a/docs/src/components/posthog.astro b/docs/src/components/posthog.astro
@@ -1,5 +1,4 @@
 ---
-
 ---
 <script>
     !function(t,e){var o,n,p,r;e.__SV||(window.posthog=e,e._i=[],e.init=function(i,s,a){function g(t,e){var o=e.split(".");2==o.length&&(t=t[o[0]],e=o[1]),t[e]=function(){t.push([e].concat(Array.prototype.slice.call(arguments,0)))}}(p=t.createElement("script")).type="text/javascript",p.async=!0,p.src=s.api_host+"/static/array.js",(r=t.getElementsByTagName("script")[0]).parentNode.insertBefore(p,r);var u=e;for(void 0!==a?u=e[a]=[]:a="posthog",u.people=u.people||[],u.toString=function(t){var e="posthog";return"posthog"!==a&&(e+="."+a),t||(e+=" (stub)"),e},u.people.toString=function(){return u.toString(1)+".people (stub)"},o="capture identify alias people.set people.set_once set_config register register_once unregister opt_out_capturing has_opted_out_capturing opt_in_capturing reset isFeatureEnabled onFeatureFlags getFeatureFlag getFeatureFlagPayload reloadFeatureFlags group updateEarlyAccessFeatureEnrollment getEarlyAccessFeatures getActiveMatchingSurveys getSurveys getNextSurveyStep onSessionId setPersonProperties".split(" "),n=0;n<o.length;n++)g(u,o[n]);e._i.push([i,s,a])},e.__SV=1)}(document,window.posthog||[]);

diff --git a/docs/src/content/docs/blog/codeql-oss-alternative.mdx b/docs/src/content/docs/blog/codeql-oss-alternative.mdx
@@ -7,19 +7,22 @@ pubDate: "2024-10-01"
 ---
 
 import PostHogLayout from '../../../layouts/PostHogLayout.astro';
+import { Card } from '@astrojs/starlight/components';
 
 <PostHogLayout>
 </PostHogLayout>
 
-  <div style=" margin: 2rem auto; padding: 0 1.5rem; max-width: 800px;">
-      ![Code Pathfinder Illustration](/assets/cpf-illustration.jpg)
 
+  <Card title="">
+    <div style=" margin: 2rem auto; padding: 0 1.5rem; max-width: 800px;">
       ## What is Code PathFinder?
 
       Code PathFinder is a code analysis tool that helps you find exact code patterns and paths in your codebase. While there are several ways to
       grep source code, having source code broken down into individual entities, building graphs & edges which help in establishing
       relationships between entities, imitates the way a human reads code.
 
+      ![Code Pathfinder Illustration](/assets/cpf-illustration.jpg)
+
       ### How do security engineers interact with codebases today?
 
       If you think about how engineers generally interact with a codebase, it typically follows this process:
@@ -101,5 +104,6 @@ import PostHogLayout from '../../../layouts/PostHogLayout.astro';
 
       If you are interested in contributing to Code Pathfinder, please check out the [Code Pathfinder](https://github.com/shivasurya/code-pathfinder) repository.
       Give it a try and file an issue if you find any bugs or have any suggestions.
+      </div>
+    </Card>
 
-    </div>
diff --git a/docs/src/content/docs/ci.mdx b/docs/src/content/docs/ci.mdx
@@ -0,0 +1,144 @@
+---
+title: CI Integration
+description: "Integrate Code PathFinder into your CI/CD pipeline."
+---
+
+import { Tabs, TabItem } from '@astrojs/starlight/components';
+import PostHogLayout from '../../layouts/PostHogLayout.astro';
+
+<PostHogLayout>
+</PostHogLayout>
+
+One can use Code PathFinder as a part of your CI/CD pipeline to scan your code for vulnerabilities.
+The code-pathfinder docker image is available on [Docker Hub](https://hub.docker.com/r/shivasurya/code-pathfinder).
+
+<Tabs>
+  <TabItem label="GitHub Actions">
+  ```yaml
+  name: Code-Pathfinder SAST Scan
+  on:
+    pull_request:
+  jobs:
+    sast-scan:
+      runs-on: ubuntu-latest
+      steps:
+        - name: Checkout code
+          uses: actions/checkout@v4
+
+        - name: Code-Pathfinder SAST Scan
+          uses: shivasurya/code-pathfinder@shiva/fix-github-action
+          with:
+            command: 'ci'
+            project: '.'
+            output-file: 'output.sarif'
+            output: 'sarif'
+            ruleset: 'cpf/java'
+
+        - name: Read SARIF file
+          run: |
+            echo "SARIF file content:"
+            cat $GITHUB_WORKSPACE/output.sarif
+  ```
+
+
+  </TabItem>
+
+  <TabItem label="GitLab CI">
+    ```yaml
+    stages:
+      - code-pathfinder-sast
+
+    code-pathfinder-sast:
+      image:
+        name: shivasurya/code-pathfinder:stable-latest
+        entrypoint: [""]
+      stage: code-pathfinder-sast
+      script:
+        - echo "Running Code-Pathfinder SAST Scan..."
+        - pathfinder ci --project . --output-file output.sarif --output sarif --ruleset cpf/java
+        - echo "SARIF file content:"
+        - cat output.sarif
+      artifacts:
+        paths:
+          - output.sarif
+        when: always
+```
+  </TabItem>
+
+  <TabItem label="BitBucket Pipelines">
+    ```yaml
+    image: shivasurya/code-pathfinder:stable-latest
+
+    pipelines:
+      default:
+        - step:
+            name: Run Code-Pathfinder SAST Scan
+            script:
+              - echo "Running Code-Pathfinder SAST Scan..."
+              - pathfinder ci --project '.' --output-file 'output.sarif' --output 'sarif' --ruleset 'cpf/java'
+              - echo "SARIF file content:"
+              - cat output.sarif
+            artifacts:
+              - output.sarif
+     ```
+  </TabItem>
+
+  <TabItem label="CircleCI Pipelines">
+    ```yaml
+    version: 2.1
+
+    jobs:
+      code-pathfinder-sast:
+        docker:
+          - image: shivasurya/code-pathfinder:stable-latest
+        steps:
+          - checkout
+          - run:
+              name: Run Code-Pathfinder SAST Scan
+              command: |
+                echo "Running Code-Pathfinder SAST Scan..."
+                pathfinder ci --project . --output-file output.sarif --output sarif --ruleset cpf/java || true
+          - run:
+              name: Read SARIF File
+              command: |
+                echo "SARIF file content:"
+                cat output.sarif || echo "No SARIF file found"
+          - store_artifacts:
+              path: output.sarif
+              destination: output.sarif
+
+    workflows:
+      version: 2
+      code-pathfinder-sast:
+        jobs:
+          - code-pathfinder-sast
+   ```
+  </TabItem>
+
+  <TabItem label="Azure DevOps">
+  ```yaml
+  trigger:
+    - '*'
+
+  jobs:
+  - job: CodePathfinderSAST
+    pool:
+      name: 'yourpoolname'
+    steps:
+      - script: |
+          echo "Running Code-Pathfinder SAST Scan..."
+          docker run --rm -v $(System.DefaultWorkingDirectory):/workspace -w /workspace shivasurya/code-pathfinder:stable-latest ci --project . --output-file output.sarif --output sarif --ruleset cpf/java
+        displayName: 'Run SAST Scan with Docker'
+
+      - script: |
+          echo "SARIF file content:"
+          cat output.sarif || echo "No SARIF file found"
+        displayName: 'Read SARIF File'
+
+      - task: PublishBuildArtifacts@1
+        inputs:
+          PathtoPublish: 'output.sarif'
+          ArtifactName: 'SARIF Report'
+```
+</TabItem>
+</Tabs>
diff --git a/docs/src/content/docs/index.mdx b/docs/src/content/docs/index.mdx
@@ -17,14 +17,16 @@ hero:
       icon: github
 ---
 
-import { Card, CardGrid } from '@astrojs/starlight/components';
+import { Card, CardGrid, Icon } from '@astrojs/starlight/components';
 import PostHogLayout from '../../layouts/PostHogLayout.astro';
 
 <PostHogLayout>
 </PostHogLayout>
 
 
-```shell
+
+<div style="display: flex; justify-content: center;">
+```bash
 Code-PathFinder Console:
 > FROM method_declaration AS md
   WHERE md.getVisibility() == "public" && md.getName() == "main"
@@ -36,9 +38,28 @@ public static void main(String[] args) {
 }
 ```
 
+</div>
+
+<br />
+<div style="text-align: center;">
+## Supported Platforms
+</div>
+
+<div style="display: flex; justify-content: space-around; align-items: center; margin: 40px 0;">
+  <Icon name="seti:docker" color="goldenrod" size="4rem" />
+  <Icon name="seti:github" color="goldenrod" size="3rem" />
+  <Icon name="bitbucket" color="goldenrod" size="3rem" />
+  <Icon name="gitlab" color="goldenrod" size="3rem" />
+  <svg width="4rem" height="4rem" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+    <path fill="goldenrod" d="M17,4v9.74l-4,3.28-6.2-2.26V17L3.29,12.41l10.23.8V4.44Zm-3.41.49L7.85,1V3.29L2.58,4.84,1,6.87v4.61l2.26,1V6.57Z"/>
+  </svg>
+<Icon name="seti:npm" color="goldenrod" size="4rem" />
+</div>
+<br />
 <div style="text-align: center;">
-## Features
+## Supported Features
 </div>
+<br />
 <CardGrid stagger>
 	<Card title="Craft Queries" icon="pencil">
 		Strengthen your code’s integrity with robust security checks and insights.
@@ -60,16 +81,31 @@ public static void main(String[] args) {
 
 </div>
 
-
+<br/>
 <CardGrid>
-       <div style="border-radius: 10px; overflow: hidden; box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);">
+       <div style="border-radius: 10px; overflow: hidden; box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1); background-color: #e0e0e0; width: 75%;">
          <img src="/assets/cpf-illustration.jpg" alt="Getting Started" style="width: 100%; height: 200px; object-fit: cover;" />
          <div style="padding: 16px;">
-           <h4>CodeQL Opensource Alternative</h4>
+           <h4 style="color: #333;">CodeQL Opensource Alternative</h4>
+           <br />
            <a href="/blog/codeql-oss-alternative" style="display: inline-block; background-color: #4CAF50; color: white; padding: 10px 20px; text-decoration: none; border-radius: 5px; margin-top: 10px;">
-           <span style="font-size: 1.2em;">More →</span>
+           <span style="font-size: 1.2em;">Read →</span>
            </a>
          </div>
        </div>
 </CardGrid>
 
+
+<br/>
+<footer style="padding: 20px 0; margin-top: 40px;">
+  <div style="max-width: 1200px; margin: 0 auto; text-align: center;">
+    <p><a href="https://github.com/shivasurya/code-pathfinder/blob/main/LICENSE">AGPL-3.0 Licensed</a></p>
+    <div style="margin-top: 10px;">
+      Handcrafted with ⚡️ by <a href="https://shivasurya.me" style="text-decoration: none;">Shivasurya</a>
+      <a href="mailto:[email protected]" style="color: #6c757d; text-decoration: none; margin: 0 10px;">Security</a>
+      <a href="mailto:[email protected]" style="color: #6c757d; text-decoration: none; margin: 0 10px;">Contact Us</a>
+    </div>
+  </div>
+</footer>
+
+
diff --git a/docs/src/content/docs/quickstart.mdx b/docs/src/content/docs/quickstart.mdx
@@ -13,6 +13,13 @@ import PostHogLayout from '../../layouts/PostHogLayout.astro';
 You can install Code-PathFinder using pre-built binaries from [GitHub releases](https://github.com/shivasurya/code-pathfinder/releases) or from source.
 More installation support via homebrew, curl will be added soon.
 
+### Using Docker :whale:
+
+```shell
+$ docker pull shivasurya/code-pathfinder:stable-latest
+```
+
+
 ### Using npm
 
 Ensure you have [Node.js](https://nodejs.org/en/download/) installed. Then run the following command: