From 95b6a1a9a0a0d8f02d655a84ae347a8f15aa0c6a Mon Sep 17 00:00:00 2001
From: Stefan Streichsbier <stefan@guardrails.io>
Date: Tue, 7 Dec 2021 17:39:36 +0700
Subject: [PATCH] Revised challenge
---
README.md | 41 +++++++++++++++++++++++++----------------
1 file changed, 25 insertions(+), 16 deletions(-)
diff --git a/README.md b/README.md
index 8e25346..1014f5b 100644
--- a/README.md
+++ b/README.md
@@ -6,41 +6,50 @@
## Description
-Create the project in a dedicated repository with meaningful commit messages. Use Golang and any 3rd party libraries that you want to use.
+Build a simple code scanning application that detects sensitive keywords in public git repos.
+The application must fulfil the following requirements:
+- A user can CRUD repositories. A repository contains a name and a link to the repo.
+- A user can trigger a scan against a repository.
+- A user can view the Security Scan Result ("Result") List
-1. Implement a **RESTful API** to **CRUD** a Security Scan Result (“Result”). The Result entity should have the following properties and be stored in a database of your choice:
+How to do a scan:
+- Just keep it simple by iterating the words on the codebase to detect SECRET_KEY findings.
+- SECRET_KEY start with prefix public_key || private_key.
+The Result entity should have the following properties and be stored in a database of your choice:
- Id: any type of unique id
- Status: "Queued" | "In Progress" | "Success" | "Failure"
- RepositoryName: string
+- RepositoryUrl: string
- Findings: JSONB, see [example](example-findings.json)
- QueuedAt: timestamp
- ScanningAt: timestamp
- FinishedAt: timestamp
-
-2. Implement another endpoint that lists all Results and uses pagination.
-3. Create unit tests and provide documentation.
-
-Wherever you’d have to add something that requires product subscriptions or significant extra time, just mention it in your documentation.
+Wherever you'd have to add something that requires product subscriptions or significant extra time, just mention it in your documentation.
**What we want to see:**
-
- Project Structure: Clear organization and structure of folders, code and functionality.
-- Clean Code: Code Consistency, use of linters, formatting, error handling, simple and performant solution to the challenge.
-- Stack Knowledge: Proper use of Golang.
+- Clean Code: Code Consistency, use of linters, formatting, error handling, and anything else that shows your skills. Simple is better than complex.
+- Stack Knowledge: Proper use of Golang and selected frameworks/libraries.
- Implementation: The implementation has to work according to the specs.
-- Unit Tests: Covering the core functionality with unit tests.
-- Proper Documentation: Describe what the project is doing, what has been used, how to configure it, how to start it, test it etc.
+- Unit Tests: Covering the core functionality with unit tests (positive and negative test-cases).
+- Proper Documentation:
+ - A High-Level Design for the components/infrastructure if any.
+ - Describe how you came up with the solution and what makes it a good one for the use-case.
+ - Describe what the project is doing, what has been used, how to configure it, how to start it, test it etc.
**Bonus points for:**
-
-- SQL schema: Using a relational database that has a proper schema and indexes
-- API documentation: Using e.g OpenApi specs
+- SQL schema
+- API documentation
- Containerized app
+- Use of appropriate design patterns
+- Microservice Architecture
+- Any extra feature (just write it in your documentation)
-**Things you don’t have to worry about:**
+**Things you don't have to worry about:**
+- Authentication/Authorization
- CI configuration / Deployment
- APM
- Authentication / Authorization / Auditing