Skip to content

Vikas-k-c/docksafe

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DockSafe

DockSafe is DevSecOps-based Docker image vulnerability scanner. It provides a web interface where users can enter a Docker image name and view vulnerability risk details, remediation suggestions, image metadata, and scan summaries.

This project demonstrates DevSecOps practices such as containerization, CI/CD automation, dependency auditing, Docker image scanning, and security-focused reporting.

Features

  • React frontend for Docker image scan input and result visualization
  • Node.js/Express backend API
  • Dockerized frontend and backend
  • Docker Compose setup for local deployment
  • GitHub Actions CI/CD pipeline
  • Dependency audit using npm audit
  • Docker image vulnerability scanning using Trivy
  • Trivy scan reports uploaded as GitHub Actions artifacts
  • Fast demo mode for quick classroom/project demonstrations
  • Health check endpoint for backend service

Tech Stack

  • Frontend: React, Vite, Axios
  • Backend: Node.js, Express
  • Containerization: Docker, Docker Compose
  • CI/CD: GitHub Actions
  • Security Scanning: Trivy, npm audit
  • Web Server: Nginx for frontend container

Project Structure

docksafe/
├── backend/
│   ├── server.js
│   ├── analyzer.js
│   ├── suggestions.js
│   ├── Dockerfile
│   ├── package.json
│   └── .env.example
├── frontend/
│   ├── src/
│   ├── Dockerfile
│   ├── nginx.conf
│   ├── package.json
│   └── index.html
├── .github/
│   └── workflows/
│       └── ci-cd.yml
├── docker-compose.yml
└── README.md

How To Run Locally With Docker

Make sure Docker Desktop is running.

cd C:\Users\vikas\OneDrive\Desktop\docksafe
docker compose up --build

Open the frontend:

http://localhost:8080

Backend health check:

http://localhost:5001/health

If port 5001 is busy, choose another host port:

$env:DOCKSAFE_BACKEND_PORT=5002
docker compose up --build

To stop the project:

docker compose down

Fast Demo Mode

By default, the project uses fast demo mode:

FAST_SCAN_MODE: true

This returns simulated but realistic scan results in a few seconds. It is useful for presentations and classroom demos.

To use real Trivy scans, update docker-compose.yml:

FAST_SCAN_MODE: false

Then rebuild:

docker compose down
docker compose up --build

Real Trivy scans may take longer because Trivy downloads vulnerability databases and analyzes image layers.

Deploy On Render

This repo includes render.yaml for Render Blueprint deployment.

  1. Push this project to GitHub.
  2. In Render, choose New -> Blueprint.
  3. Connect the GitHub repository.
  4. When Render asks for VITE_API_URL, enter your backend URL:
https://docksafe-backend.onrender.com

If Render gives your backend a slightly different URL, use that exact backend URL instead. After deployment:

Frontend: https://docksafe-frontend.onrender.com
Backend health: https://docksafe-backend.onrender.com/health

Backend API

Health Check

GET /health

Response:

{
  "ok": true
}

Scan Docker Image

POST /scan

Request body:

{
  "image": "alpine:latest"
}

Response includes:

  • vulnerability counts
  • risk score
  • image size
  • layer count
  • remediation suggestions
  • top vulnerability findings
  • scan duration

CI/CD Pipeline

The GitHub Actions workflow is located at:

.github/workflows/ci-cd.yml

The pipeline runs automatically on push or pull request to main or master.

Pipeline stages:

Frontend quality gate
Backend quality gate
Docker build and scan

Frontend Quality Gate

  • Installs dependencies
  • Runs ESLint
  • Builds frontend
  • Runs dependency audit

Backend Quality Gate

  • Installs dependencies
  • Runs dependency audit

Docker Build And Scan

  • Builds backend Docker image
  • Builds frontend Docker image
  • Scans images using Trivy
  • Uploads Trivy reports as workflow artifacts

DevSecOps Concepts Demonstrated

This project demonstrates:

  • Continuous Integration
  • Continuous Delivery pipeline structure
  • Docker containerization
  • Docker Compose orchestration
  • Dependency vulnerability auditing
  • Container image vulnerability scanning
  • Security reports as CI artifacts
  • Environment variable configuration
  • Health checks
  • Secure separation of frontend and backend services

GitHub Actions Automation

After pushing code to GitHub, go to:

Repository -> Actions -> CI/CD

The workflow will run automatically.

You can also trigger it manually:

Actions -> CI/CD -> Run workflow

Example Images To Scan

alpine:latest
nginx:latest
node:20-alpine
python:3.9
redis:7

Author

Vikas K C

Project Purpose

This project was developed as a DevSecOps subject project to demonstrate how security can be integrated into the software development lifecycle using CI/CD, Docker, and automated vulnerability scanning.

About

No description, website, or topics provided.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors