Added required badges for security and code best practices

[M-ayank2005]

Badge Integration for Project Health and Security

Overview

This pull request enhances our project's transparency by adding key badges that demonstrate our commitment to code quality, security, and best practices.

Badges Added

• Snyk Security: Provides insights into our project's dependency security
• SonarQube: Displays code quality and technical debt metrics
• CodeQL: Shows our continuous security code scanning status
• OpenSSF Best Practices: Highlights our adherence to open-source security standards

Details

• Integrated badges from trusted security and quality assessment platforms
• Badges provide quick visual indicators of project health
• Links direct contributors and users to detailed project analysis

References

• Closes Update README.md badges #1116
• OpenSSF Best Practices: https://www.bestpractices.dev/en/projects/10174

Impact

• Resolves Update README.md badges #1116
• Improves project credibility
• Increases transparency
• Demonstrates our commitment to maintaining high-quality, secure code

[coderabbitai]

Summary by CodeRabbit

• Documentation

  • Enhanced the project overview with updated badges reflecting CI/CD, code quality, security, and licensing status.
  • Reorganized badge placement to make project metrics more accessible and informative.

• Chores

  • Updated the internal term list for improved textual consistency.

Walkthrough

This pull request updates the project's README by adding and reorganizing several badges that provide information about the project's CI/CD status, code quality, and security metrics. New badges for Snyk Security, SonarQube, CodeQL, and OpenSSF Best Practices were added, and existing badges were rearranged to improve visibility and access to relevant project metrics.

Changes

File	Change Summary
README.md	Added and reorganized badges for CI/CD, Snyk Security, SonarQube, CodeQL analysis, and OpenSSF Best Practices.
cspell/custom-dict.txt	Added entries for "Sonarqube" and "superfences"; removed "superfences".

Assessment against linked issues

Objective	Addressed	Explanation
Update README.md badges (#1116)	✅

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ad2dc99 and bd4498b.

📒 Files selected for processing (1)

• README.md (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• README.md

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: Run frontend unit tests
• GitHub Check: CodeQL (javascript-typescript)
• GitHub Check: Run frontend e2e tests

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

README.md (1)

73-73: Remove Unused Link Reference Definition
The link reference definition [def]: https://img.shields.io/badge/OpenSSF-Best%20Practices-brightgreen?style=for-the-badge on line 73 is not used anywhere in the document. Removing it will help keep the README clean and avoid any potential confusion.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

73-73: Link and image reference definitions should be needed
Unused link or image reference definition: "def"

(MD053, link-image-reference-definitions)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0ac432f and 7359c8d.

📒 Files selected for processing (1)

• README.md (2 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

README.md

73-73: Link and image reference definitions should be needed
Unused link or image reference definition: "def"

(MD053, link-image-reference-definitions)

🔇 Additional comments (1)

README.md (1)

12-17: Badge Integration Verified and Well-Formatted
The new badges for Snyk Security, SonarQube, CodeQL, and OpenSSF have been cleanly integrated into the header section. They clearly communicate critical project information and align perfectly with the PR objectives to enhance project transparency and signal adherence to security and code quality best practices.

[arkid15r]

Let's improve it a bit:

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

README.md (1)

73-73: Remove Unused Reference Definition:
The link reference definition [def] on this line is not referenced elsewhere in the document, and static analysis has flagged it as unused. Removing it will help clean up the markdown.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

73-73: Link and image reference definitions should be needed
Unused link or image reference definition: "def"

(MD053, link-image-reference-definitions)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7359c8d and fb843ac.

📒 Files selected for processing (1)

• README.md (2 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

README.md

73-73: Link and image reference definitions should be needed
Unused link or image reference definition: "def"

(MD053, link-image-reference-definitions)

🔇 Additional comments (1)

README.md (1)

12-16: Consistent and Informative Badge Integration:
The newly added badges for Snyk Security, Sonarqube, CodeQL, and OpenSSF follow the consistent for-the-badge styling. They clearly convey relevant security and quality metrics, which supports the PR’s objective of enhancing project transparency and credibility.

[M-ayank2005]

@arkid15r I have implemented the suggested changes. Please review again when you get a chance. Thanks.

[arkid15r]

LGTM, let's use this version and improve it later.

Thanks for addressing this @M-ayank2005 !

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

cspell/custom-dict.txt (1)

83-85: Verify dictionary entries for consistency.
It appears that the term "Sonarqube" has been newly added, which correctly aligns with the updated badge in the README. However, the entry "superfences" is still present even though the summary indicates it was meant to be removed. Please verify the intended final state for "superfences" to avoid potential false positives in spell checking.

README.md (2)

9-10: Review CI/CD, CodeQL, and Sonarqube badge URLs.
The new badges effectively highlight your CI/CD, CodeQL, and Sonarqube statuses. Note that the CI/CD badge URL contains "&?label=Build" which likely should be corrected to "&label=Build" (remove the extra question mark) to ensure proper query string formatting.

---

65-66: Remove unused link reference.
The link reference definition "[def]" is not used anywhere in the document. Removing it would help clean up the markdown and avoid any markdownlint warnings.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

65-65: Link and image reference definitions should be needed
Unused link or image reference definition: "def"

(MD053, link-image-reference-definitions)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fb843ac and ad2dc99.

📒 Files selected for processing (2)

• README.md (2 hunks)
• cspell/custom-dict.txt (1 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

README.md

65-65: Link and image reference definitions should be needed
Unused link or image reference definition: "def"

(MD053, link-image-reference-definitions)

🔇 Additional comments (5)

cspell/custom-dict.txt (1)

83-83: Good addition of "Sonarqube".
This update ensures that the custom dictionary now accommodates the new SonarQube badge label in the README.

README.md (4)

11-12: License, Last Commit, and Contributors badges added successfully.
These badges are well organized and maintain consistent styling with the rest of the document.

---

13-14: Issues and Pull Requests badges are clear.
The inclusion of these badges improves the visibility of project health metrics.

---

15-16: Security badges for OpenSSF and Snyk Security look solid.
The badges for OpenSSF and Snyk Security effectively communicate the project's commitment to security best practices. Please double-check that the static style for the Sonarqube badge (referenced above) aligns with overall design guidelines.

---

17-18: Forks and Stars badges augment community insights.
These additions provide clear indicators of the project’s popularity and engagement.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud