Overview

During setup, you may not have a vulnerable project to test Amplify with. To help you get started and quickly test out Amplify, we provide an example repository with preexisting vulnerabilities that you can add to your GitHub account.

Amplify's Example Project

An example project based on Juice Shop, a Javascript web application for security testing.

Usage

1

Create a new repository

From GitHub, go to the new repository creation page. Under Owner, select the organization or user you added to Amplify, give a name to your example project, e.g. my-vulnerable-project, and create the repository. You can also select Private if you wish to keep it hidden.

For GitHub CLI users

To quickly perform this step, you can run the following command, replacing ORGNAME/REPONAME as needed: gh repo create --private ORGNAME/REPONAME

2

Clone the example project

Copy the example project and all its branches to your local machine. If using the command line, the following should suffice:

git clone --mirror https://github.com/amplify-security/amplify-example-project.git my-vulnerable-project
3

Update your clone's remotes

You’ll now need to update your local copy of the example project to point to your own repository, and then sync your local copy to it. Using the command line, this can be done with the following commands:

cd my-vulnerable-project
git remote set-url origin https://github.com/USERNAME/my-vulnerable-project.git
git push --mirror origin
4

Ensure Amplify can access your repository

If you picked “Only select repositories” when installing the Amplify GitHub App, be sure to update the list of allowed repositories to include the new repository. Click here for settings under your user account, otherwise go to https://github.com/organizations/ORGNAME/settings/installations for settings under an organization, replacing ORGNAME with your organization name.

You can skip this if you selected “All repositories” during installation.

5

Add your repository to Amplify

If you’re in the middle of setup, the repo should automatically show up in the list of projects to add. Otherwise, go to the Projects page and click Add Project to start the process.

6

Open a pull request

Visit your repository on GitHub and create a pull request or two from the example branches, such as vulns/sql-injection.

Amplify will automatically scan the contents of your pull requests, report any vulnerabilities it finds, and provide code fixes when available.

GitLab and Other Users

If you’re using GitLab or another platform, you can for the most part follow the above steps, substituting those using GitHub’s web interface with the equivalent on your VCS platform. For succinctness, the following is a demonstration for GitLab, provided you’ve set up a new project on GitLab:

git clone --mirror https://github.com/amplify-security/amplify-example-project.git my-example-project
cd my-example-project
git remote set-url origin https://gitlab.com/USERNAME/my-example-project.git
git push --mirror origin