SafeStack Backend is a Spring Boot application that powers the SafeStack platform — an AI-powered security automation tool that fetches repositories from GitHub, scans for vulnerabilities (CVEs), and integrates with developer workflows (Jira and Slack).

• 🔑 GitHub OAuth2 Authentication – Secure login with GitHub.
• 📂 Repository Fetching – Fetches all GitHub repositories owned by the authenticated user.
• 🔍 CVE Scanning – Endpoints for scanning repositories and detecting vulnerabilities.
• 🔍 Vector Search enabled dependency information search
• ⚙️ Integrated with Jira and Slack – Created Jira tickets for CVEs and alerts teams for vulnerabilities on Slack.

safestack/
├── src/
│ ├── client/ # Web clients for calling external APIs
│ ├── config/ # Web client and Security config
│ ├── controller/ # Endpoints for ingesting CVEs, fetching and scannning repos, jira and slack integration
│ ├── dto/ # DTOs for API responses
│ ├── model/ # Java models to parse API responses
│ ├── repository/ # Repositories for storing CVEs, dependencies, Jira and Slack integration in TiDB
│ ├── service/ # Services for scanning and fixing vulnerabilities, Vector-based CVE information search, Jira and Slack integration
│ └── util/ # Utility classes for dependency parsing, etc
├── resources/
│ └── application.properties # Configuration for GitHub, TiDB, Gemini
├── build.gradle
└── .gitlab-ci.yml

• Java 17
• Spring Boot 3.x
• Gradle
• TiDB
• Gemini 2.0 Flash

git clone https://github.com/vanichitkara/safestack-backend.git
cd safestack-backend

Create a GitHub OAuth App in your account/org:

• Homepage URL: http://localhost:5173 (or your frontend URL)
• Authorization callback URL: http://localhost:8080/login/oauth2/code/github

Create GitHub Personal Access Token (PAT) for automated PR creation

Then set these environment variables:

export GITHUB_CLIENT_ID=your-client-id
export GITHUB_CLIENT_SECRET=your-client-secret
exporrt GITHUB_TOKEN=your-github-pat

• Create a free account at TiDB Cloud
• Create a new cluster
• Create SQL databases under new project
• Get your connection string, username and password

# TiDB Configuration
export TIDB_HOST='YOUR_TIDB_HOST'
export TIDB_PORT=4000
export TIDB_USER='YOUR_TIDB_USER_NAME'
export TIDB_PASSWORD='YOUR_TIDB_PASSWORD'
export TIDB_DB_NAME='safestack'

• Go to Google AI Studio
• Create a new API key
• Copy the key for use in your environment variables

# Gemini AI Configuration
export GEMINI_API_KEY="your-gemini-api-key-here"
export GEMINI_BASE_URL="https://generativelanguage.googleapis.com/v1beta"

• Create Jira project and create an API token.
• Create a slack workspace and a dedicated channel for receiving alerts

./gradlew bootRun

• Developer teams managing complex GitHub projects and are frustrated with managing endless CVEs for multiple dependencies.

SafeStack is not just a monitor—it's an intelligent assistant for your projects. It identifies, fixes, explains, and alerts teams, so you're always up to date and your applications are secure

Feel free to suggest features, submit bug reports, or improve the component. This is an open tool aimed at improving DevOps productivity.

This project is licensed under the MIT License.