add markdown linter to CI pipeline

.github/issue_template/bug_report.md

@@ -7,20 +7,21 @@ assignees: ''
 
 ---
 
-**Describe the bug**
+**Describe the bug**:
 <!-- Describe below what the problem is -->
 
-**Expected behaviour**
+**Expected behaviour**:
 <!-- Describe below what you expected to happen -->
 
-**Environment**
- - Version: (e.g. 1.3.1)
- - Platform: (Web App / Desktop App)
- - OS: (MacOS / Windows / Linux)
- - Browser: (e.g. chrome, firefox, safari)
+**Environment**:
 
-**To Reproduce**
+- Version: (e.g. 1.3.1)
+- Platform: (Web App / Desktop App)
+- OS: (MacOS / Windows / Linux)
+- Browser: (e.g. chrome, firefox, safari)
+
+**To Reproduce**:
 <!-- List below the steps to reproduce the behaviour -->
 
-**Any additional context, screenshots, etc**
+**Any additional context, screenshots, etc**:
 <!-- Add below any other context or screenshots about this bug -->

.github/issue_template/feature_request.md

@@ -7,11 +7,11 @@ assignees: ''
 
 ---
 
-**Describe what problem your feature request solves**
+**Describe what problem your feature request solves**:
 <!-- Describe below what the problem is -->
 
-**Describe the solution you'd like**
+**Describe the solution you'd like**:
 <!-- Describe below what you want to happen -->
 
-**Additional context**
+**Additional context**:
 <!-- Add below any other context or screenshots about the feature request -->

.github/pull_request_template.md

@@ -1,20 +1,19 @@
-**Summary**
+**Summary**:
 <!--
 What existing issue does the pull request solve?
 Please provide enough information so that others can review your pull request
 -->
 
-**Description for the changelog**
+**Description for the changelog**:
 <!--
 A short (one line) summary that describes the changes in this pull request for inclusion in the change log
 -->
 
-**Other info**
+**Other info**:
 <!--
 Add here any other information that may be of help to the reviewer
 If this closes an existing issue then add "closes #xxxx", where xxxx is the issue number
 -->
 
 Thanks for submitting a pull request!
 Please make sure you follow our code_of_conduct.md and our contributing guidelines contributing.md
-

.github/workflows/ci.yaml

@@ -27,6 +27,22 @@ jobs:
         env:
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
 
+  md_linter:
+    name: Lint markdown
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout markdown
+        uses: actions/[email protected]
+
+      # use  **/*.md for all markdown files in project
+      - name: Lint markdown
+        uses: DavidAnson/[email protected]
+        with:
+          command: config
+          globs: |
+            .markdownlint.yaml
+            *.md td.*/*.md .github/**/*.md docs/**/*.md
+
   codeql:
     name: Analyze with codeql
     runs-on: ubuntu-22.04
@@ -408,7 +424,7 @@ jobs:
         uses: actions/[email protected]
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.10.0
+        uses: aquasecurity/trivy-action@0.11.0
         with:
           image-ref: '${{ env.image_name }}'
           format: 'table'

.github/workflows/housekeeping.yaml

@@ -36,7 +36,7 @@ jobs:
           ref: main
 
       - name: Run vulnerability scanner
-        uses: aquasecurity/trivy-action@0.10.0
+        uses: aquasecurity/trivy-action@0.11.0
         with:
           image-ref: "threatdragon/owasp-threat-dragon:${{ github.sha }}"
           format: 'template'

README.md

@@ -4,7 +4,6 @@
 </p>
 
 [![Build](https://github.com/OWASP/threat-dragon/actions/workflows/ci.yaml/badge.svg)](https://github.com/OWASP/threat-dragon/actions/workflows/ci.yaml)
-[![BrowserStack Status](https://automate.browserstack.com/badge.svg?badge_key=SG1sSFpJeUJ0M1pmY1hrM2F0dVNLclRPSzdCb3lLN253MzcrV0liZWd1bz0tLWxXQWdQaTJRcVF1TVEwS2FWbXJxcHc9PQ==--41330f50fd1c2bd4ac8eaac4a36ebfb1577be89b)](https://automate.browserstack.com/public-build/SG1sSFpJeUJ0M1pmY1hrM2F0dVNLclRPSzdCb3lLN253MzcrV0liZWd1bz0tLWxXQWdQaTJRcVF1TVEwS2FWbXJxcHc9PQ==--41330f50fd1c2bd4ac8eaac4a36ebfb1577be89b)
 [![Deploy](https://github.com/OWASP/threat-dragon/actions/workflows/deploy.yaml/badge.svg)](https://github.com/OWASP/threat-dragon/actions/workflows/deploy.yaml)
 [![GitHub license](https://img.shields.io/github/license/owasp/threat-dragon.svg)](license.txt)
 
@@ -20,6 +19,7 @@ It is an [OWASP Lab Project](https://owasp.org/www-project-threat-dragon/)
 and follows the values and principles of the [threat modeling manifesto](https://www.threatmodelingmanifesto.org/).
 
 ## Try Threat Dragon
+
 You can access the the latest version of Threat Dragon on [our website](https://www.threatdragon.com/#/)
 and look through the [documentation pages](https://owasp.org/www-project-threat-dragon/docs-2/).
 
@@ -28,9 +28,11 @@ Also well worth watching the video provided by the
 
 The [github release area](https://github.com/OWASP/threat-dragon/releases)
 contains Threat Dragon from version 1.3 to the latest versions 2.x.
-Previous releases are from Mike Goodwin's [original repository](https://github.com/mike-goodwin/owasp-threat-dragon-desktop/releases).
+Previous releases are from Mike Goodwin's
+[original repository](https://github.com/mike-goodwin/owasp-threat-dragon-desktop/releases).
 
 ## About Threat Dragon
+
 There is a good overview of
 [threat modeling and risk assessment](https://owasp.org/www-community/Application_Threat_Modeling)
 from OWASP, and this expands on what the Threat Dragon project aims for:
@@ -56,8 +58,10 @@ End user help is available for both the latest [version 2.x](https://owasp.org/w
 and the previous [version 1.x](https://owasp.org/www-project-threat-dragon/docs-1/).
 
 ### Version 1.x maintenance mode
+
 Threat Dragon was originally written using AngularJS version 1.x, and this version of Angular has reached end of life.
-This means that versions 1.x of Threat Dragon are no longer actively maintained and versions 2.x were re-written to use Vue.js.
+This means that versions 1.x of Threat Dragon are no longer actively maintained
+and versions 2.x have been re-written to use Vue.js.
 
 For more information on building/running version 1.x,
 please see the [legacy-v1.x branch](https://github.com/OWASP/threat-dragon/tree/legacy-v1.x).
@@ -75,6 +79,7 @@ one for the back-end application (`td.server`) and one for the front-end (`td.vu
 Install from the top directory of the project using : `npm install`
 
 ### Environment variables for web application
+
 The web application variant of Threat Dragon requires some environment variables;
 follow [the documentation](https://owasp.org/www-project-threat-dragon/docs-2/install-environment/)
 on how to set these variables.
@@ -95,7 +100,7 @@ can be started separately in "watch" mode using commands : `npm run dev:server`
 Alternatively, if running on Linux or MacOS, start both the back-end server and the front-end application
 from the top directory using : `npm start`.
 
-With both front and back end running, access with a browser at http://localhost:8080/
+With both front and back end running, access with a browser at `http://localhost:8080/`
 
 ### Stop the application
 
@@ -153,8 +158,8 @@ For secure disclosure, please see the [security policy](security.md).
 
 ### Project leaders
 
-- Mike Goodwin ([email protected])
-- Jon Gadsden ([email protected])
-- Leo Reading ([email protected])
+- [Mike Goodwin](mailto:[email protected])
+- [Jon Gadsden](mailto:[email protected])
+- [Leo Reading](mailto:[email protected])
 
-_Threat Dragon: making threat modeling less threatening_
+Threat Dragon: _making threat modeling less threatening_

contributing.md

@@ -1,21 +1,26 @@
 # Contributing to OWASP Threat Dragon
+
 Threat Dragon is a community project, and we are always delighted to welcome new contributors!
 
 When contributing:
+
 * see if there is [already an issue](https://github.com/OWASP/threat-dragon/issues) for what you want to do
 * follow our [Code of Conduct](code_of_conduct.md)
 * get started by following the [developer notes](https://owasp.org/www-project-threat-dragon/docs-2/local-development/)
 
 ## Got a Question or Problem?
+
 If you have a question or problem relating to using Threat Dragon then the first thing to do is to check the
 [Frequently Asked Questions](https://owasp.org/www-project-threat-dragon/#div-faqs) tab
 on the [OWASP project page](https://owasp.org/www-project-threat-dragon/).
 Threat Dragon documentation is [available online](https://owasp.org/www-project-threat-dragon/docs-2/).
 
 If this does not help then one of the
-[leaders / collaborators](https://github.com/OWASP/www-project-threat-dragon/blob/main/leaders.md) should be able to help.
+[leaders / collaborators](https://github.com/OWASP/www-project-threat-dragon/blob/main/leaders.md)
+should be able to help.
 
 ## Found an Issue?
+
 If you have found a bug then raise an issue on
 [Threat Dragon](https://github.com/OWASP/threat-dragon/issues/new?assignees=&labels=bug&template=bug_report.md&title=),
 and make sure you have logged into github first.
@@ -24,19 +29,22 @@ It is worth checking to see if its [already been reported](https://github.com/OW
 and including as much information as you can to help us diagnose your problem.
 
 ## Found a Vulnerability?
+
 If you think you have found a vulnerability in Threat Dragon then please report it to our
 [leaders / collaborators](https://github.com/OWASP/www-project-threat-dragon/blob/main/leaders.md).
 
 We are always very grateful to researchers who report vulnerabilities responsibly and are very happy
 to give all credit for the valuable assistance they provide.
 
 ## Have a Feature Request?
-If you have a suggestion for new functionality then you can raise this request as an issue on 
+
+If you have a suggestion for new functionality then you can raise this request as an issue on
 [Threat Dragon](https://github.com/OWASP/threat-dragon/issues/new/choose).
 
 Worth checking to see if its [already been reported](https://github.com/OWASP/threat-dragon/issues),
 and include as much information as you can so that we can fully understand your requirements.
 
 ## Coding
+
 There is always lots of coding to be done! Threat Dragon welcomes contributions and issues:
 [TD github repo](https://github.com/OWASP/threat-dragon/issues)

docs/README.md

@@ -1,9 +1,14 @@
 ## Threat Dragon documentation
-This docs directory used to provide the documentation site at `www.threatdragon.com/docs/`
-but this has been migrated to the [OWASP project repo](https://github.com/OWASP/www-project-threat-dragon/tree/main/docs-2)
-which provides the latest [version 2.0 docs](https://owasp.org/www-project-threat-dragon/docs-2/).
 
-Similarly the old docs site for [version 1.x](https://threatdragon.github.io) has been migrated to
-the new [version 1.x docs](https://owasp.org/www-project-threat-dragon/docs-1/) site on the OWASP project pages.
+This docs directory used to provide the documentation site at `www.threatdragon.com/docs/` but this has been migrated
+to the [OWASP project repo][project] which provides the latest [version 2.0 docs][docs-2].
+
+Similarly the old docs site for [version 1.x][docs] has been migrated
+to the new [version 1.x docs][docs-1] site on the OWASP project pages.
 
 This docs directory provides the 404 'Not Found' page which provides a redirect from `www.threatdragon.com/docs/`.
+
+[docs]: https://threatdragon.github.io
+[docs-1]: https://owasp.org/www-project-threat-dragon/docs-1/
+[docs-2]: https://owasp.org/www-project-threat-dragon/docs-2/
+[project]: https://github.com/OWASP/www-project-threat-dragon/tree/main/docs-2

docs/index.md

@@ -6,11 +6,13 @@ layout: page
 ---
 
 ## Threat Dragon documentation
+
 The documentation site at `www.threatdragon.com/docs/`
 has been migrated to the OWASP project pages which provide the latest [version 2.0 documentation][docs2x].
 
-Similarly the old documentation site for [version 1.x](https://threatdragon.github.io)
+Similarly the old documentation site for [version 1.x][docs]
 has been migrated to the new [version 1.x documentation][docs1x] on the OWASP project pages.
 
+[docs]: https://threatdragon.github.io
 [docs1x]: https://owasp.org/www-project-threat-dragon/docs-1/
 [docs2x]: https://owasp.org/www-project-threat-dragon/docs-2/

release-process.md

@@ -1,9 +1,10 @@
 The steps used during the release process
 
 ## Tag the release
+
 1. `git clone [email protected]:OWASP/threat-dragon.git`
 2. `cd threat-dragon`
-3. update version declaration, eg `"version": "2.0.2",`, in `package.json`, `td.site/package.json` and `td.server/package.json`
+3. update version eg `"version": "2.0.2",`, in `package.json`, `td.site/package.json` and `td.server/package.json`
 4. update build state in `td.server/package.json`
 5. `pnpm install`
 6. `npm run build`
@@ -18,25 +19,32 @@ The steps used during the release process
 The github release workflow then creates the draft release and the install images
 
 ### Publish docker image
-1. once tagged, the github workflow pushes the docker image to docker hub 
+
+1. once tagged, the github workflow pushes the docker image to docker hub
 2. check using `docker pull threatdragon/owasp-threat-dragon:v2.0.2`
-3. on MacOS M1 this command may need to be used `docker pull --platform linux/x86_64 threatdragon/owasp-threat-dragon:v2.0.2`
-4. Test using the command to run a detached container: `docker run -d -p 8080:3000 -v $(pwd)/.env:/app/.env threatdragon/owasp-threat-dragon:v2.0.2`
+3. on MacOS M1 this command may need to be used:
+    `docker pull --platform linux/x86_64 threatdragon/owasp-threat-dragon:v2.0.2`
+4. Test using the command to run a detached container:
+    `docker run -d -p 8080:3000 -v $(pwd)/.env:/app/.env threatdragon/owasp-threat-dragon:v2.0.2`
 5. Ideally test this release on Windows, linux and MacOS
 
-If the image tests correctly, promote the docker image from dockerhub `threatdragon/` to dockerhub `OWASP/threat-dragon/v2.0.2`.
+If the image tests correctly, promote the docker image
+from dockerhub `threatdragon/` to dockerhub `OWASP/threat-dragon/v2.0.2`.
 
 There is _no going back_ on this last step, so it is deliberately left as a manual task:
 
-```
+```text
 docker pull --platform linux/x86_64 threatdragon/owasp-threat-dragon:v2.0.2
 docker tag threatdragon/owasp-threat-dragon:v2.0.2 owasp/threat-dragon:v2.0.2
 docker push owasp/threat-dragon:v2.0.2
 ```
 
 ### Update release notes
+
 Update the release notes for the draft in the
-[Threat Dragon release area](https://github.com/OWASP/threat-dragon/releases) and promote the release from draft to public
+[Threat Dragon release area](https://github.com/OWASP/threat-dragon/releases)
+and promote the release from draft to public
 
 ### Announce
+
 Finally ensure Threat Dragon announces the new release, for example on the OWASP slack channels

security.md

@@ -1,4 +1,4 @@
-## Security Policy 
+## Security Policy
 
 If you find a vulnerability anywhere in this project, such as the source or scripts,
 then please let the project admins know ASAP and we will fix it as a critical priority.

td.server/README.md

@@ -1,37 +1,31 @@
 # OWASP Threat Dragon Server
+
 This is a Express project that is the back end server for the OWASP Threat Dragon website project
 
 ## Project setup
 
-```
-npm install
-```
+`npm install`
 
 ### Compiles and hot-reloads for development
-```
-npm run dev
-```
+
+`npm run dev`
 
 ### Compiles and minifies for production
-```
-npm build
-```
+
+`npm build`
 
 Clean the distribution with
-```
-npm run clean
-```
+
+`npm run clean`
 
 ### Run unit tests
-```
-npm run test:unit
-```
+
+`npm run test:unit`
+
 For continuous testing:
-```
-npm run test:unit -- --watch
-```
+
+`npm run test:unit -- --watch`
 
 ### Lints and fixes files
-```
-npm run lint
-```
+
+`npm run lint`