Skip to main content

Architecture Overview

OWASP Nest is a full-stack application built with modern web technologies and follows a containerized microservices architecture for both development and production environments.

Technology Stack

Backend Stack

Python 3.13

Modern Python with latest language features and performance improvements

Django 6.0

High-level Python web framework with batteries included

Django Ninja

Fast, modern REST API framework built on top of Django

Strawberry GraphQL

Code-first GraphQL library for Python with Django integration

PostgreSQL + pgvector

Relational database with vector similarity search for AI features

Redis

In-memory cache and message broker for background jobs

Django RQ

Redis Queue integration for asynchronous task processing

Gunicorn

Production WSGI HTTP server

Frontend Stack

Next.js 16

React framework with server-side rendering and app router

TypeScript

Type-safe JavaScript for enhanced developer experience

React 19

Latest React with concurrent features and improved hooks

Tailwind CSS 4

Utility-first CSS framework for rapid UI development

HeroUI

React component library built on Tailwind CSS

Apollo Client

GraphQL client with caching and state management

React Leaflet

Interactive maps for OWASP chapter locations

ApexCharts

Modern charting library for data visualization

External Services

Algolia

Fast, typo-tolerant search for projects, issues, and users

GitHub API

Sync OWASP organization data, repositories, and issues

Slack

NestBot integration for community communication

OpenAI

AI-powered issue summaries and contribution suggestions

Sentry

Real-time error tracking and performance monitoring

Backend Architecture

Django Apps Structure

The backend is organized into Django apps, each responsible for a specific domain: 
backend/apps/
├── ai/              # AI agent, RAG, vector embeddings
├── api/             # REST and GraphQL API endpoints
├── common/          # Shared utilities and base classes
├── core/            # Core Django settings and WSGI
├── github/          # GitHub data models and sync logic
├── mentorship/      # Mentorship program features
├── nest/            # Nest-specific models and features
├── owasp/           # OWASP projects, chapters, committees
├── sitemap/         # Dynamic sitemap generation
└── slack/           # NestBot commands and event handlers
AI & Machine Learning
  • LangChain agent for natural language queries
  • RAG (Retrieval-Augmented Generation) system
  • Vector embeddings with pgvector
  • OpenAI integration for summaries and suggestions
  • Document chunking and context extraction

Database Schema

The application uses PostgreSQL with the following key models:
  • GitHubOrganization - OWASP and related organizations
  • GitHubRepository - Project repositories
  • GitHubIssue - Contribution opportunities
  • GitHubUser - Contributor profiles
  • GitHubPullRequest - Code contributions
  • Project - OWASP projects with metadata
  • Chapter - Geographic chapters
  • Committee - OWASP committees
  • Event - Conferences and meetups
  • Sponsor - Corporate sponsors
  • Embedding - Vector embeddings for semantic search
  • Context - Document contexts for RAG
  • Chunk - Text chunks for AI processing
  • Mentor - Mentor profiles
  • Mentee - Mentee profiles
  • MentorshipAssignment - Mentor-mentee relationships

Configuration Classes

Django settings are organized using django-configurations: 
backend/settings/
├── base.py         # Shared settings
├── local.py        # Local development (DEBUG=True)
├── test.py         # Test environment
├── e2e.py          # End-to-end tests
├── fuzz.py         # Fuzz testing
├── staging.py      # Staging environment
├── production.py   # Production environment
└── graphql.py      # GraphQL schema settings
Configuration is selected via the DJANGO_CONFIGURATION environment variable.

API Design

Django Ninja REST APIBase URL: /api/v0/Key endpoints:
  • /api/v0/projects/ - Project listing and search
  • /api/v0/chapters/ - Chapter information
  • /api/v0/committees/ - Committee data
  • /api/v0/issues/ - Contribution opportunities
  • /api/v0/users/ - User profiles
Features:
  • Automatic OpenAPI schema generation
  • Request/response validation with Pydantic
  • Built-in filtering and pagination
  • JWT authentication support

Frontend Architecture

Next.js App Structure

frontend/src/
├── app/                    # Next.js 16 app router
│   ├── about/             # About pages
│   ├── api/               # API routes (auth, etc.)
│   ├── chapters/          # Chapter pages
│   ├── committees/        # Committee pages
│   ├── community/         # Community pages
│   ├── projects/          # Project pages and dashboard
│   └── layout.tsx         # Root layout
├── components/            # React components
│   ├── ui/               # Reusable UI components
│   ├── icons/            # Icon components
│   └── ...               # Feature components
├── hooks/                # Custom React hooks
├── server/               # Server-side utilities
├── types/                # TypeScript type definitions
├── utils/                # Client utilities
└── wrappers/             # Component wrappers

Data Fetching Strategy

Next.js Server ComponentsUsed for static/SSR pages:
  • Project listings
  • Chapter directories
  • Public profiles
Benefits:
  • Zero client-side JavaScript
  • SEO-friendly
  • Fast initial page load

Authentication Flow

Deployment Architecture

Docker Compose Services

Local Development (docker-compose/local/compose.yaml)Services:
  • backend - Django with hot reload
  • frontend - Next.js with Turbopack
  • db - PostgreSQL with pgvector
  • cache - Redis
  • worker - RQ worker with scheduler
  • docs - MkDocs documentation server
Volumes:
  • Source code mounted for live editing
  • Database persisted in Docker volume
  • Poetry/pnpm dependencies cached

Build Process

1

Backend Build

FROM python:3.13-slim
RUN poetry install --without dev
RUN python manage.py collectstatic
2

Frontend Build

FROM node:24-alpine
RUN pnpm install --frozen-lockfile
RUN pnpm run build
3

Image Scanning

  • Trivy for vulnerability scanning
  • Semgrep for security patterns
  • SBOM generation with CycloneDX
4

Deployment

  • Push images to ECR
  • Update ECS task definitions
  • Run database migrations
  • Deploy to production

Performance Optimizations

Caching

  • Redis for session storage
  • Django cache framework
  • API response caching
  • CDN edge caching

Database

  • Connection pooling
  • Query optimization with select_related
  • Database indexes on foreign keys
  • pgvector for semantic search

Frontend

  • Next.js Image optimization
  • Code splitting and lazy loading
  • Bundle size monitoring
  • Tree shaking unused code

API

  • GraphQL DataLoader for batching
  • Request throttling
  • Pagination on large datasets
  • Gzip compression

Security Architecture

  • OAuth 2.0 with GitHub
  • NextAuth.js session management
  • Django user permissions
  • Role-based access control (RBAC)
  • JWT tokens for API authentication
  • CSRF tokens for state-changing requests
  • CORS headers configured per environment
  • SameSite cookie attributes
  • Secure cookie flags in production
  • Environment variables for secrets
  • AWS Secrets Manager in production
  • GitHub encrypted secrets in CI/CD
  • No secrets in source code
  • Semgrep for SAST
  • Trivy for dependency vulnerabilities
  • ZAP for DAST
  • Snyk continuous monitoring
  • GitHub Advanced Security

Monitoring & Observability

Error Tracking

Sentry for both backend and frontend error monitoring with:
  • Real-time error alerts
  • Stack traces and breadcrumbs
  • Release tracking
  • Performance monitoring

Application Tracing

AWS X-Ray for distributed tracing:
  • Request flow visualization
  • Latency analysis
  • Service map
  • Bottleneck identification

Logs

Centralized logging with:
  • CloudWatch Logs
  • Structured JSON logging
  • Log retention policies
  • Query and analysis tools

Metrics

CloudWatch metrics for:
  • CPU and memory usage
  • Request rates and latency
  • Database connections
  • Cache hit rates

Next Steps

Backend Development

Learn about Django backend development

Frontend Development

Learn about Next.js frontend development

Build docs developers (and LLMs) love

Get started for freeTalk to us