Secure your software, empower your team.
This repository contains the complete CodeClarity development environment. Whether you're contributing to the core platform, developing plugins, or customizing CodeClarity for your organization, this guide will get you up and running quickly.
CodeClarity is a powerful, open-source security analysis platform that serves as an alternative to Snyk, Checkmarx, and Black Duck. It provides:
- β‘ Fast source code analysis - Identify dependencies, licenses, and vulnerabilities instantly
- π Full on-premises control - Your code never leaves your environment
- π CI/CD integration - Seamlessly integrates with GitHub Actions, Jenkins, and more
- 𧩠Extensible plugin system - Create custom analysis pipelines with modular plugins
- π Comprehensive reporting - SBOM generation, vulnerability detection, license compliance
CodeClarity consists of several components:
- Frontend (Vue.js + TypeScript) - Modern web interface
- API (NestJS + TypeScript) - RESTful API server
- Backend (Go) - Core analysis engine and plugin system
- Database (PostgreSQL) - Data persistence layer
- Message Queue (RabbitMQ) - Asynchronous task processing
Table of Contents
Before setting up your development environment, ensure you have the following tools installed:
- curl - For downloading setup scripts and database dumps
- make - For automating build and deployment tasks
- Go >= 1.24 - Required for backend plugins. Download here
- Docker - Containerization platform. Installation guide
- Docker Compose - Multi-container orchestration. Installation guide
Tip
New to Docker? Check out the Docker Getting Started guide for a quick introduction.
Note
System Requirements:
- Minimum 8GB RAM (16GB recommended for full development)
- At least 10GB free disk space
- macOS, Linux, or Windows with WSL2
Want to start developing in 5 minutes? Run this one-liner:
curl -O https://raw.githubusercontent.com/CodeClarityCE/codeclarity-dev/main/setup.sh && sh setup.shThis will:
- Clone the development repository
- Set up all Docker containers
- Initialize databases with sample data
- Start the development environment
Once complete, visit https://localhost:443 to access your local CodeClarity instance!
The setup script automates the entire development environment setup process:
curl -O https://raw.githubusercontent.com/CodeClarityCE/codeclarity-dev/main/setup.sh && sh setup.shWhat this script does:
- Environment Setup - Clones the development repository and configures environment variables
- Container Orchestration - Builds and starts all required Docker containers (frontend, API, backend, database, message queue)
- Database Initialization - Downloads and restores sample data for immediate development
- Service Verification - Ensures all services are running and properly connected
To work with the latest vulnerability data and enhance your development experience:
-
Get an NVD API Key: Apply for a free API key from the National Vulnerability Database
-
Configure the API Key: Add your key to
codeclarity-dev/.cloud/env/.env.makefile:NVD_API_KEY=your-api-key-here
-
Update the Knowledge Database:
make knowledge-update
Note
The knowledge database update can take 15-30 minutes depending on your internet connection. This step is optional for basic development but recommended for working with vulnerability detection features.
Once setup is complete, use these commands to manage your development environment:
make help # Show all available commandsmake build # Build all Docker images
make up # Start development environment
make down # Stop development environment
make pull # Pull latest Docker images
make logs # View container logsmake build-prod # Build production Docker images
make up-prod # Start in production mode
make down-prod # Stop production environmentmake knowledge-setup # Initialize knowledge database
make knowledge-update # Update vulnerability data
make download-dumps # Download database dumps
make dump-database # Create database backup
make restore-database # Restore from backup-
Start Your Environment:
make up
-
View Logs (in a separate terminal):
make logs
-
Make Your Changes - Edit code in your preferred IDE
-
Test Your Changes - Changes are automatically reflected due to volume mounting
-
Stop Environment when done:
make down
- Location:
frontend/directory - Hot Reload: Enabled in containers using
vite - Access: https://localhost:443
- Build:
make build(rebuilds frontend container)
- Location:
api/directory - Hot Reload: Enabled in containers with
nest --watch - Access: API available at https://localhost:443/api
- Documentation: Swagger UI available in development mode
- Location:
backend/directory - Hot Reload: Enabled in containers with
Air - Build:
make build(rebuilds backend services) - Plugins: Located in
backend/plugins/directory
CodeClarity's plugin system allows you to create custom analysis tools:
-
Create Plugin Structure:
mkdir backend/plugins/my-plugin cd backend/plugins/my-plugin -
Implement Plugin Interface - Follow existing plugin examples (Documentation coming soon)
-
Register Plugin - Add to plugin registry
-
Test Plugin - Use the platform's plugin testing framework
Your development environment is ready! Access CodeClarity at https://localhost:443.
Warning
You may need to accept the self-signed certificate generated by Caddy.
- Username:
john.doe@codeclarity.io - Password:
ThisIs4Str0ngP4ssW0rd?
Important
These are development-only credentials. Change them for any production-like testing.
- Explore the Platform - Familiarize yourself with the UI and features
- Create Your First Analysis - Follow the analysis guide
- Review the Architecture - Understand how components interact
- Start Contributing - Check out our contribution guidelines
We welcome contributions from developers of all skill levels! Here's how to get started:
- Fork the Repository - Create your own copy of the project
- Create a Feature Branch -
git checkout -b feature/your-feature-name - Make Your Changes - Follow our coding standards
- Test Thoroughly - Ensure your changes don't break existing functionality
- Submit a Pull Request - Describe your changes and their impact
For detailed guidelines, see CONTRIBUTING.md.
- Code Style: Follow language-specific conventions (ESLint for TypeScript, gofmt for Go)
- Testing: Write tests for new features and bug fixes
- Documentation: Update relevant documentation
- Commit Messages: Use clear, descriptive commit messages
Found a bug or have a feature request? We'd love to hear from you!
- Check Existing Issues - Avoid duplicates by searching first
- Use Issue Templates - Helps us understand and resolve faster
- Provide Details - Include environment info, steps to reproduce, and expected behavior
- Be Responsive - Engage with maintainers if they need clarification
This project is licensed under the AGPL-3.0-or-later license. See the LICENSE file for full details.
- Your contributions will be under the same AGPL-3.0-or-later license
- You retain copyright to your contributions
- The project remains open source and free to use
- Commercial use is allowed under AGPL terms