A production-ready, full-stack security dashboard platform showcasing enterprise cloud security engineering capabilities. This project demonstrates AWS integration, real-time security monitoring, compliance scorecards, and modern full-stack development practices.
- SAST: CodeQL static analysis
- SCA: Dependency vulnerability scanning (npm, .NET)
- Secrets: Gitleaks secret detection
- IaC: Checkov infrastructure scanning
- Container: Trivy container image scanning
- Security Hub: Real-time security findings sync
- CloudTrail: Suspicious activity detection and analysis
- IAM Analysis: Over-permission detection and CIS compliance checking
- Cloud Security Dashboard: Unified view of AWS security posture
- Historical Trends: Time-series analysis of security findings
- Compliance Scorecards: OWASP Top 10 and CWE Top 25 mapping
- Real-time Updates: WebSocket-powered live dashboard updates
- Risk Scoring: Automated risk assessment and gate evaluation
- Backend: Node.js + Express + TypeScript + PostgreSQL
- Frontend: React 19 + TypeScript + Tailwind CSS
- Real-time: Socket.IO WebSocket communication
- CI/CD: GitHub Actions with automated scanning
- Containerization: Docker support for easy deployment
- Node.js 20+
- PostgreSQL 16+ (or Docker)
- npm or yarn
# Clone the repository
git clone <your-repo-url>
cd devsecops-ci-cd-gates
# Start all services
docker-compose up
# Services will be available at:
# - Dashboard: http://localhost:5173
# - API: http://localhost:3001
# - PostgreSQL: localhost:5432See QUICK_START.md for detailed setup instructions.
devsecops-ci-cd-gates/
βββ backend/ # Node.js API server
β βββ src/
β β βββ config/ # Configuration
β β βββ controllers/ # Request handlers
β β βββ services/ # Business logic
β β β βββ aws/ # AWS integrations
β β βββ routes/ # API routes
β β βββ middleware/ # Auth, validation
β βββ prisma/ # Database schema
β
βββ dashboard/ # React frontend
β βββ src/
β β βββ components/ # UI components
β β βββ pages/ # Page components
β β βββ services/ # API clients
β β βββ store/ # State management
β
βββ .github/workflows/ # CI/CD pipelines
βββ docs/ # Documentation
- Clean architecture with separation of concerns
- Type-safe with TypeScript throughout
- Comprehensive error handling and logging
- Security best practices (JWT, RBAC, rate limiting)
- Database migrations and seeding
- Security Hub: Real-time findings sync
- CloudTrail: Security event analysis
- IAM: Policy analysis and over-permission detection
- Demonstrates real AWS SDK usage (not mockups)
- React 19 with TypeScript
- Beautiful dark-themed UI
- Real-time WebSocket updates
- Professional charts and visualizations
- Responsive design
- GitHub Actions workflow
- Automated security scanning
- API integration for data persistence
- Automated dashboard deployment
- JWT authentication
- Role-based access control
- Rate limiting
- Input validation (Zod)
- Security headers (Helmet.js)
- API key management
- QUICK_START.md - Getting started guide
- backend/README.md - Backend API documentation
- PROJECT_COMPLETE.md - Complete feature list
- IMPLEMENTATION_STATUS.md - Implementation details
- Runtime: Node.js 20
- Framework: Express.js
- Language: TypeScript
- Database: PostgreSQL 16
- ORM: Prisma
- Authentication: JWT + API Keys
- WebSocket: Socket.IO
- Validation: Zod
- Logging: Winston
- Framework: React 19
- Language: TypeScript
- Styling: Tailwind CSS 4
- Charts: Recharts
- State: Zustand
- Routing: React Router
- Animations: Framer Motion
- Security Hub
- CloudTrail
- IAM
- β JWT authentication with role-based access control
- β API key authentication for CI/CD
- β Rate limiting on all endpoints
- β Input validation with Zod
- β Security headers (Helmet.js)
- β CORS configuration
- β SQL injection prevention (Prisma)
- β XSS protection (React)
POST /api/v1/auth/login- LoginGET /api/v1/auth/me- Get current user
POST /api/v1/scans- Create scanGET /api/v1/scans- List scansGET /api/v1/scans/:id- Get scanGET /api/v1/scans/latest- Get latest scan
GET /api/v1/findings- List findingsGET /api/v1/findings/:id- Get findingPATCH /api/v1/findings/:id- Update finding
GET /api/v1/trends- Historical trendsGET /api/v1/compliance/owasp-top10- OWASP scorecardGET /api/v1/compliance/cwe-top25- CWE scorecard
POST /api/v1/aws/securityhub/sync- Sync Security HubGET /api/v1/aws/securityhub/findings- Get Security Hub findingsPOST /api/v1/aws/cloudtrail/analyze- Analyze CloudTrailPOST /api/v1/aws/iam/analyze- Analyze IAM policies
- AWS Security Hub integration
- CloudTrail log analysis
- IAM policy analysis
- Cloud security posture management
- RESTful API design
- Real-time WebSocket communication
- Database schema design
- Modern React patterns
- TypeScript throughout
- CI/CD pipeline integration
- Security scanning automation
- Compliance mapping
- Security metrics and trending
Future enhancements (designed, not yet implemented):
- Multi-cloud support (Azure, GCP)
- SBOM generation (Syft)
- DAST integration (OWASP ZAP)
- Advanced remediation workflows
- Infrastructure as Code (Terraform)
MIT
This is a portfolio project. Feel free to fork and extend!
Status: β Production Ready
All core features implemented. Ready for deployment and demonstration.