Skip to content

slipalison/simulator-ccb

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

397 Commits
.github
.github
 
 
.planning
.planning
 
 
.qwen
.qwen
 
 
.semgrep
.semgrep
 
 
docs
docs
 
 
frontend
frontend
 
 
infra
infra
 
 
keycloak
keycloak
 
 
scripts
scripts
 
 
src
src
 
 
tests
tests
 
 
.checkov.yml
.checkov.yml
 
 
.dockerignore
.dockerignore
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
.gitleaks.toml
.gitleaks.toml
 
 
.gitleaksignore
.gitleaksignore
 
 
.mcp.json
.mcp.json
 
 
.semgrepignore
.semgrepignore
 
 
.trivyignore
.trivyignore
 
 
.zap-rules.tsv
.zap-rules.tsv
 
 
CLAUDE.md
CLAUDE.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Onboarding.slnx
Onboarding.slnx
 
 
QWEN.md
QWEN.md
 
 
README.md
README.md
 
 
compose.test.yml
compose.test.yml
 
 
compose.yaml
compose.yaml
 
 
entrypoint.sh
entrypoint.sh
 
 

Repository files navigation

Onboarding de Clientes PF/PJ

Sistema de onboarding para cadastro de clientes Pessoa Física e Pessoa Jurídica com autenticação via Keycloak.

Security

CI Dependabot Security Policy

This project runs 13 security checks across a multi-stage pipeline:

Stage Jobs Purpose
Build Backend, Client, Backoffice Parallel builds with artifact caching
Tests Domain/API/Integration, Client checks, Backoffice checks Coverage ≥ 80%, tsc, eslint
Security 10 independent jobs (SAST, SCA, SBOM, DAST, Container, IaC, Secrets) Run in parallel, no dependencies
Category Tools
Build/Test .NET 10 + coverlet (80% coverage threshold)
Frontend Vinxi (tsc, eslint, build) × 2 projects
SAST Semgrep (custom rules), CodeQL (dataflow analysis)
SCA Trivy (dependency CVEs), Dependabot (weekly updates)
SBOM Syft (source code SPDX + container CycloneDX)
DAST OWASP ZAP (baseline scan against running API)
Container Trivy (image scan), Dockle (CIS Benchmarks)
IaC Checkov (Docker Compose), Kubescape (K8s preparation)
Secrets Gitleaks (pattern detection), TruffleHog (active verification)

Pipeline stages: Build → Tests (needs build) — Security runs parallel, independent.

See Security Overview for complete documentation. See CI Pipeline Architecture for multi-stage details and security tool rationale.

Tech Stack

  • Backend: .NET 10, ASP.NET Core Controllers, Entity Framework Core, PostgreSQL
  • Frontend: React 19, Vinxi (Vite-based), TypeScript, Tailwind CSS, TanStack Router
  • Auth: Keycloak 26.1 (hardened), JWT, ROPC grant
  • Infrastructure: Docker Compose, GitHub Actions CI/CD
  • Observability: Serilog, OpenTelemetry

Quick Start

# Start infrastructure
docker compose up -d

# Backend
dotnet restore Onboarding.slnx
dotnet run --project src/Onboarding.API

# Frontend Client
cd frontend/client && npm ci && npm run dev

# Frontend Backoffice
cd frontend/backoffice && npm ci && npm run dev

Documentation

License

Internal project — all rights reserved.

About

No description, website, or topics provided.

Resources

Readme

Contributing

Contributing

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages