New scans

.clang-tidy

@@ -20,7 +20,6 @@ Checks: >
 
 WarningsAsErrors: ''
 HeaderFilterRegex: '.*'
-AnalyzeTemporaryDtors: false
 FormatStyle: file
 CheckOptions:
   - key: readability-identifier-naming.ClassCase

.github/workflows/lizard-complexity.yml

@@ -0,0 +1,77 @@
+---
+# Lizard code complexity analysis workflow
+name: Lizard Code Complexity Analysis
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+  workflow_dispatch:
+    # Allows manual triggering from GitHub UI
+    inputs:
+      complexity_threshold:
+        description: 'Complexity threshold (default: 15)'
+        required: false
+        default: '15'
+        type: string
+  schedule:
+    # Run once per week on Sunday at 00:00 UTC
+    - cron: '0 0 * * 0'
+
+jobs:
+  lizard-analysis:
+    name: Lizard Code Complexity Analysis
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout code
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      # Set up Python
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+
+      # Install Lizard
+      - name: Install Lizard
+        run: pip install lizard
+
+      # Set complexity threshold
+      - name: Set complexity threshold
+        run: |
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" && "${{ github.event.inputs.complexity_threshold }}" != "" ]]; then
+            echo "COMPLEXITY_THRESHOLD=${{ github.event.inputs.complexity_threshold }}" >> $GITHUB_ENV
+          else
+            echo "COMPLEXITY_THRESHOLD=15" >> $GITHUB_ENV
+          fi
+
+      # Run Lizard analysis with text output
+      - name: Run Lizard Analysis (Text output)
+        run: |
+          mkdir -p lizard-reports
+          echo "Using complexity threshold: ${{ env.COMPLEXITY_THRESHOLD }}"
+          lizard --CCN ${{ env.COMPLEXITY_THRESHOLD }} -o lizard-reports/complexity_report.txt || true
+          tail -n 13 lizard-reports/complexity_report.txt || true
+
+      # Upload Lizard reports
+      - name: Upload Lizard reports
+        uses: actions/upload-artifact@v4
+        with:
+          name: Lizard Complexity Reports
+          path: lizard-reports/
+
+      # Check if complexity thresholds were exceeded
+      - name: Check complexity issues
+        run: |
+          if [[ $(grep -c "has \d\+" lizard-reports/complexity_report.txt || echo "0") -gt 0 ]]; then
+            echo "::warning::Found functions exceeding cyclomatic complexity threshold of ${{ env.COMPLEXITY_THRESHOLD }}"
+            cat lizard-reports/complexity_report.txt
+            # Uncomment the next line to fail the build on complexity issues
+            # exit 1
+          else
+            echo "No complexity issues found."
+          fi

.github/workflows/sast.yml

@@ -0,0 +1,55 @@
+---
+# MegaLinter GitHub Actions workflow for sast scans
+name: MegaLinter sast
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  megalinter-sast:
+    name: MegaLinter sast Scan
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout code
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      # MegaLinter
+      - name: MegaLinter sast Scan
+        id: ml
+        uses: oxsecurity/megalinter@v8
+        env:
+          VALIDATE_ALL_CODEBASE: true
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # Dynamically enable linters based on detected languages: C++, Shell, CMake, Dockerfile, Python, 
+          ENABLE_LINTERS: >-
+            REPOSITORY_SEMGREP,
+
+          # Tool-specific configurations
+          REPOSITORY_SEMGREP_ARGUMENTS: "--config=p/security-audit"
+          REPOSITORY_SEMGREP_RULESETS_TYPE: security
+
+      # Upload MegaLinter artifacts
+      - name: Archive production artifacts
+        uses: actions/upload-artifact@v4
+        if: success() || failure()
+        with:
+          name: MegaLinter reports
+          path: |
+            megalinter-reports
+            mega-linter.log
+
+      # Create pull request with fixes if applicable
+      - name: Create Pull Request with applied fixes
+        uses: peter-evans/create-pull-request@v4
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES == 'all' || env.APPLY_FIXES == 'true')
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: "[MegaLinter] Apply sast fixes"
+          title: "[MegaLinter] Apply sast fixes"
+          labels: bot

.github/workflows/security_linting.yml

@@ -0,0 +1,73 @@
+---
+# MegaLinter GitHub Actions workflow for security_linting scans
+name: MegaLinter security_linting
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  megalinter-security_linting:
+    name: MegaLinter security_linting Scan
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout code
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      # Install clang-tidy
+      - name: Install clang-tidy
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y clang-tidy
+
+      # Run clang-tidy
+      - name: Run clang-tidy
+        run: |
+          mkdir -p clang-tidy-reports
+          echo "Running clang-tidy security checks..."
+          find src include -name "*.cpp" -o -name "*.hpp" -o -name "*.h" | xargs -I{} clang-tidy {} -checks=clang-analyzer-security.*,cert-*,security-* -- -I./include > clang-tidy-reports/report.txt || true
+          if [ -s clang-tidy-reports/report.txt ]; then
+            echo "::warning::clang-tidy found security issues:"
+            cat clang-tidy-reports/report.txt
+            echo "Full report saved to clang-tidy-reports/report.txt"
+          else
+            echo "No security issues found by clang-tidy"
+          fi
+
+      # MegaLinter for Python
+      - name: MegaLinter security_linting Scan
+        id: ml
+        uses: oxsecurity/megalinter@v8
+        env:
+          VALIDATE_ALL_CODEBASE: true
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # Dynamically enable linters based on detected languages: C++, Shell, CMake, Dockerfile, Python, 
+          ENABLE_LINTERS: >-
+            PYTHON_PYLINT,
+
+          # Tool-specific configurations
+          PYTHON_PYLINT_ARGUMENTS: "--max-line-length=100 --disable=C0111"
+
+      # Upload artifacts
+      - name: Archive production artifacts
+        uses: actions/upload-artifact@v4
+        if: success() || failure()
+        with:
+          name: Security Reports
+          path: |
+            clang-tidy-reports
+
+      # Create pull request with fixes if applicable
+      - name: Create Pull Request with applied fixes
+        uses: peter-evans/create-pull-request@v4
+        if: steps.ml.outputs.has_updated_sources == 1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: "Apply security_linting fixes"
+          title: "Apply security_linting fixes"
+          labels: bot

.github/workflows/static_analysis.yml

@@ -0,0 +1,56 @@
+---
+# MegaLinter GitHub Actions workflow for static_analysis scans
+name: MegaLinter static_analysis
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  megalinter-static_analysis:
+    name: MegaLinter static_analysis Scan
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout code
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      # MegaLinter
+      - name: MegaLinter static_analysis Scan
+        id: ml
+        uses: oxsecurity/megalinter@v8
+        env:
+          VALIDATE_ALL_CODEBASE: true
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # Dynamically enable linters based on detected languages: C++, Shell, CMake, Dockerfile, Python, 
+          ENABLE_LINTERS: >-
+            CPP_CPPCHECK,
+            PYTHON_BANDIT,
+
+          # Tool-specific configurations
+          CPP_CPPCHECK_ARGUMENTS: "--enable=all --inconclusive --suppress=missingIncludeSystem"
+          PYTHON_BANDIT_ARGUMENTS: "-ll -ii"
+
+      # Upload MegaLinter artifacts
+      - name: Archive production artifacts
+        uses: actions/upload-artifact@v4
+        if: success() || failure()
+        with:
+          name: MegaLinter reports
+          path: |
+            megalinter-reports
+            mega-linter.log
+
+      # Create pull request with fixes if applicable
+      - name: Create Pull Request with applied fixes
+        uses: peter-evans/create-pull-request@v4
+        if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES == 'all' || env.APPLY_FIXES == 'true')
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: "[MegaLinter] Apply static_analysis fixes"
+          title: "[MegaLinter] Apply static_analysis fixes"
+          labels: bot

include/singularity/application.hpp

@@ -75,6 +75,13 @@ class Application {
      */
     bool generate_security_report(const LanguageStats& stats);
 
+    /**
+     * @brief Generate workflow templates for the repository
+     * @param stats Language statistics from analysis
+     * @return True if workflow generation successful
+     */
+    bool generate_workflow_templates(const LanguageStats& stats);
+
     /**
      * @brief Progress callback function
      * @param percentage Progress percentage (0-100)
@@ -85,7 +92,9 @@ class Application {
     std::string repo_url_;
     bool verbose_{false};
     bool generate_report_{false};
+    bool generate_workflows_{false};
     std::string output_file_;
+    std::string output_dir_;
 };
 
 } // namespace singularity