{"id":24678717,"url":"https://github.com/contrast-security-oss/demo-nodegoat","last_synced_at":"2025-03-21T18:25:02.827Z","repository":{"id":72669560,"uuid":"290829070","full_name":"Contrast-Security-OSS/demo-nodegoat","owner":"Contrast-Security-OSS","description":null,"archived":false,"fork":false,"pushed_at":"2023-10-20T14:13:50.000Z","size":980,"stargazers_count":1,"open_issues_count":0,"forks_count":6,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-03-16T03:45:00.228Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Contrast-Security-OSS.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2020-08-27T16:40:05.000Z","updated_at":"2023-10-23T08:11:15.000Z","dependencies_parsed_at":"2023-09-17T22:15:09.954Z","dependency_job_id":null,"html_url":"https://github.com/Contrast-Security-OSS/demo-nodegoat","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fdemo-nodegoat","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fdemo-nodegoat/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fdemo-nodegoat/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fdemo-nodegoat/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Contrast-Security-OSS","download_url":"https://codeload.github.com/Contrast-Security-OSS/demo-nodegoat/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244846004,"owners_count":20520062,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-26T13:18:03.125Z","updated_at":"2025-03-21T18:25:02.797Z","avatar_url":"https://github.com/Contrast-Security-OSS.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# NodeGoat: A deliberately insecure Node.js web application\n\nThis sample application is based on https://github.com/OWASP/NodeGoat.git.\n\n**Warning**: The computer running this application will be vulnerable to attacks, please take appropriate precautions.\n\n# Running standalone\n\nYou can run NodeGoat locally on any machine with Node.js LTS installed.\n\n1. Place a `contrast_security.yaml` file into the application's root folder.\n1. Run `npm install @contrast/agent` for Assess or `npm install @contrast/protect-agent` for Protect .\n1. Create Mongo DB:\n        * If using local Mongo DB instance, start [mongod](http://docs.mongodb.org/manual/reference/program/mongod/#bin.mongod).\n        * Update the `db` property in file `config/env/development.js` to reflect your DB setup. (in format: `mongodb://localhost:27017/\u003cdatabasename\u003e`)\n1. Populate MongoDB with seed data required for the app\n    * Run the `npm run db:seed` to populate the DB with seed data required for the application. Pass the desired environment as argument. If not passed, \"development\" is the default.\n1. Start the server using `npm start`, the Contrast agent will already be enabled.\n1. Browse the application at http://localhost:4000/NodeGoat/\n\n# Running in Docker\n\nYou can run NodeGoat within a Docker container. \n\n1. Place a `contrast_security.yaml` file into the application's root folder.\n1. Build the NodeGoat container image using `docker-compose build`. The Contrast v4 (Assess) agent is added automatically during the Docker build process.\n1. Run the container using `docker-compose up`, this will start a local mongodb container and the web server together.\n1. Browse the application at http://localhost:4000/NodeGoat/\n\n# Running in Azure (Azure App Service):\n\n## Pre-Requisites\n\n1. Place a `contrast_security.yaml` file into the application's root folder.\n1. Install Terraform from here: https://www.terraform.io/downloads.html.\n1. Install PyYAML using `pip install PyYAML`.\n1. Install the Azure cli tools using `brew update \u0026\u0026 brew install azure-cli`.\n1. Log into Azure to make sure you cache your credentials using `az login`.\n1. Edit the [variables.tf](variables.tf) file (or add a terraform.tfvars) to add your initials, preferred Azure location, app name, server name and environment.\n1. Run `terraform init` to download the required plugins.\n1. Run `terraform plan` and check the output for errors.\n1. Run `terraform apply` to build the infrastructure that you need in Azure, this will output the web address for the application. \n1. Run `terraform destroy` when you would like to stop the app service and release the resources.\n\n## Updating the Docker Image\n\nYou can re-build the docker image by running two scripts in order:\n\n* image.sh\n* deploy.sh\n\n## License\nCode licensed under the [Apache License v2.0.](http://www.apache.org/licenses/LICENSE-2.0)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontrast-security-oss%2Fdemo-nodegoat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcontrast-security-oss%2Fdemo-nodegoat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontrast-security-oss%2Fdemo-nodegoat/lists"}