Skip to content

timothywarner-org/globomantics-schematic-uploader-v2

BranchesTags

Repository files navigation

Globomantics Schematic Uploader v2

MIT License PRs Welcome

A modern, secure uploader for Globomantics schematic assets. Built for speed, reliability, and developer delight.

Pluralsight Demo: GitHub Secret Scanning, Push Protection, and Alert Management

In this demo, you'll:

  • Test GitHub push protection (preventing secrets from being pushed)
  • Trigger and manage secret scanning alerts
  • Practice alert remediation and workflow

This repository is intentionally designed for hands-on learning with GitHub Advanced Security features.

Features

  • File upload (schematic/diagnostic files)
  • Structured logging with Winston
  • Intentional fake secrets (see below)
  • Informative results page for teaching
  • Modern Globomantics branding

Fake Secrets for Demo Purposes

This repository intentionally includes a small number of fake secrets to help you demo GitHub push protection and secret scanning. Do not use real secrets!

Current fake secrets:

  • index.js: A fake GitHub Personal Access Token (PAT)
  • index.js: A fake cloud API key
  • .env.example: DEMO_SECRET=ghp_FAKEDEMOSECRET1234567890

You can add or remove these as needed for your demos. After testing, be sure to scrub any secrets before production use.

Getting Started

  1. Clone this repo.
  2. Install dependencies: 
    npm install
  3. Copy .env.example to .env and adjust as needed.
  4. Start the app: 
    npm start
  5. Visit http://localhost:3002

Demo: Secret Scanning, Push Protection, and Alert Management

  • This repo contains fake secrets in:
    • index.js (GitHub PAT, cloud API key)
    • .env.example (DEMO_SECRET)
    • App logs (see app.log after uploading a file)
  • Push Protection: Try committing a new fake secret and pushing to GitHub. Observe how push protection blocks the push and provides remediation steps.
  • Alert Management: After a secret is detected, use the GitHub UI to view, resolve, or dismiss the alert. Practice the full alert management workflow.
  • Use GitHub Advanced Security (GHAS) or the GitHub web UI to scan for secrets.
  • Try leaking a secret in a commit, then use git filter-repo or BFG to scrub it and re-scan.

Teaching Tips

  • Show learners the results page after upload. Point out the note about intentional secrets.
  • Open index.js and .env.example to show how secrets can be exposed in code and config.
  • Tail the app.log file to show how secrets can leak into logs.

Security Notice

Do not use real secrets in this demo app! All secrets are fake and for educational purposes only.

Contributing

See CONTRIBUTING.md.

Code of Conduct

See CODE_OF_CONDUCT.md.

Security Policy

See SECURITY.md.

© 2024 Timothy Warner. MIT License.

Happy scanning! 🚦

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Sponsor this project

Packages

No packages published

Languages