Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.12.0 to 2.13.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](https://github.com/jpadilla/pyjwt/compare/2.12.0...2.13.0) --- updated-dependencies: - dependency-name: pyjwt dependency-version: 2.13.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> |
||
|---|---|---|
| .. | ||
| assets/images | ||
| backend | ||
| frontend | ||
| infra | ||
| learn | ||
| .env.example | ||
| .gitignore | ||
| .pre-commit-config.yaml | ||
| DEMO.md | ||
| LICENSE | ||
| README.md | ||
| compose.yml | ||
| dev.compose.yml | ||
| justfile | ||
README.md
██████╗ ██╗ ██╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗███╗ ██╗████████╗██╗ ██╗
██╔══██╗██║ ██║██╔════╝ ██╔══██╗██╔═══██╗██║ ██║████╗ ██║╚══██╔══╝╚██╗ ██╔╝
██████╔╝██║ ██║██║ ███╗ ██████╔╝██║ ██║██║ ██║██╔██╗ ██║ ██║ ╚████╔╝
██╔══██╗██║ ██║██║ ██║ ██╔══██╗██║ ██║██║ ██║██║╚██╗██║ ██║ ╚██╔╝
██████╔╝╚██████╔╝╚██████╔╝ ██████╔╝╚██████╔╝╚██████╔╝██║ ╚████║ ██║ ██║
╚═════╝ ╚═════╝ ╚═════╝ ╚═════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝ ╚═╝ ╚═╝
Production-ready enterprise bug bounty platform with role-based access, CVSS scoring, and full report triage workflows.
This is a quick overview — security theory, architecture, and full walkthroughs are in the learn modules.
What It Does
- Role-based access control for Researchers, Companies, and Admins with JWT refresh token rotation
- CVSS vulnerability scoring with full report triage and bounty award workflows
- Program management with configurable scope, reward tiers, and SLA tracking
- Multi-device session management with token versioning for instant invalidation
- Rate limiting, audit logging, and input validation across all endpoints
- Repository pattern with strict type safety across ~7,000 lines of backend code
Quick Start
docker compose up -d
Visit http://localhost:8420 or the live demo at bugbounty.carterperez-dev.com
[!TIP] This project uses
justas a command runner. Typejustto see all available commands.Install:
curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin
Stack
Backend: FastAPI, SQLAlchemy 2.0+, PostgreSQL 18, Redis 7, Alembic, Argon2id, JWT
Frontend: React 19, TypeScript 5.9, Vite 7, React Router 7.1, TanStack Query v5, Zustand
Learn
This project includes step-by-step learning materials covering security theory, architecture, and implementation.
| Module | Topic |
|---|---|
| 00 - Overview | Prerequisites and quick start |
| 01 - Concepts | Security theory and real-world breaches |
| 02 - Architecture | System design and data flow |
| 03 - Implementation | Code walkthrough |
| 04 - Challenges | Extension ideas and exercises |
License
AGPL 3.0