> ## Documentation Index
> Fetch the complete documentation index at: https://docs.amplify.security/llms.txt
> Use this file to discover all available pages before exploring further.

# Using the Sample Repository

> Try out Amplify using our example repository with pre-existing vulnerabilities.

export const amplify = {
  app_url: "https://app.amplify.security"
};

## Overview

During setup, you may not have a vulnerable project to test Amplify with.
To help you get started and quickly test out Amplify, we provide an example repository with preexisting vulnerabilities that you can add to your GitHub account.

<Card title="Amplify's Example Project" icon="paste" href="https://github.com/amplify-security/amplify-example-project" horizontal>
  An example project based on Juice Shop, a Javascript web application for security testing.
</Card>

## Usage

<Steps titleSize="h3">
  <Step title="Create a new repository">
    From GitHub, go to [the new repository creation page](https://github.com/new).
    Under *Owner*, select the organization or user you added to Amplify, give a name to your example project, e.g. `my-vulnerable-project`, and create the repository.
    You can also select *Private* if you wish to keep it hidden.

    <Tip>
      **For GitHub CLI users**

      To quickly perform this step, you can run the following command, replacing `ORGNAME`/`REPONAME` as needed: `gh repo create --private ORGNAME/REPONAME`
    </Tip>
  </Step>

  <Step title="Clone the example project">
    Copy the example project and all its branches to your local machine.
    If using the command line, the following should suffice:

    ```bash theme={null}
    git clone --mirror https://github.com/amplify-security/amplify-example-project.git my-vulnerable-project
    ```
  </Step>

  <Step title="Update your clone's remotes">
    You'll now need to update your local copy of the example project to point to your own repository, and then sync your local copy to it.
    Using the command line, this can be done with the following commands:

    ```bash theme={null}
    cd my-vulnerable-project
    git remote set-url origin git@github.com:USERNAME/my-vulnerable-project.git
    git push --mirror origin
    ```
  </Step>

  <Step title="Ensure Amplify can access your repository">
    If you picked "Only select repositories" when installing the Amplify GitHub App, be sure to update the list of allowed repositories to include the new repository.
    [Click here for settings under your user account](https://github.com/settings/installations), otherwise go to `https://github.com/organizations/ORGNAME/settings/installations` for settings under an organization, replacing `ORGNAME` with your organization name.

    You can skip this if you selected "All repositories" during installation.
  </Step>

  <Step title="Add your repository to Amplify">
    If you're in the middle of setup, the repo should automatically show up in the list of projects to add.
    Otherwise, go to the *Projects* page and click *Add Project* to start the process.
  </Step>

  <Step title="Open a pull request">
    Visit your repository on GitHub and create a pull request or two from the example branches, such as `vulns/sql-injection`.

    Amplify will automatically scan the contents of your pull requests, report any vulnerabilities it finds, and provide code fixes when available.
  </Step>
</Steps>

## GitLab and Other Users

If you're using GitLab or another platform, you can for the most part follow the above steps, substituting those using GitHub's web interface with the equivalent on your VCS platform.
For succinctness, the following is a demonstration for GitLab, provided you've set up a new project on GitLab:

```bash theme={null}
git clone --mirror https://github.com/amplify-security/amplify-example-project.git my-example-project
cd my-example-project
git remote set-url origin git@gitlab.com:USERNAME/my-example-project.git
git push --mirror origin
```
