Thanks for your interest in contributing to this Node.js API example project! The purpose of this project is to demonstrate the inclusion of open-source tools to augment security in a DevSecOps model.
To run this project locally, you will need Node.js and npm installed.
- Clone this repository and navigate to the root directory.
- Install dependencies with
npm install. - Start the server with
node index.js. - Visit http://localhost:8080/
You can also run the application within a Docker container.
- Build the Docker image:
docker image build -t my-sample-api:1.0 . - Run the Docker image:
docker run -p 8080:8080 my-sample-api:1.0
We appreciate your efforts to contribute. Here are the steps to get started:
- Fork the repository.
- Create a branch in your fork for your update.
- Make your changes, including updating any relevant documentation.
- Test your changes locally/on your fork.
- Submit a pull request with your changes against the main branch of this repository.
We would appreciate it if any substantial contribution has a corresponding issue, and your PR references that issue.
This project uses GitHub Actions for continuous integration. We store the Docker image on Docker Hub and deploy the application using a free-tier Okteto account.
Please create your free accounts on Docker Hub and Okteto.
For deploying your changes using GitHub Actions, you will need to set the following secrets in your repository:
DOCKERHUB_LOGIN: Your Docker Hub loginDOCKERHUB_PASS: Your Docker Hub passwordOKTETO_API_KEY: Your Okteto API key
Also, adjust the repository name for image hosting in .github/workflows/main.yaml with your Docker Hub username.
Your mission, should you choose to accept it, involves augmenting this project with additional security scanning and fixing vulnerabilities. Check the Challenge section in the README for more details.
Thanks for contributing!