The purpose of this project is to collect, organize, and provide interesting security metrics for open source projects to stakeholders, including users.
This project is in early development and we welcome community support. For more information or to get involved, please see our workgroup page.
Steps to setting up a local development environment.
- Clone the repository (
git clone https://github.com/ossf/Project-Security-Metrics). - Ensure that you have Docker Compose installed.
- Copy
docker/web/.env.dev.web-exampletodocker/web/.env.dev.weband modify the values in that file for your local environment. - Do the same thing for
docker/db/.env.dev.db-exampleanddocker/worker/.env.dev.worker-example. - Run start.ps1.
- Open http://127.0.0.1:8000
We use Docker Compose to configure multiple containers:
- Web: This is a Django web server that serves requests.
- Nginx: This is a web server that sits in front of Web.
- Db: This is a PostgreSQL database that stores data.
- Worker: This is a worker role that performs various tasks.
- Web Worker: This is a worker role that uses the Web image to perform certain tasks.
- Redis: This is a local caching server.
- Azurite: This is a local Azure Storage emulator (for the work queue).
When running this service, the Web container runs code from the host system, so you can develop code and have it immediately reflect within the web application.
The database, cache, and queue are all persistent.
To refresh static files, perform database migrations, or update packages, run reload.ps1.
To stop the service, run stop.ps1. If you want to remove all persistent data, run
docker-compose -f ./docker/docker-compose.yml down -v.