Overview

During setup, you may not have a vulnerable project to test Amplify with. To help you get started and quickly test out Amplify, we provide a template repository with preexisting vulnerabilities that you can add to your GitHub account.

Amplify's Example Project

An example project based on Juice Shop, a Javascript web application for security testing.

Usage

1

Launch the template

On the Amplify Example Project, click the “Use this template” button at the top right and select “Create a new repository” (or click here).

2

Include all branches

Check “Include all branches” to copy the example vulnerable branches from the template repository.

3

Create your repository

Select the organization or user you added to Amplify, give a name to your example project, and create the repository.

For GitHub CLI users

To quickly do these 3 steps, you can run the following command, replacing ORGNAME/REPONAME as needed: gh repo create -p amplify-security/amplify-example-project --include-all-branches --private ORGNAME/REPONAME

4

Ensure Amplify can access your repository

If you picked “Only select repositories” when installing the Amplify GitHub App, be sure to update the list of allowed repositories to include the new repository. Click here for settings under your user account, otherwise go to https://github.com/organizations/ORGNAME/settings/installations for settings under an organization, replacing ORGNAME with your organization name.

You can skip this if you selected “All repositories” during installation.

5

Add your repository to Amplify

If you’re in the middle of setup, the repo should automatically show up in the list of projects to add. Otherwise, go to the “Projects” page and click “Add Project” to start the process.

6

Open a pull request

Visit your repository on GitHub and create a pull request or two from the example branches, such as vulns/sql-injection.

Amplify will automatically scan the contents of your pull requests, report any vulnerabilities it finds, and provide code fixes when available.

GitLab and Other Users

If you’re using GitLab or another platform, you can still use the example project by cloning the template like any other repository and pushing it to your own account or group/organization. The following is a demonstration for GitLab, provided you’ve set up a new project on GitLab:

git clone --mirror https://github.com/amplify-security/amplify-example-project.git my-example-project
cd my-example-project
git remote set-url origin https://gitlab.com/USERNAME/my-example-project.git
git push --mirror origin
QuickstartIgnoring Vulnerabilities