Transforming Data into Actionable insights
This project aims to provide a secure and user-friendly dashboard for managing and monitoring projects under the OpenJS Foundation. It evolves from this proof of concept (POC) and currently we are developing an MVP version (milestone roadmap).
The goal of this project is to streamline the secure management of OpenJS Foundation projects by providing an intuitive dashboard with robust infrastructure support. It emphasizes security, simplicity, and extensibility โจ
A few months ago, we started a discussion about the OpenJS Security Collab space initiative ("Security Program Standards") to build a dashboard for monitoring security parameters in our projects (Node.js, Electron, jQuery, Express, etc.). After carefully planning and securing resources, we are now at an exciting point as weโve recently launched a pilot program with some projects. ๐
So far, weโve developed this website: https://openjs-security-program-standards.netlify.app/, which is based on the checklist (Google Sheet) and the introductory document (Google Doc) that we compiled during our original research. ๐
You can watch this YouTube video for a proper introduction to the Dashboard and website (both Proof of Concept versions) built based on feedback from the Express Security WG and others.
In essence, this tool collects information from multiple sources, evaluates it, transforms it into actionable insights, and uses it to build dashboards, tasks, and alerts at both the foundation and project levels. If you prefer a non-video format, here are the slides and the code repository.
Currently, we are focused on building a solid MVP and onboarding new contributors, aiming to create a great product by the end of this process. ๐
Yes, we are looking for HELP in many ways! ๐ Letโs collaborate and have fun together. You can find more information in the contributing guide. ๐
Another great way to get involved is by participating in the OpenJS Security Collab Space. We hold regular meetings to discuss this initiative and many other exciting topics.
The project includes a technical architecture guide that provides in-depth explanations of various concepts.
- Node.js 22 and npm
- Docker and Docker Compose
- GitHub token with
repo:read
access level (not needed for development)
This project requires a PostgreSQL database and includes an instance of Adminer accessible at http://localhost:8080
.
npm run infra:start
npm run infra:stop
Set the GITHUB_TOKEN
environment variable to authenticate with the GitHub API.
Optionally, use a .env
file:
GITHUB_TOKEN=your_github_token_here
Then load it using:
node --env-file=.env index.js workflow run --name populate-repos-list
Add a new project:
node index.js project add [--name <name>] [--github-urls <urls...>] [--category <category>]
Example:
node index.js project add --name express --github-urls https://github.com/expressjs https://github.com/pillarjs https://github.com/jshttp --category impact
Run a workflow:
node index.js workflow run [--name <name>]
List workflows:
node index.js workflow list
List all checks:
node index.js check list
Run a specific check:
node index.js check run [--name <name>]
There is an specific workflow that runs all the checks sequentially:
node index.js workflow run run-all-checks
The checklist are collections of checks. You can list the available list by running:
node index.js checklist list
Run a specific checklist:
node index.js checklist run [--name <name>]
It is possible also to define a project scope:
node index.js checklist run [--name <name>] [--project-scope <name1,name2,...>]
Run latest migrations:
npm run db:migrate
Rollback migrations:
npm run db:rollback
Seed the database:
npm run db:seed
Check the schema:
Refer to the latest schema file at /src/database/schema/schema.sql.
Update the schema:
npm run db:generate-schema
Enable debug logs using the DEBUG
environment variable:
DEBUG=* node index.js
Run lint checks:
npm run lint
Fix lint issues:
npm run lint:fix
Run tests:
npm test
Run tests with coverage:
npm run test:coverage
Update the snapshots when needed:
npm run test -- -u
We encourage contributors to adhere to our Code of Conduct and Contributing Guidelines. Security-related concerns should follow our Security Policy.
This project is licensed under the MIT License. See the LICENSE file for details.