bisco/hoopscout-v3
1
0
Fork 0
generated from bisco/codex-bootstrap
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dd46d7aabbde2c2c810302bbfb88e4da720664df
hoopscout-v3/docs/security.md
T
bisco cc188468bc feat: bootstrap HoopScout scouting app
2026-06-03 21:37:15 +02:00

1.3 KiB
Raw Blame History

Security

HoopScout is initially intended for local or restricted-network use by a small private group.

Authentication and Authorization

  • API endpoints require an authenticated Django user.
  • Django admin is enabled for controlled data management.
  • Users have a profile role: admin, scout, or viewer.
  • Role-specific authorization is not enforced beyond authentication in the MVP.

Network Exposure

Local Compose exposes:

  • backend on 8000;
  • frontend on 4200;
  • PostgreSQL only inside the Compose network.

Secrets

.env.example contains placeholders only. Real local values must be stored in .env, which is ignored by Git.

Containers

Backend and frontend containers run as non-root users. PostgreSQL uses the official image defaults and a named volume.

Data Sources

The repository does not include credentials, scraping logic, or copied external datasets. RealGM, Proballers, and other provider data must be integrated only through authorized APIs or a documented compliant import process.

Known Dependency Findings

npm audit reports moderate vulnerabilities through webpack-dev-server -> sockjs -> uuid in the Angular development toolchain, with no available fix at the time of implementation. The dev server is intended for local restricted use only and must not be exposed publicly.

Reference in New Issue View Git Blame Copy Permalink