# DApp Norris ### Revolutionizing Web Security with Automated Dependency Checks In the dynamic world of web development, securing applications against vulnerabilities is a paramount yet challenging task. Our innovative solution DApp Norris transforms this landscape with an automated GitHub action that simplifies and strengthens the security of Node.js-based web applications. **The Concept:** Our tool integrates directly into the GitHub workflow, targeting the package.lock file in open-source projects. Upon each production branch build, it automatically scans dependencies and cross-references them against a comprehensive database of known vulnerabilities. This proactive approach identifies potential security risks, ensuring developers are immediately aware of any threats. **Core Functionality:** The heart of our system lies in its backend intelligence. Here, the commit hash (if available) is saved together with a list of dependencies from the package.lock file. These are checked against an official list detailing vulnerabilities. Finally, a report is generated - per production commit that got built. We can then issue a 'proof' that gets saved with the domain of the deployed app. The report and proof is a testament to the project's security status at a specific point in time, enhancing transparency and trust. **User-Centric Design:** The results are displayed in a fun and customizable way with a widget on the final website, which makes the information accessible to end-users. This feature not only underscores the project's commitment to security but also elevates user confidence. Developers benefit from an efficient, automated process that seamlessly blends into their existing workflow, saving time and resources while ensuring their applications remain secure against the ever-evolving landscape of cyber threats. **The Outcome:** This tool is more than just a security check; it's a commitment to maintaining the highest standards of web application security. It empowers developers, reassures users, and sets a new benchmark in the proactive management of web vulnerabilities.
Last changed by  
geleeroyale
27

Read more

The History of Giveth

Giveth has a rich history, from humble beginnings to grand visions, building the Future of Giving. Here we share our story in hopes of inspiring other communities that want to work in a decentralized way. 2020 December Amin was able to make Giveth TRACE beautiful, functional and stable within the last year - and now assembles a team of rockstars to help him make it even better. There are two distinct teams now, working on two distinct DApps. Dani brings in a bunch of enthusiastic people to build out the Community and Communications Circles. Giveth is now in "full swing" again. July The pace is picking up again. The first design phases for "Giveth 2"(Giveth.io) are finished by Marko.

8/18/2021
DEV Call

Sunday and Wednesday 17:00 CET (Berlin) // set up as weekly Share DEV progress GitHub issue cleaning (process new issues, look at in progress and assign, review review and QA, close done issues) Saturday: Plan weekly sprint (what issues, projection and time commitment) Wednesday: Evaluate sprint progress and talk about implementation details and pain points Notes for DEV CALL 2021/06/02 Update from Kay: ready to push to live

6/2/2021
Impact Graph

Setup a new deployment Fork and install impact-graph Setup .env file Install pm2 Point a domain to your server

12/3/2020
Untitled

Your giveth.io email backup You need to send me a password for your zoho mail. Depending on the settings of your Zoho account, this is either a static password that you can just PM me, or if you set up stronger security it might be like this: click settings click change password go to application specific passwords and click Generate New Password

12/2/2020
Read more from geleeroyale
Published on HackMD