Contributing to Sirius Scan

Thank you for your interest in contributing to Sirius Scan! This guide will help you get started with contributing to our open-source vulnerability scanning platform.

Project Overview

Sirius is an open-source general purpose vulnerability scanner that leverages community-driven security intelligence. The project combines:

• Vulnerability Database Integration with NVD
• Network Vulnerability Scanning
• Agent-based Discovery
• Custom Assessor Analysis
• Modern Web Interface
• RESTful API
• Message Queue-based Architecture
• Persistent Data Storage

System Architecture

Sirius consists of several microservices:

Prerequisites

Before you begin contributing, ensure you have:

• Git: Version control system
• Docker Engine: 20.10.0+ with Docker Compose V2
• Go: 1.21+ for backend development
• Node.js: 20+ for frontend development
• System Requirements: 8GB RAM minimum, 20GB free disk space
• Understanding of Docker: Multi-stage builds and volume mounting

Development Setup

Step 1: Clone the Main Repository

git clone https://github.com/SiriusScan/Sirius.git
cd Sirius

Step 2: Clone Component Repositories (Optional)

Only clone the components you plan to develop:

# Create development directory structure
mkdir -p ../minor-projects && cd ../minor-projects

# Clone components you want to develop
git clone https://github.com/SiriusScan/go-api.git          # REST API backend
git clone https://github.com/SiriusScan/app-scanner.git    # Scanning engine
git clone https://github.com/SiriusScan/app-terminal.git   # Terminal service
git clone https://github.com/SiriusScan/app-agent.git      # Remote agents
git clone https://github.com/SiriusScan/sirius-nse.git     # NSE scripts
git clone https://github.com/SiriusScan/app-system-monitor.git  # System monitor
git clone https://github.com/SiriusScan/app-administrator.git   # Administrator service

cd ../Sirius

Step 3: Configure Development Mode

Edit docker-compose.dev.yaml and uncomment volume mounts for components you're developing:

services:
  sirius-engine:
    volumes:
      # Uncomment ONLY for repositories you have cloned:
      # - ../minor-projects/app-agent:/app-agent-src        # Agent development
      # - ../minor-projects/app-scanner:/app-scanner-src    # Scanner development
      # - ../minor-projects/app-terminal:/app-terminal-src  # Terminal development
      # - ../minor-projects/go-api:/go-api                  # API development
      # - ../minor-projects/app-system-monitor:/system-monitor  # Monitor development
      # - ../minor-projects/app-administrator:/app-administrator  # Admin development

Step 4: Start Development Environment

# Development mode requires BOTH config files
docker compose -f docker-compose.yaml -f docker-compose.dev.yaml up -d --build

# Or for a clean start
docker compose -f docker-compose.yaml -f docker-compose.dev.yaml down -v
docker compose -f docker-compose.yaml -f docker-compose.dev.yaml up -d

⚠️ Important: The docker-compose.dev.yaml file is an override file, not a standalone configuration. You must specify both the base configuration (docker-compose.yaml) and the development overrides (docker-compose.dev.yaml) when starting services in development mode.

Development Features

• 🔥 Hot Reload: Live code reloading with Air for Go services
• 📝 Live Editing: Frontend changes reflect immediately
• 🐛 Debug Mode: Detailed logging and error reporting
• 🔍 Development Tools: Access to Go toolchain and debugging utilities

Development Workflow

Daily Development Commands

# View real-time logs
docker compose logs -f sirius-engine

# Access development container
docker exec -it sirius-engine bash

# Check live reload status
docker exec sirius-engine ps aux | grep air

# Restart specific service
docker restart sirius-engine

# Rebuild with changes (development mode)
docker compose -f docker-compose.yaml -f docker-compose.dev.yaml up -d --build

# Stop development environment
docker compose -f docker-compose.yaml -f docker-compose.dev.yaml down

# Clean restart (removes volumes)
docker compose -f docker-compose.yaml -f docker-compose.dev.yaml down -v
docker compose -f docker-compose.yaml -f docker-compose.dev.yaml up -d

Working with Individual Components

Backend Development (Go)

# Access the container
docker exec -it sirius-engine bash

# Run tests
go test ./...

# Build manually
go build -o binary main.go

# Check dependencies
go mod tidy

Frontend Development (Next.js)

# Access the UI container
docker exec -it sirius-ui bash

# Install dependencies
npm install

# Run development server
npm run dev

# Build production
npm run build

Ways to Contribute

1. Code Contributions

• Bug fixes
• New features
• Performance improvements
• UI/UX enhancements
• Test coverage improvements

2. Documentation

• API documentation
• User guides
• Architecture documentation
• Code comments
• Example code

3. Bug Reports

• Report issues on GitHub
• Provide detailed reproduction steps
• Include system information
• Share relevant logs

4. Community Support

• Help others in Discord
• Share knowledge
• Answer questions
• Review pull requests

Contribution Guidelines

1. Creating Issues

Before starting work:

1. Search existing issues
2. Create a new issue describing:
   • Problem or feature
   • Implementation approach
   • Expected outcome
3. Wait for maintainer feedback
4. Reference the issue in your PR

2. Branch Naming

Use descriptive branch names:

• feature/description - New features
• fix/description - Bug fixes
• docs/description - Documentation
• refactor/description - Code improvements
• test/description - Test additions

3. Commit Messages

Write clear commit messages:

Add host discovery feature

- Implement ARP scanning
- Add subnet range support
- Include rate limiting option

Fixes #123

Guidelines:

• Use present tense
• First line is summary (50 chars)
• Include motivation for change
• Reference issues

4. Code Style

Go Code

• Use gofmt for formatting
• Follow Effective Go
• Add tests for new features
• Document exported functions
• Handle errors appropriately

TypeScript/React

• Use ESLint configuration
• Follow project component structure
• Add PropTypes/TypeScript types
• Write unit tests
• Document complex logic

5. Pull Request Process

1. Update your fork to latest main
2. Create a feature branch
3. Make your changes
4. Write/update tests
5. Update documentation
6. Submit PR with:
   • Clear description
   • Issue references
   • Screenshots (if UI changes)
   • Test results

Testing & Quality Assurance

Running Tests

# Run comprehensive test suite
cd testing
make test-all

# Run specific test categories
make test-build          # Container build tests
make test-health         # Health check tests
make test-integration    # Integration tests

# Run documentation validation
make lint-docs           # Full documentation linting
make lint-docs-quick     # Quick documentation checks
make lint-index          # Index completeness check

Manual Testing

# Test scanner functionality
docker exec sirius-engine nmap --version
docker exec sirius-engine nmap -p 80 127.0.0.1

# Test API endpoints
curl http://localhost:9001/health
curl http://localhost:9001/api/v1/system/health

# Test database connection
docker exec sirius-postgres pg_isready
docker exec sirius-postgres psql -U postgres -d sirius -c "SELECT version();"

# Test RabbitMQ
docker exec sirius-rabbitmq rabbitmqctl status
docker exec sirius-rabbitmq rabbitmqctl list_queues

Pre-Commit Testing

Before committing code, always run:

# Run all validation checks
cd testing
make validate-all

# Or use the pre-commit hook (automatically runs on commit)
git commit -m "your commit message"

The pre-commit hook automatically runs:

• Documentation linting (quick validation)
• Index completeness check
• Build validation (smart testing based on branch)

Troubleshooting

Common Issues

1. Service fails to start

   • Check logs: docker compose logs <service-name>
   • Verify ports: netstat -tuln
   • Check resources

2. Database connection issues

   • Verify PostgreSQL: docker compose ps sirius-postgres
   • Check credentials
   • Review logs

3. Message queue problems

   • Check RabbitMQ status: http://localhost:15672
   • Verify connections
   • Review logs

Getting Help

• Join Discord
• Check Documentation
• Ask in GitHub Discussions
• Review Common Issues

Recognition

We value all contributions and recognize them through:

• GitHub contributors page
• Release notes mentions
• Community spotlights
• Special Discord badges

Additional Resources

Essential Documentation

• Development Workflow - Complete development guide
• Container Testing - Testing system
• Git Operations - Git workflow
• Architecture - System design

Component Repositories

• go-api - REST API backend
• app-scanner - Scanning engine
• app-terminal - Terminal service
• app-agent - Remote agents
• sirius-nse - NSE scripts
• app-system-monitor - System monitor
• app-administrator - Admin service

Learning Path

For New Contributors

1. Set up development environment (this guide)
2. Read architecture documentation
3. Run the test suite to understand coverage
4. Pick a "good first issue" from GitHub
5. Submit your first PR

For Regular Contributors

1. Understand the codebase deeply
2. Review others' PRs to learn
3. Propose new features via issues
4. Help with documentation
5. Mentor new contributors

Next Steps

• Join Discord Community
• Browse Open Issues
• Read API Documentation
• View Support Guide

Thank you for contributing to Sirius Scan! Your efforts help make security scanning accessible to everyone.