First off, thank you for contributing to Shuffle! Your talents and your contributions are greatly appreciated. With Shuffle, we aim to make cybersecurity more accessible, and keep that in mind with everything we make.
If you find a bug or think of an improvement or fix, please open a new issue. Outline every step necessary to reproduce the bug. Include screenshots, logs and/or code examples where applicable. The more thorough you are, the better.
There are a lot of things to work on in our complex ecosystem. The most pressing issues are documentation, use-cases and content-creation, but any help is appreciated. We'll make sure you get the help you need to get started. Below is an incomplete list of items. If you see an issue, tell us or fix it! :)
As with everything else, app creation for Shuffle is made as accessibl as possible with the app editor. However, there are some instances where it can't do the job, and you'll have to write Python code. The App Editor generates OpenAPI specifications and can be widely shared, while Python apps only work for Shuffle and NSA's WALKOFF (which Shuffle is based on). You can find our OpenAPI apps here and our Python apps here. Apps in these repositories are automatically available after installation. Shuffle apps are searchable on https://shuffler.io.
Workflows are where the magic of Shuffle automation happens. Our current ones are outlined here, and will be automatically imported into Shuffle instances in the future. They are split into Prepare and Response, but don't necessarily have to be. If you'd like to talk about workflow creation or use-cases in general, either Open a new issue or send us an email at [email protected]
Documentation is essential to any product, and Shuffle is no exception. Documentation in Shuffle uses markdown and is located in the shuffle-docs repository. These are then loaded into Shuffle when someone visits https://shuffler/docs/about, then cached for later use. If you make an edit, expect it on our website in about an hour.
The frontend of Shuffle is what everyone sees when they log in. Our goal here is to make it easy to get started and keep going with Shuffle - removing any blockers from the point of accessibility. If you'd like to get started, find an issue and check the installation guide for setting it up locally without Docker.
The backend of Shuffle is our REST API Server that runs in the background, handling all the API-calls in general, whether from users or apps. If you'd like to get started, find an issue and check the installation guide for setting it up locally without Docker.
Shuffle runs using Docker, and is built to scale. There are many areas that may revolve around scaling, but the main issues come down to how we use Docker in our architecture. If you want to help by submitting Helm charts (K8s), Docker swarm configurations, blogposts, or talk about code changes that would help scaling - please reach out (or just start building!), and we can discuss the possibilities. Make sure to read about the architecture first :)
Whether it's security testing, code testing or CI/CD, we could always need another hand. E.g. an example of CI/CD used for apps can be found here, but we don't at all limit the scope to Github actions. If you find a security issue, whether open source or not, please contact [email protected] or contact us on our website.
What is a product without a community? Want to help out? Whether it be through blogposts, videos or community management, don't hesitate to reach out if you would like to help, and get a more keen understanding of how we work. (PS: We're hiring)
Shuffle uses the GitHub flow. All project changes are made through pull requests. If you see an issue that you would like to work on, leave a quick comment or just get cracking.
All contributions are made under either the GNU Affero General Public License v3.0 or MIT license. See below for further details.