{"id":47668449,"url":"https://github.com/tlsentinel/tlsentinel-server","last_synced_at":"2026-04-27T03:01:13.149Z","repository":{"id":346077954,"uuid":"1184490561","full_name":"TLSentinel/tlsentinel-server","owner":"TLSentinel","description":"TLS certificate monitoring platform — tracks X.509 certificates across hosts, alerts on upcoming expiry, and provides a REST API + React dashboard for managing scanners, hosts, and users.","archived":false,"fork":false,"pushed_at":"2026-04-23T00:54:52.000Z","size":43532,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-23T02:26:26.775Z","etag":null,"topics":["go","golang","monitoring-tool","ssl","ssl-certificates","tls","tls-certificates","typescript"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TLSentinel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-17T16:30:43.000Z","updated_at":"2026-04-16T10:51:39.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/TLSentinel/tlsentinel-server","commit_stats":null,"previous_names":["tlsentinel/tlsentinel-server"],"tags_count":34,"template":false,"template_full_name":null,"purl":"pkg:github/TLSentinel/tlsentinel-server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TLSentinel%2Ftlsentinel-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TLSentinel%2Ftlsentinel-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TLSentinel%2Ftlsentinel-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TLSentinel%2Ftlsentinel-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TLSentinel","download_url":"https://codeload.github.com/TLSentinel/tlsentinel-server/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TLSentinel%2Ftlsentinel-server/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32320683,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T23:26:28.701Z","status":"online","status_checked_at":"2026-04-27T02:00:06.769Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","golang","monitoring-tool","ssl","ssl-certificates","tls","tls-certificates","typescript"],"created_at":"2026-04-02T12:09:09.587Z","updated_at":"2026-04-27T03:01:13.135Z","avatar_url":"https://github.com/TLSentinel.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cpicture\u003e\n    \u003cimg src=\"https://tlsentinel.github.io/assets/tlsentinel_logo_light_horizontal.png\" alt=\"TLSentinel\" /\u003e\n  \u003c/picture\u003e\n\u003c/p\u003e\n\n\u003ch1\u003eTLSentinel — Server\u003c/h1\u003e\n\n\u003cp\u003e\n  A self-hosted TLS certificate monitoring platform. Track expiry, TLS hygiene, and cipher suite health across your infrastructure.\n\u003c/p\u003e\n\n\u003ch3\u003e\n  \u003ca href=\"#-getting-started\"\u003eGetting Started\u003c/a\u003e\n  \u003cspan\u003e · \u003c/span\u003e\n  \u003ca href=\"#-environment-variables\"\u003eConfiguration\u003c/a\u003e\n  \u003cspan\u003e · \u003c/span\u003e\n  \u003ca href=\"https://github.com/tlsentinel/tlsentinel-scanner\"\u003eScanner Agent\u003c/a\u003e\n\u003c/h3\u003e\n\n\u003cbr/\u003e\n\n## Features\n\n- **Certificate tracking** — expiry, chain validity, fingerprints\n- **TLS profile scanning** — detect TLS 1.0/1.1, weak ciphers, preferred cipher selection\n- **Host management** — associate hosts with certificates and scan status\n- **Distributed scanners** — multiple agents, each scoped to specific hosts\n- **Mail notifications** — SMTP alerts when certificates approach expiry\n\n## Screenshots\n\n\u003cp align=\"center\"\u003e\n  \u003cpicture\u003e\n    \u003cimg src=\"https://tlsentinel.github.io/assets/screenshots/dashboard.png\" width=\"400\" alt=\"Dashboard\" /\u003e\n  \u003c/picture\u003e\n  \u003cpicture\u003e\n    \u003cimg src=\"https://tlsentinel.github.io/assets/screenshots/host_detail.png\" width=\"400\" alt=\"Host\" /\u003e\n  \u003c/picture\u003e\n\u003c/p\u003e\n\n## Getting Started\n\nThe recommended deployment is Docker.\n\n```sh\ngit clone https://github.com/tlsentinel/tlsentinel-server.git\ncd tlsentinel-server\ncp .env.example .env\ndocker compose up -d\n```\n\nConfigure the required environment variables below, point it at a PostgreSQL database, and start it. Migrations run automatically on startup.\n\n## Environment Variables\n\n\n| Variable | Description |\n|---|---|\n| `TLSENTINEL_DB_HOST` | Hostname (default: `localhost`) |\n| `TLSENTINEL_DB_PORT` | Port (default: `5432`) |\n| `TLSENTINEL_DB_NAME` | Database name (default: `tlsentinel`) |\n| `TLSENTINEL_DB_USERNAME` | Username |\n| `TLSENTINEL_DB_PASSWORD` | Password |\n| `TLSENTINEL_DB_SSLMODE` | SSL mode (default: `disable`) |\n| `TLSENTINEL_JWT_SECRET` | JWT signing secret (min 32 chars). Generate: `openssl rand -hex 32` |\n| `TLSENTINEL_ADMIN_USERNAME` | Bootstrapped admin username |\n| `TLSENTINEL_ADMIN_PASSWORD` | Bootstrapped admin password |\n| `TLSENTINEL_ENCRYPTION_KEY` | AES-256 key for encrypting SMTP passwords at rest. Generate: `openssl rand -base64 32` |\n\n## Project Layout\n\n```\ncmd/server/             # Entry point\ninternal/\n  auth/                 # JWT middleware, scanner token auth\n  certificates/         # Certificate parsing and storage\n  crypto/               # AES encryption helpers\n  dashboard/            # Dashboard aggregate queries\n  db/                   # Database access (bun ORM)\n  hosts/                # Host management\n  mail/                 # SMTP sender and config\n  models/               # Shared request/response types\n  notifications/        # Certificate expiry alert emails\n  probe/                # Scanner-facing API\n  routes/               # Router setup (chi)\n  scanners/             # Scanner token management\n  scheduler/            # In-process cron scheduler\n  tlsprofile/           # TLS version/cipher profile ingestion\n  users/                # User management\n  version/              # Build-time version stamping\nmigrations/             # PostgreSQL migration files (auto-applied on startup)\nweb/                    # React + Vite + TypeScript + shadcn/ui frontend\n```\n\n## License\n\nMIT — see [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftlsentinel%2Ftlsentinel-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftlsentinel%2Ftlsentinel-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftlsentinel%2Ftlsentinel-server/lists"}