Secure Chain Gateway is an API Gateway that provides a unified interface for all Secure Chain microservices. It acts as a single entry point with features like rate limiting, CORS management, request logging, and unified OpenAPI documentation.
- 🚪 Single Entry Point - Unified API interface for all microservices
- 🔒 Rate Limiting - Configurable limits per endpoint (25-75 req/min)
- 🌐 CORS Management - Configurable cross-origin resource sharing
- 📝 Request Logging - Detailed logging with timing information
- 📚 Unified OpenAPI - Merged documentation from all microservices
- 🔄 Transparent Proxy - Smart header filtering and cookie preservation
- ⚡ High Performance - Async/await throughout, tested with 90% coverage
- 🎯 Type Safe - Complete type hints for better IDE support
The gateway proxies requests to three microservices:
- securechain-auth (
/auth/*) - Authentication and user management - securechain-depex (
/depex/*) - Dependency analysis and graphs - securechain-vexgen (
/vexgen/*) - VEX/TIX generation
- Docker to deploy the tool
- Docker Compose for container orchestration
- Python 3.14 or higher
- uv (recommended for faster dependency management)
- The Neo4J browser interface is available at localhost:7474
- MongoDB Compass recommended for database GUI
- Neo4j Browser: http://localhost:7474
- MongoDB: Use MongoDB Compass
Clone the repository from the official GitHub repository:
git clone https://github.com/securechaindev/securechain-gateway.git
cd securechain-gatewayCreate a .env file from the .env.template file and place it inside app directory.
-
How to get a GitHub API key.
-
Modify the Json Web Token (JWT) secret key and algorithm with your own. You can generate your own secret key with the command openssl rand -base64 32.
Ensure you have the securechain Docker network created. If not, create it with:
docker network create securechainFor graphs and vulnerabilities information you need to download the zipped data dumps from Zenodo. Once you have unzipped the dumps, inside the root folder run the command:
docker compose up --buildThe containerized databases will also be seeded automatically.
Run the command from the project root:
docker compose -f dev/docker-compose.yml up --buildThe API will be available at http://localhost:8080. You can access the API documentation at http://localhost:8080/docs.
The project uses Python 3.14 and uv as the package manager for faster and more reliable dependency management.
-
Install uv (if not already installed):
curl -LsSf https://astral.sh/uv/install.sh | sh -
Activate the virtual environment (uv creates it automatically):
uv venv source .venv/bin/activate -
Install dependencies:
uv sync
# Install test dependencies
uv sync --extra test
# Run all tests
uv run pytest
# Run tests with coverage report
uv run pytest --cov=app --cov-report=term-missing --cov-report=html
# Run specific test file
uv run pytest tests/unit/controllers/test_graph_controller.py -v
# Run only unit tests
uv run pytest tests/unit/ -v# Install linter
uv sync --extra dev
# Linting
uv run ruff check app/
# Formatting
uv run ruff format app/Pull requests are welcome! To contribute follow this guidelines.