{"id":36497248,"url":"https://github.com/aau-network-security/haaukins-store","last_synced_at":"2026-01-12T02:04:46.587Z","repository":{"id":37038943,"uuid":"253450456","full_name":"aau-network-security/haaukins-store","owner":"aau-network-security","description":"New haaukins component responsible to store data into the database","archived":false,"fork":false,"pushed_at":"2023-03-07T03:06:22.000Z","size":381,"stargazers_count":0,"open_issues_count":9,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-08T22:30:03.132Z","etag":null,"topics":["cybersecurity","database","golang","grpc-communication","grpc-go","grpc-server","microservices","opensource","postgresql"],"latest_commit_sha":null,"homepage":"https://docs.haaukins.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aau-network-security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-06T09:23:03.000Z","updated_at":"2023-10-04T09:59:14.000Z","dependencies_parsed_at":"2024-06-19T16:59:01.240Z","dependency_job_id":"42847cf3-b123-4aa0-914e-c0df3e663c97","html_url":"https://github.com/aau-network-security/haaukins-store","commit_stats":null,"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"purl":"pkg:github/aau-network-security/haaukins-store","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aau-network-security%2Fhaaukins-store","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aau-network-security%2Fhaaukins-store/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aau-network-security%2Fhaaukins-store/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aau-network-security%2Fhaaukins-store/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aau-network-security","download_url":"https://codeload.github.com/aau-network-security/haaukins-store/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aau-network-security%2Fhaaukins-store/sbom","scorecard":{"id":159641,"data":{"date":"2025-08-11","repo":{"name":"github.com/aau-network-security/haaukins-store","commit":"19cf393505cc25063b9639d8b1407ed47e68323d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.5,"checks":[{"name":"Code-Review","score":2,"reason":"Found 3/12 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/checkbrname.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/dockerpush.yml:1","Warn: no topLevel permission defined: .github/workflows/main.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checkbrname.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/aau-network-security/haaukins-store/checkbrname.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checkbrname.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/aau-network-security/haaukins-store/checkbrname.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/aau-network-security/haaukins-store/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/aau-network-security/haaukins-store/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/aau-network-security/haaukins-store/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/aau-network-security/haaukins-store/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dockerpush.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/aau-network-security/haaukins-store/dockerpush.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dockerpush.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/aau-network-security/haaukins-store/dockerpush.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dockerpush.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/aau-network-security/haaukins-store/dockerpush.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dockerpush.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/aau-network-security/haaukins-store/dockerpush.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/aau-network-security/haaukins-store/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/aau-network-security/haaukins-store/main.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:9: pin your Docker image by updating gcr.io/distroless/base-debian10 to gcr.io/distroless/base-debian10@sha256:101798a3b76599762d3528635113f0466dc9655ecba82e8e33d410e2bf5cd319","Warn: downloadThenRun not pinned by hash: .github/workflows/main.yml:52","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"15 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-3250 / GHSA-29wx-vh33-7x7r","Warn: Project is vulnerable to: GO-2025-3553 / GHSA-mh63-6h87-95cp","Warn: Project is vulnerable to: GO-2022-0288","Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GO-2023-2153 / GHSA-m425-mq94-257g / GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T12:58:34.781Z","repository_id":37038943,"created_at":"2025-08-16T12:58:34.781Z","updated_at":"2025-08-16T12:58:34.781Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28331537,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T00:36:25.062Z","status":"online","status_checked_at":"2026-01-12T02:00:08.677Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","database","golang","grpc-communication","grpc-go","grpc-server","microservices","opensource","postgresql"],"created_at":"2026-01-12T02:03:27.209Z","updated_at":"2026-01-12T02:04:46.572Z","avatar_url":"https://github.com/aau-network-security.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# haaukins-store\n\nHaaukins store is internally used for managing information about events and teams which are exists in Hauukins. With gRPC communication, [Haaukins](https://github.com/aau-network-security/haaukins)\nis able to get/post information into haaukins store, although we have store folder in Haaukins repo, we are retrieving and updating information through Haaukins store. The one which is exists on Haaukins is just used for caching purposes. \nHowever, we have some local data which consists of configuration files which are fetched and updated directly from host for Haaukins. They are namely; \n \n- `config.yml` : This is main file to run Haaukins daemon, it specifies all necesseary information regarding to private registries, users, frontends and exercises file location. \n- `exercises.yml`: This file includes information about existing challenges in Haaukins environment. Since it is too strucctured, it was not ok to combine into Haaukins store, however we are thinking to replace it.  \n- `frontends.yml` : Provides overall information about frontend which is used in Haaukins, frontends are instances in this context, like `Kali`, `Parrot`, `Ubuntu`.\n- `users.yml` : Have information about users who have access to administrator side of Haaukins. \n\n\n## Production usage\n\nDocker image of haaukins store could be used in any docker compose file if environment variables provided correctly. When using in production, you can specify image address instead of building it fromm source code. \n\nHaaukins store image with recent changes will be available at docker hub, with released tag. \n\nNo need to clone the repository, make sure that `.env`  and `config.yml` files are set correctly. \n\nSteps to run it in production: \n\n - Make sure you have configured `.env` and `config.yml` according to the instructions in [configuration](#configuration) section.\n - `curl -o docker-compose.yml https://raw.githubusercontent.com/aau-network-security/haaukins-store/master/docker-compose.yml`\n - Change [`build: .`](https://github.com/aau-network-security/haaukins-store/blob/d41b09f9aecbec5bb0d6cb687ba9bb6bb8e24378/docker-compose.yml#L7) into  `image: aaunetworksecurity/haaukins-store:\u003crelease-tag\u003e` \n - If everything works as expected, you have recent changes in your server. \n \n \n##  Configuration \n\nHaaukins store uses two crucial configuration files which are namely, [`.env`](#environment-file) for [docker-compose.yml](https://github.com/aau-network-security/haaukins-store/blob/master/docker-compose.yml) and `config.yml` for retrieving some information in gRPC server side. \n\nSpecifications and more information about them given below. \n\n- [Configuration File](#configuration-file)\n- [Environment File](#environment-file)\n- [Docker Compose](#docker-compose)\n- [Run](#run)\n\n\n### Environment File\n\nHere is the information which should be included into `.env` file: \n\n```text\nCERTS_PATH=/scratch/configs/certs\nCONFIG_PATH=/scratch/configs/config.yml\nPOSTGRES_DB=exampledb\n# POSTGRES_HOST_AUTH_METHOD=\"trust\"\nPOSTGRES_PASSWORD=exammplepassword\n\n```\n\n- `CERTS_PATH` : Should be provided if TLS is enabled  and certificates should be valid for provided host in [config.yml](#config) file. \n- `CONFIG_PATH`: Place to your `config.yml` file which is mount in `docker-compose.yml` file\n- `POSTGRES_DB`: This is the database information that you have provided in [config.yml](#config) file. \n- `POSTGRES_HOST_AUTH_METHOD`: This parameter could be used for local developments however it is NOT recommended, because it eliminates authentication (no password for postgres connection)\n- `POSTGRES_PASSWORD`: Recommended way of running  haaukins store, should be same with the one in [config.yml](#config) file. \n- `POSTGRES_USER`: Could be useful to have, should be same with `db.user` parameter in [config.yml](#config) file\n\nNote that there could be cases where password is not required, in those cases `POSTGRES_HOST_AUTH_METHOD` could be used. However when you are using it, you do NOT need to provide `POSTGRES_PASSWORD`. \n\n## Configuration file \n\nExample configuration file to run haaukins store without any error. \n\n```yaml\nhost: localhost:50051\nauth-key: development-auth-key\nsignin-key: development-signin-key\ndb:\n  host: postgres-db \n  user: postgres\n  pass: postgres\n  db_name: dummydb\n  db_port: 5432\ntls:\n  enabled: false\n  certfile: ./tests/certs/localhost_50051.crt\n  certkey: ./tests/certs/localhost_50051.key\n  cafile: ./tests/\n```\n\n- `host`: It is gRPC server host address which means that the server, that will be run through docker compose,  will run on that address.\n- `auth-key`: This is authentication key between gRPC server and client, which means that when haaukins store client is used, `auth-key` should match between server and client. \n- `signin-key`: Similar rule applies as `auth-key`, signing  key should also match to be able to use gRPC calls.\n- `db.host` : This is the host name under db configuration, since haaukins store is using docker compose and we are running server with docker compose, it is ok to use service name as database host.\n- `db.user`: As name declares, it is database user. \n- `db_name`: Database name, which should be same with the one in your [`.env`](#environment-file)\n- `db_port`: It is the port to lookup by server which will be build during `docker-compose run -d`\n- `tls`: This consists of some information regarding to your certificates paths, if `tls.enabled` is true which means that you are preferring to use secure communication between server and client. \n\n\n## Docker compose \n\nDocker compose file is defining how services will communicate and how they will be called when they run. The defined services which are defined in docker-compose.yml file might change during time. \nHowever, the changes will be written here, currently it uses port 5432 for postgres and port 50051 for gRPC server communication. \nWithin `docker-compose.yml`, pgadmin4 service is disabled because we decided to use our own tool instead of that one. It could be enabled if we desire at some point. \n\n\n## Run\n\nHaaukins store could be run by ; \n\n- `docker-compose run -d` : will build and run images which are defined in `docker-compose.yml` file IF this is your first time to run `docker-compose.yml` file.\n\nCould be re-build and run by ; \n\n- `docker-compose run -d --build` : If you performed some changes in source code, you need to add  `--build` flag to `docker-compose run -d`. \n\nCould be removed by; \n\n- `docker-compose down --remove-orphans`\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faau-network-security%2Fhaaukins-store","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faau-network-security%2Fhaaukins-store","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faau-network-security%2Fhaaukins-store/lists"}