masrafe53/famed-github-back

famed-github-back

Morphysm is a community of engineers, designers and researchers contributing to security, cryptography, cryptocurrency and AI.

Famed-Backend

This repository contains the code of the Famed-Backend.

Table of Contents

• How to Famed
• Security Considerations
• Develop
  • Prerequisites
  • Run
    • Env Variables
• Troubleshooting
• Code Owners
• License
• Contact

How to Famed

🚧 New guide in construction 🚧

1. Install the Famed GitHub App (https://github.com/apps/get-famed) and allow the app to access to your repository.
   Note: We populate the issue labels when you allow the app to access your repository: "famed", "none", "low", "medium", "high", "critical". We do not overwrite your labels if labels with the same name are present.

2. Setup frontend:

   1. You can find your public board at https://www.famed.morphysm.com/teams/<owner>/<repoName>
   2. Use our famed-board react component (work in progress)
   3. Use our famed-board js script (work in progress)

3. Label your repository issues:

   1. Assign a “famed” label to the issues you want to track with Famed
   2. Assign a severity label to each issue tracked by Famed. We follow the Common Vulnerability Scoring System (CVSS). (Low, Medium, High, Critical)
   3. Make sure the issue has an assignee when closing the issue
      
      

   You will see comments by the Famed bot on your issues labeled with "famed" - the frontend is updated once the first issues are closed.

4. Join Famed on Telegram: https://t.me/+iQPfZQNshl04YmIy

Security Considerations

We memmemory encrypted the GitHub keywith https://github.com/awnumar/memguard to mitigate memmory dump readout attacks.

We use -buildmode=pie resulting in all addresses except the stack being randomized. (https://rain-1.github.io/golang-aslr.html)

Self Host

Coming Soon

GitHub App

Coming Soon

Develop

Prerequisites

Please make sure that your system has the following programs:

• go min. v1.17

1. Create your own GitHub app.
2. Add a webhook secret to your GitHub app.
3. Use a reverse proxy method of your choice to forward requests from github to your localhost port. (e.g. https://ngrok.com/)
4. Add the reverse proxy endpoint for callbacks (famed/webhooks/event) at the GitHub app.
5. Set up the Env variables.

Run

Env Variables

🚧 New env variables list in construction 🚧

• GITHUB_API_KEY: Secret key of the Famed GitHub app (GoLand might format your API key wrongly - Go to .idea/workspace.xml with a alternative editor and set <env name="GITHUB_API_KEY" value=/> where you replace newlines with ).
• GITHUB_APP_ID: ID of the Famed GitHub app
• GITHUB_BOT_LOGIN: Login Name of the Famed GitHub app bot (GitHub App name - spaces replaced by "-" + [bot] e.g. : get-famed[bot] )
• GITHUB_WEBHOOK_SECRET: Webhook secret key of the Famed GitHub app
• GITHUB_FAMED_LABEL: Label used to assign issues to the Famed Process
• ADMIN_USERNAME: Username for simple auth admin calls
• ADMIN_PASSWORD: Password for simple auth admin calls
• NEWRELIC_ENABLED: Enable New Relic tracing (feature still experimental / in development)
• NEWRELIC_KEY: New Relic authentication key (leave empty if NEWRELIC_ENABLED=false)
• NEWRELIC_NAME: New Relic service name (leave empty if NEWRELIC_ENABLED=false)

Troubleshooting

If you have encountered any problems while running the code, please open a new issue in this repo and label it bug, and we will assist you in resolving it.

Code Owners

@morphysm/team 😎

License

Our repository is licensed under the terms of the GNU Affero General Public License v3.0.

Contact

If you'd like to know more about us visit https://www.morphysm.com/, or contact us at contact@morphysm.com.