An advanced organizational security and activity monitoring dashboard designed to provide comprehensive insights into project health, contributor performance, and system vulnerabilities.
The Enhanced Organization Dashboard is a sophisticated platform that helps organizations seamlessly manage their security issues, bug reports, and contributor activity in a unified, visual interface. The system follows OWASP BLT (Bug Logging Tool) guidelines to ensure secure implementation.
- Real-time issue tracking: Monitor security issues and bug reports in real-time via WebSockets
- Advanced filtering and reporting: Filter bugs and security issues by severity, status, assignee, etc.
- Comprehensive visualization: Review security trends, risk distribution, and activity metrics through interactive charts
- Secure implementation: Built following OWASP security guidelines with multiple security middleware layers
- Real-time notifications: Receive instant updates when new issues are reported or existing ones are updated
- Containerized deployment: Easy deployment with Docker and Docker Compose
The system follows a hybrid architecture:
- Frontend: React application with modern UI components (shadcn, TailwindCSS)
- Backend:
- Django REST API for secure data handling and persistence
- Node.js/Express server for frontend and WebSocket services
- Database: PostgreSQL for reliable data storage
- Real-time communication: WebSockets for instant updates and notifications
- React
- TailwindCSS
- shadcn UI components
- WebSockets for real-time updates
- TanStack Query for data fetching
- Recharts for data visualization
- Django 5.0 with Django REST Framework (minimal imports)
- Node.js/Express
- Drizzle ORM
- WebSocket Server (ws)
- PostgreSQL database
- Security Headers Middleware
- SQL Injection Protection
- Rate Limiting
- CSRF Protection
- Secure Logging
- Custom Exception Handling
- Node.js 18+ and npm
- Python 3.10+
- PostgreSQL 14+
- Docker and Docker Compose (for containerized deployment)
-
Clone the repository
git clone <repository-url> cd enhanced-organization-dashboard
-
Set up environment variables
cp .env.example .env # Edit .env file with your database credentials and other settings -
Install dependencies
Frontend and Node.js backend:
npm install
Django backend:
cd backend pip install -r requirements.txt -
Initialize the database
npm run db:push cd backend python manage.py migrate -
Start development servers
Using the combined script:
./run-servers.sh
Or individually:
# Start Node.js server with WebSockets npm run dev # In another terminal, start Django server ./start-django.sh
-
Access the application at http://localhost:3000
The application can be deployed using Docker Compose for both development and production environments.
-
Build and start containers
docker-compose up -d
-
Apply migrations (if needed)
docker-compose exec app npm run db:push docker-compose exec app bash -c "cd backend && python manage.py migrate"
-
Access the application at http://localhost:3000
For production deployment, consider the following:
-
Set production environment variables
- Set
NODE_ENV=production - Set
DEBUG=Falsefor Django - Generate a secure
SECRET_KEYfor Django - Configure
ALLOWED_HOSTSfor Django
- Set
-
Use a production-ready database setup
- Proper user permissions
- Regular backups
- Connection pooling
-
Configure a reverse proxy (Nginx/Apache)
- Handle SSL termination
- Load balancing (if scaling)
- Static file serving
-
Deploy using Docker
docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d
The application implements multiple security layers following OWASP guidelines:
- Security Headers Middleware: Adds security headers to prevent XSS, clickjacking, etc.
- SQL Injection Protection: Filters request parameters for potential SQL injection patterns
- Rate Limiting: Prevents brute force attacks by limiting API request frequency
- Content Security Policy: Restricts resources that the application can load
- CSRF Protection: Prevents cross-site request forgery attacks
- Secure Password Validation: Enforces password complexity and prevents common passwords
- Secure Logging: Prevents sensitive data exposure in logs
- Containerization: Isolates the application for improved security
The Django backend follows a minimal approach, with:
- Only necessary Django imports
- Streamlined middleware configuration
- Focused use of Django REST Framework
- Minimal database queries
- Clean separation of concerns
Contributions are welcome! Please follow these steps:
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Open a pull request
This project is licensed under the MIT License - see the LICENSE file for details.