Files
siriusscan--sirius/documentation/contributing.md
T
wehub-resource-sync 161ef94b4f
Check engine pin consistency / Dockerfile / CI pin consistency (push) Successful in 8s
Sirius CI/CD Pipeline / Detect Changes (push) Successful in 23s
Validate Docker Configuration / Validate Docker Compose Configuration (push) Successful in 47s
Sirius CI/CD Pipeline / Build API (${{ matrix.platform }}) (push) Has been cancelled
Sirius CI/CD Pipeline / Build UI (${{ matrix.platform }}) (push) Has been cancelled
Sirius CI/CD Pipeline / Merge Engine Manifest (push) Has been cancelled
Sirius CI/CD Pipeline / Merge API Manifest (push) Has been cancelled
Sirius CI/CD Pipeline / Merge UI Manifest (push) Has been cancelled
Sirius CI/CD Pipeline / Build Engine (${{ matrix.platform }}) (push) Has been cancelled
Sirius CI/CD Pipeline / Build Infra (${{ matrix.service }}, ${{ matrix.platform }}) (push) Has been cancelled
Sirius CI/CD Pipeline / Merge Infra Manifest (sirius-postgres) (push) Has been cancelled
Sirius CI/CD Pipeline / Merge Infra Manifest (sirius-rabbitmq) (push) Has been cancelled
Sirius CI/CD Pipeline / Merge Infra Manifest (sirius-valkey) (push) Has been cancelled
Sirius CI/CD Pipeline / Integration Test (push) Has been cancelled
Sirius CI/CD Pipeline / Public Stack Contract (push) Has been cancelled
Sirius CI/CD Pipeline / Dispatch Demo Deployment (sirius-demo branch) (push) Has been cancelled
Sirius CI/CD Pipeline / Dispatch Demo Canary (main branch) (push) Has been cancelled
Sirius CI/CD Pipeline / Guard Registry Namespace (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:32:25 +08:00

452 lines
12 KiB
Markdown

---
title: "Contributing to Sirius Scan"
description: "Developer guide for contributing to the Sirius Scan vulnerability scanning platform"
template: "TEMPLATE.guide"
version: "1.0.0"
last_updated: "2025-10-11"
author: "Sirius Development Team"
tags: ["contributing", "development", "guide", "setup"]
categories: ["development", "contribution"]
difficulty: "intermediate"
prerequisites:
- "Git version control"
- "Docker and Docker Compose"
- "Go 1.21+ for backend development"
- "Node.js 20+ for frontend development"
related_docs:
- "README.development.md"
- "README.container-testing.md"
- "README.git-operations.md"
dependencies:
- "docker"
- "git"
- "go"
- "node"
llm_context: "high"
search_keywords: ["contributing", "development", "setup", "testing", "workflow"]
---
# Contributing to Sirius Scan
Welcome to the Sirius Scan development community! This guide will help you set up your development environment and contribute effectively to the project.
## 📋 Table of Contents
- [Getting Started](#getting-started)
- [Development Environment Setup](#development-environment-setup)
- [Development Workflow](#development-workflow)
- [Testing & Quality Assurance](#testing--quality-assurance)
- [Code Standards](#code-standards)
- [Submitting Contributions](#submitting-contributions)
- [Community Guidelines](#community-guidelines)
## 🚀 Getting Started
### Prerequisites for Development
Before you begin, ensure you have the following installed:
- **Git**: Version control system
- **Docker Engine**: 20.10.0+ with Docker Compose V2
- **Go**: 1.21+ for backend development
- **Node.js**: 20+ for frontend development
- **System Requirements**: 8GB RAM minimum, 20GB free disk space
- **Understanding of Docker**: Multi-stage builds and volume mounting
### Understanding the Architecture
Sirius uses a microservices architecture with the following key components:
| Component | Technology | Purpose |
|-----------|-----------|---------|
| **sirius-ui** | Next.js 14, React | Web frontend interface |
| **sirius-api** | Go, Gin framework | REST API backend |
| **sirius-engine** | Go, multiple services | Scanner, terminal, agent services |
| **sirius-postgres** | PostgreSQL 15 | Primary data storage |
| **sirius-rabbitmq** | RabbitMQ | Message queue |
| **sirius-valkey** | Redis-compatible | Cache layer |
## 🔧 Development Environment Setup
### Step 1: Clone the Main Repository
```bash
git clone https://github.com/SiriusScan/Sirius.git
cd Sirius
```
### Step 2: Clone Component Repositories (Optional)
Only clone the components you plan to develop:
```bash
# Create development directory structure
mkdir -p ../minor-projects && cd ../minor-projects
# Clone components you want to develop
git clone https://github.com/SiriusScan/go-api.git # REST API backend
git clone https://github.com/SiriusScan/app-scanner.git # Scanning engine
git clone https://github.com/SiriusScan/app-terminal.git # Terminal service
git clone https://github.com/SiriusScan/app-agent.git # Remote agents
git clone https://github.com/SiriusScan/sirius-nse.git # NSE scripts
git clone https://github.com/SiriusScan/app-system-monitor.git # System monitor
git clone https://github.com/SiriusScan/app-administrator.git # Administrator service
cd ../Sirius
```
### Step 3: Configure Development Mode
Edit `docker-compose.dev.yaml` and uncomment volume mounts for components you're developing:
```yaml
services:
sirius-engine:
volumes:
# Uncomment ONLY for repositories you have cloned:
# - ../minor-projects/app-agent:/app-agent-src # Agent development
# - ../minor-projects/app-scanner:/app-scanner-src # Scanner development
# - ../minor-projects/app-terminal:/app-terminal-src # Terminal development
# - ../minor-projects/go-api:/go-api # API development
# - ../minor-projects/app-system-monitor:/system-monitor # Monitor development
# - ../minor-projects/app-administrator:/app-administrator # Admin development
```
### Step 4: Start Development Environment
```bash
# Development mode requires BOTH config files
docker compose -f docker-compose.yaml -f docker-compose.dev.yaml up -d --build
# Or for a clean start
docker compose -f docker-compose.yaml -f docker-compose.dev.yaml down -v
docker compose -f docker-compose.yaml -f docker-compose.dev.yaml up -d --build
```
**⚠️ Important**: The `docker-compose.dev.yaml` file is an override file, not a standalone configuration. You must specify both the base configuration (`docker-compose.yaml`) and the development overrides (`docker-compose.dev.yaml`) when starting services in development mode.
### Development Features
- **🔥 Hot Reload**: Live code reloading with Air for Go services
- **📝 Live Editing**: Frontend changes reflect immediately
- **🐛 Debug Mode**: Detailed logging and error reporting
- **🔍 Development Tools**: Access to Go toolchain and debugging utilities
## 🔄 Development Workflow
### Daily Development Commands
```bash
# View real-time logs
docker compose logs -f sirius-engine
# Access development container
docker exec -it sirius-engine bash
# Check live reload status
docker exec sirius-engine ps aux | grep air
# Restart specific service
docker restart sirius-engine
# Rebuild with changes (development mode)
docker compose -f docker-compose.yaml -f docker-compose.dev.yaml up -d --build
# Stop development environment
docker compose -f docker-compose.yaml -f docker-compose.dev.yaml down
# Clean restart (removes volumes)
docker compose -f docker-compose.yaml -f docker-compose.dev.yaml down -v
docker compose -f docker-compose.yaml -f docker-compose.dev.yaml up -d
```
### Working with Individual Components
#### Backend Development (Go)
```bash
# Access the container
docker exec -it sirius-engine bash
# Run tests
go test ./...
# Build manually
go build -o binary main.go
# Check dependencies
go mod tidy
```
#### Frontend Development (Next.js)
```bash
# Access the UI container
docker exec -it sirius-ui bash
# Install dependencies
npm install
# Run development server
npm run dev
# Build production
npm run build
```
## 🧪 Testing & Quality Assurance
### Running Tests
```bash
# Run comprehensive test suite
cd testing
make test-all
# Run specific test categories
make test-build # Container build tests
make test-health # Health check tests
make test-integration # Integration tests
# Run documentation validation
make lint-docs # Full documentation linting
make lint-docs-quick # Quick documentation checks
make lint-index # Index completeness check
```
### Manual Testing
```bash
# Test scanner functionality
docker exec sirius-engine nmap --version
docker exec sirius-engine nmap -p 80 127.0.0.1
# Test API endpoints
curl http://localhost:9001/health
curl http://localhost:9001/api/v1/system/health
# Test database connection
docker exec sirius-postgres pg_isready
docker exec sirius-postgres psql -U postgres -d sirius -c "SELECT version();"
# Test RabbitMQ
docker exec sirius-rabbitmq rabbitmqctl status
docker exec sirius-rabbitmq rabbitmqctl list_queues
```
### Pre-Commit Testing
Before committing code, always run:
```bash
# Run all validation checks
cd testing
make validate-all
# Or use the pre-commit hook (automatically runs on commit)
git commit -m "your commit message"
```
The pre-commit hook automatically runs:
- Documentation linting (quick validation)
- Index completeness check
- Build validation (smart testing based on branch)
## 📝 Code Standards
### Git Workflow
We follow a structured Git workflow as documented in [README.git-operations.md](dev/operations/README.git-operations.md).
#### Branch Naming
```
<type>/<description>
Examples:
feature/vulnerability-export
fix/scanner-timeout
docs/api-documentation
```
#### Commit Messages
```
<type>(<scope>): <description>
[optional body]
[optional footer]
Types:
- feat: New feature
- fix: Bug fix
- docs: Documentation changes
- test: Testing changes
- refactor: Code refactoring
- chore: Maintenance tasks
- hotfix: Emergency production fix
Examples:
feat(scanner): add support for custom NSE scripts
fix(api): resolve authentication token expiration
docs(architecture): update system design documentation
test(integration): add scanner workflow tests
```
#### GitHub Integration
When working with GitHub issues:
```bash
# Create issue first
gh issue create --title "Add vulnerability export feature" --body "Description"
# Create branch linked to issue
git checkout -b feature/77-vulnerability-export
# Commit with issue reference
git commit -m "feat(export): add PDF export functionality
Refs #77"
# Push and create PR
git push origin feature/77-vulnerability-export
gh pr create --fill
```
### Code Review Process
1. **Create feature branch** from main
2. **Implement changes** with tests
3. **Run validation** suite locally
4. **Push branch** to GitHub
5. **Create Pull Request** with description
6. **Wait for review** and approval
7. **Address feedback** if needed
8. **Merge to main** after approval
### Human Validation Required
**⚠️ Important**: Before merging to main, all changes must be:
1. **Tested locally** and verified working
2. **Reviewed by maintainer**
3. **Approved explicitly** before merge
This ensures we never push broken code to production.
## 🤝 Submitting Contributions
### Pull Request Guidelines
When submitting a PR, include:
1. **Clear description** of changes
2. **Issue reference** if applicable
3. **Testing evidence** (screenshots, logs)
4. **Documentation updates** if needed
5. **Breaking changes** clearly marked
### PR Template
```markdown
## Description
[Brief description of changes]
## Related Issue
Fixes #123
## Type of Change
- [ ] Bug fix
- [ ] New feature
- [ ] Breaking change
- [ ] Documentation update
## Testing
- [ ] Local testing completed
- [ ] All tests passing
- [ ] Documentation updated
- [ ] No breaking changes (or documented)
## Screenshots/Evidence
[If applicable]
## Additional Notes
[Any additional context]
```
## 👥 Community Guidelines
### Code of Conduct
- **Be respectful**: Treat all contributors with respect
- **Be collaborative**: Work together to solve problems
- **Be patient**: Remember everyone is learning
- **Be constructive**: Provide helpful feedback
### Getting Help
- **Discord Community**: Real-time chat and support
- **GitHub Issues**: Bug reports and feature requests
- **GitHub Discussions**: General questions and ideas
- **Documentation**: Comprehensive guides and references
### Contributing Areas
We welcome contributions in:
- **Code**: New features, bug fixes, optimizations
- **Documentation**: Guides, tutorials, API docs
- **Testing**: Test cases, integration tests
- **Design**: UI/UX improvements
- **Community**: Support, tutorials, blog posts
## 📚 Additional Resources
### Essential Documentation
- [Development Workflow](dev/README.development.md) - Complete development guide
- [Container Testing](dev/test/README.container-testing.md) - Testing system
- [Git Operations](dev/operations/README.git-operations.md) - Git workflow
- [Architecture](dev/architecture/README.architecture.md) - System design
### Component Repositories
- [go-api](https://github.com/SiriusScan/go-api) - REST API backend
- [app-scanner](https://github.com/SiriusScan/app-scanner) - Scanning engine
- [app-terminal](https://github.com/SiriusScan/app-terminal) - Terminal service
- [app-agent](https://github.com/SiriusScan/app-agent) - Remote agents
- [sirius-nse](https://github.com/SiriusScan/sirius-nse) - NSE scripts
- [app-system-monitor](https://github.com/SiriusScan/app-system-monitor) - System monitor
- [app-administrator](https://github.com/SiriusScan/app-administrator) - Admin service
## 🎓 Learning Path
### For New Contributors
1. **Set up development environment** (this guide)
2. **Read architecture documentation**
3. **Run the test suite** to understand coverage
4. **Pick a "good first issue"** from GitHub
5. **Submit your first PR**
### For Regular Contributors
1. **Understand the codebase** deeply
2. **Review others' PRs** to learn
3. **Propose new features** via issues
4. **Help with documentation**
5. **Mentor new contributors**
## 📞 Contact & Support
- **GitHub Issues**: Bug reports and features
- **GitHub Discussions**: Questions and ideas
- **Discord**: Real-time community chat
- **Email**: support@opensecurity.com
---
Thank you for contributing to Sirius Scan! Your efforts help make security scanning accessible to everyone.