GitHub - r-thak/TrueSource: TrueSource

A cloud-native dApp for tracking product lifecycle on Solana blockchain with security monitoring. Similar to CarFax but for consumer electronics, bikes, and high-value goods.

Quick Start

# Start the entire security stack
docker-compose up -d

# Access services:
# - Frontend: http://localhost:8080
# - API: http://localhost:3000
# - Grafana: http://localhost:3001 (admin/admin123)

Components

Application Layer

solana-program/ - Rust-based on-chain program for product provenance
backend/ - Node.js REST API with structured logging
frontend/ - React frontend with Solana wallet integration

Security Layer

nginx/ - NGINX with ModSecurity WAF & OWASP Core Rules
opa/ - Open Policy Agent for dynamic authorization
falco/ - Runtime security monitoring with custom rules

Observability Layer

loki/ - Centralized log aggregation
grafana/ - Real-time monitoring dashboards
promtail/ - Log shipping agent

Security Features

Area 1: Pre-Deployment (Build, Test, Artifacts)

Trivy container vulnerability scanning (blocks CRITICAL/HIGH)
npm audit dependency scanning in CI/CD
Cosign/Sigstore keyless image signing with OIDC
Alpine Linux minimal base images
Multi-stage builds for reduced attack surface
Non-root users in all containers

Area 2: Runtime Security (Deployment, Policy, Monitoring)

Falco runtime threat detection with 7 custom security rules
ModSecurity WAF with OWASP CRS + custom API rules
OPA policy engine for API authorization
Loki + Grafana for structured logging & visualization
Rate limiting (100 req/min per IP at NGINX + WAF layers)
Security headers (CSP, HSTS, X-Frame-Options, etc.)
Environment-based secrets management

View live security events in Grafana: http://localhost:3001/d/bbf-security

Documentation

Solana Program - On-chain program details
Backend API - REST API documentation
Frontend - Web UI setup

Name		Name	Last commit message	Last commit date
Latest commit History 129 Commits
.github/workflows		.github/workflows
backend		backend
falco		falco
frontend		frontend
grafana		grafana
loki		loki
nginx		nginx
opa/policies		opa/policies
solana-program		solana-program
vault		vault
.gitattributes		.gitattributes
.gitignore		.gitignore
README.md		README.md
design.md		design.md
docker-compose.yml		docker-compose.yml
start.sh		start.sh
test-falco-events.sh		test-falco-events.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Quick Start

Components

Application Layer

Security Layer

Observability Layer

Security Features

Area 1: Pre-Deployment (Build, Test, Artifacts)

Area 2: Runtime Security (Deployment, Policy, Monitoring)

Documentation

About

Uh oh!

Releases

Packages

Contributors 2

Uh oh!

Languages

r-thak/TrueSource

Folders and files

Latest commit

History

Repository files navigation

Quick Start

Components

Application Layer

Security Layer

Observability Layer

Security Features

Area 1: Pre-Deployment (Build, Test, Artifacts)

Area 2: Runtime Security (Deployment, Policy, Monitoring)

Documentation

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Uh oh!

Languages

Packages