A secure, scalable full-stack e-commerce platform built with Spring Boot and React, designed to demonstrate real-world software engineering, security, and DevOps practices.
- Account registration & login (JWT)
- Browse products
- Shopping cart & checkout
- Order history
- Product & category management
- Order management
- User role control (RBAC)
- Frontend: React (Vite)
- Backend: Java Spring Boot (REST API)
- Database: PostgreSQL
- Authentication: JWT
- DevOps: Docker & GitHub Actions
- Frontend: React (Vite)
- Backend: Java Spring Boot
- Database: PostgreSQL
- Authentication: JWT
- DevOps: Docker, GitHub Actions
- Package Managers: npm, Maven
- Languages: JavaScript, Java
- Password hashing (BCrypt)
- JWT authentication & authorization
- Input validation
- Role-based access control
This repository implements comprehensive security measures:
- π€ Automated Dependency Scanning - Dependabot monitors vulnerabilities across npm, Maven, Docker, and GitHub Actions
- π Code Vulnerability Scanning - CodeQL automatically scans for security issues in Java and JavaScript code
- π Secret Detection - Prevents accidental exposure of API keys and credentials
- π Security Policy - Clear process for responsible vulnerability disclosure
For security researchers: See SECURITY.md for our vulnerability reporting process.
For administrators: See Security Setup Guide for configuration instructions.
docker-compose up --build