DEV Community

Cover image for Linode + DEV Hackathon
Toul
Toul

Posted on • Updated on

Linode + DEV Hackathon

What I built

Gitty Up Gitty Up Sec.

It’s a web app where a user can create an account and add an admin GitHub.com token so that they can run their GitHub org against security best practices;

For each repo present in the Org. with a single report generated.

Note: It currently does not support privately self-hosted GitHub Enterprise Integration.

Category Submission:

  • SaaS

App Link

GittyUpSec.com

Screenshots

GittyUpSec Demo

Description

Used for analyzing an organization’s repos at scale to show which could use hardening for security best practices with GitHub.com's available features

Link to Source Code

Permissive License

Background

(What made you decide to build this particular app? What inspired you?)

I recently obtained my CISSP and as part of retaining it continuing professional education (CPE) credits are required.

So, I watched an ISC^2 presentation over the troubles of securing GitHub Repos, which counts as 1 CPE credit.

I was shocked at how many Fortune 500 companies were being breached due to misconfigured GitHub repos.

Hence, I thought it could be a fun Friday night project to build a simple web app that could be used in the cloud or ran locally to check an Orgs security posture for GitHub.

Hence, GittyUp is built in GO which makes it easy to share across operating systems.

Later, I plan to create a CLI version of it as well as a Docker containerized version to make it even easier to use on one’s local computer.

I really hope it can help with stopping the data breaches caused by poor GitHub Repository Configuration.

How I built it

(How did you utilize Linode? Did you learn something new along the way? Pick up a new skill?)

  • I learned how to use Linode servers for running a web app which was tricky as it required installing it as a service on the Linode server. However, using Docker could make it easier as Linode has a Docker based server. But I kept it simple since it was a brief hackathon.

  • I also learned how to map a namecheap.com domain to the Linode server IP which was really easy to do in the Linode Console. It was just a click of the button and editing a few records within the NameCheap control panel.

  • I also learned how to use Linode Database Clusters which were also easy to set up in the console and upon set up provided all the credentials in an easy to view manner for connecting to the database. However, I opted to install the DB locally on the Linode server to reduce costs because I didn't want to go over the credit nor use a virtual DB/CPU.

Additional Resources/Info

Top comments (3)

Collapse
 
terraier profile image
Toul

Note, I have deleted the Linode instance while awaiting results.

Collapse
 
scott_forsyth_e034891f83a profile image
Scott Forsyth

Looks great! Can’t wait to see more!!

Collapse
 
terraier profile image
Toul

Thank you! Really appreciate that