RepoScanner is a project composed of three microservices that work together to authenticate users, scan GitHub repositories, and send notifications based on scan results. This setup enables secure access control, automated scanning, and email notifications to streamline repository management and security analysis.
Before setting up the project locally, ensure the following are installed on your local machine:
- Trivy: A vulnerability scanner for containers and other artifacts, required to perform security scans.
- Auth Service - Developed using NestJS, this service handles user authentication and provides JWT tokens for secure access to other services.
- Scan Service - Built with Golang, this service is responsible for scanning GitHub repositories using Trivy. It communicates with the Auth and Email services to perform secure scans and notify users of the results.
- Email Service - Another NestJS service, this service sends email notifications based on scan results, utilizing the results from the Scan Service.
- Ensure Docker and Docker Compose are installed on your system
- Clone the repository:
git clone https://github.com/jobayer12/repoScanner.git - Navigate to project root:
cd repoScanner
- Rename
.env.sampleto.envin root directory - Set the following Email Service Configuration in
.env:MAIL_HOST=your_smtp_host MAIL_PORT=your_smtp_port MAIL_USERNAME=your_smtp_username MAIL_PASSWORD=your_smtp_password MAIL_DEFAULT_FROM=sender_email@example.com
# Start all services
docker-compose up -dSwagger UI: http://localhost:3000/api
Login Credentials:
- Email: john.doe@example.com
- Password: v0N6OI8
- Ensure all .env files are properly configured
- Valid mail credentials are crucial for email service functionality
To get started, clone the repoScanner repository to your local machine:
git clone https://github.com/jobayer12/repoScanner.git
cd repoScannerThe Auth Service handles user registration, login, and JWT authentication.
-
Navigate to the
auth-servicedirectory:cd auth-service -
Rename
.env.sampleto.envand configure the environment variables. -
Install the dependencies:
npm install
-
Start the Auth Service:
npm run start
The Scan Service performs repository scans using Trivy.
-
Navigate to the
scan-servicedirectory:cd scan-service -
Rename
.env.sampleto.envand configure any necessary environment variables. -
Install any required Go dependencies:
go mod download
-
Start the Scan Service:
make run
The Email Service handles email notifications, alerting users based on scan results.
-
Navigate to the email-service directory:
cd email-service -
Rename
.env.sampleto.envand configure any necessary environment variables. -
Install the dependencies:
npm install
-
Start the Email Service:
npm run start
-
Go to http://localhost:3000/api#/ to see the list of available Auth Service endpoints.
-
Use the pre-created user:
- Email: john.doe@example.com
- Password: v0N6OI8
-
Log in to retrieve a JWT token, which can then be used to authorize requests to the services.
-
Perform a Scan: Send a scan request through the Scan Service using the JWT token from the Auth Service.
-
Receive Email Notification: Once a scan completes, the Email Service will automatically send a notification based on the results.
Contributions are welcome! Please fork the repository and create a pull request for review.