- What systems are in my organisation?
- Where is the risk?
- Who do I talk to about that?
Crowdsource systems and the risks they contain.
- pre-commit †
- Java 11+ JDK
- Node 10
- Maven
- Yarn
- Docker & docker-compose
- Python 3
† There are Git hooks in this repository that perform linting and security-related checks before commits. Use pre-commit to install these:
pre-commit installThere are 2 services, frontend (UI) and backend (API).
The UI is SPA react app created via create-react-app.
The API is a Quarkus based java app.
By default, the API serves up the UI but they are designed to be independently deployable.
To build and start developing the API locally:
./tasks build-frontend
./tasks build-backend
./tasks dev-backendThis will build the UI, copy the files over to be served up by the backend, build the backend and start the backend in dev mode with file watch and hot reload for the backend only.
If you want to develop the frontend with hot reload
./tasks dev-frontendThe pre-commit Git hook checks changes for possible secrets using detect-secrets. These checks look for keywords and regions of randomness that might be passwords.
As the checks are heuristic-based, false-positives are possible. If, after reviewing any rejected commits, you’re
confident that there are no secrets, run the following command and include the .secrets.baseline file in the commit:
detect-secrets scan > .secrets.baselineFor this to work, you’ll need to have the detect-secrets tool installed directly. pre-commit has its own copy which
isn’t normally accessible. To install it, use pip (or pip3):
pip install detect-secrets