Using the Sample Repository
Try out Amplify using our example repository with pre-existing vulnerabilities.
Overview
During setup, you may not have a vulnerable project to test Amplify with. To help you get started and quickly test out Amplify, we provide an example repository with preexisting vulnerabilities that you can add to your GitHub account.
Amplify's Example Project
An example project based on Juice Shop, a Javascript web application for security testing.
Usage
Create a new repository
From GitHub, go to the new repository creation page.
Under Owner, select the organization or user you added to Amplify, give a name to your example project, e.g. my-vulnerable-project
, and create the repository.
You can also select Private if you wish to keep it hidden.
For GitHub CLI users
To quickly perform this step, you can run the following command, replacing ORGNAME
/REPONAME
as needed: gh repo create --private ORGNAME/REPONAME
Clone the example project
Copy the example project and all its branches to your local machine. If using the command line, the following should suffice:
Update your clone's remotes
You’ll now need to update your local copy of the example project to point to your own repository, and then sync your local copy to it. Using the command line, this can be done with the following commands:
Ensure Amplify can access your repository
If you picked “Only select repositories” when installing the Amplify GitHub App, be sure to update the list of allowed repositories to include the new repository.
Click here for settings under your user account, otherwise go to https://github.com/organizations/ORGNAME/settings/installations
for settings under an organization, replacing ORGNAME
with your organization name.
You can skip this if you selected “All repositories” during installation.
Add your repository to Amplify
If you’re in the middle of setup, the repo should automatically show up in the list of projects to add. Otherwise, go to the Projects page and click Add Project to start the process.
Open a pull request
Visit your repository on GitHub and create a pull request or two from the example branches, such as vulns/sql-injection
.
Amplify will automatically scan the contents of your pull requests, report any vulnerabilities it finds, and provide code fixes when available.
GitLab and Other Users
If you’re using GitLab or another platform, you can for the most part follow the above steps, substituting those using GitHub’s web interface with the equivalent on your VCS platform. For succinctness, the following is a demonstration for GitLab, provided you’ve set up a new project on GitLab: