SiteGuard

Production-ready SaaS starter for one-click website security audits using Next.js App Router, Prisma (MongoDB), BullMQ, and a dedicated worker.

Features

• One-click scan request (POST /api/scan)
• Background scanning with BullMQ + Redis
• Modular scanners (headers, SSL, malware patterns, CMS detection, open ports, directory listing)
• Security scoring and plain-language reporting
• Dashboard UI for scan history and reports
• NextAuth foundation for authentication
• Dockerized app + worker + MongoDB + Redis

Project Structure

• app/dashboard, app/scan, app/reports/[id], app/login, app/signup
• app/api/scan/route.ts, app/api/report/route.ts, app/api/auth/*
• components/*
• lib/scanner/*, lib/queue/scanQueue.ts, lib/scoring/riskScore.ts, lib/utils/*
• prisma/schema.prisma
• workers/scanWorker.ts

Local Setup

1. Copy env file:
   • cp .env.example .env (or create .env manually on Windows)
2. Install:
   • npm install
3. Generate Prisma client:
   • npm run prisma:generate
4. Push schema to MongoDB:
   • npm run prisma:push
5. Run web app:
   • npm run dev
6. In another terminal, run worker:
   • npm run worker

Docker Setup

Run full stack:

• docker compose up --build

Services:

• Next.js app: http://localhost:3000
• Redis: localhost:6379
• MongoDB: localhost:27017

API

Queue scan

POST /api/scan

Body:

{
  "url": "https://example.com"
}

Response:

{
  "scanId": "....",
  "jobId": "....",
  "status": "queued"
}

Fetch report

GET /api/report?scanId=<id>

Production Notes

• Add real password hashing (Argon2/Bcrypt) for NextAuth credentials
• Add persistent distributed rate-limit store (Redis-based)
• Restrict worker outbound network and harden OS-level sandboxing for scans
• Keep nmap and scanner dependencies patched
• Add observability (OpenTelemetry + structured logs + alerts)