Skip to main content
Thank you for your interest in contributing to VulnTrack! This guide will help you get started.

About VulnTrack

VulnTrack is an open source vulnerability management platform licensed under the MIT License. We welcome contributions from security professionals, developers, and the broader community.
VulnTrack is maintained by OG DMERLIN and the community. All contributions are valued, whether they’re bug reports, documentation improvements, or code contributions.

Code of Conduct

We are committed to providing a welcoming and inspiring community for all. By participating in this project, you agree to:
  • Be respectful and inclusive
  • Accept constructive criticism gracefully
  • Focus on what is best for the community
  • Show empathy towards other community members

Ways to Contribute

Report Bugs

Found a bug? Open a GitHub Issue with detailed reproduction steps.

Suggest Features

Have an idea? Share it in GitHub Discussions or open a feature request.

Submit Code

Write code to fix bugs, add features, or improve performance.

Improve Docs

Help make documentation clearer, fix typos, or add examples.

Write Guides

Contribute to VulnTrack Research blog with technical guides.

Create Integrations

Build integrations with security tools and share with the community.

Getting Started

1. Fork and Clone

1

Fork the Repository

Visit github.com/ogdmerlin/vulntrack and click the Fork button.
2

Clone Your Fork

git clone https://github.com/YOUR_USERNAME/vulntrack.git
cd vulntrack
3

Add Upstream Remote

git remote add upstream https://github.com/ogdmerlin/vulntrack.git

2. Set Up Development Environment

1

Install Dependencies

npm install
2

Configure Environment

cp .env.example .env
Edit .env with your local database credentials.
3

Initialize Database

npx prisma generate
npx prisma db push
npx prisma db seed
4

Start Development Server

npm run dev
Visit http://localhost:3000 to verify setup.

3. Create a Branch

Always create a new branch for your work: 
git checkout -b feature/your-feature-name
Branch Naming Conventions:
  • feature/ - New features
  • fix/ - Bug fixes
  • docs/ - Documentation changes
  • refactor/ - Code refactoring
  • test/ - Test additions or modifications

Development Guidelines

Code Style

VulnTrack follows standard TypeScript and React conventions:
  • Use TypeScript for type safety
  • Follow ESLint rules (run npm run lint)
  • Use functional components with hooks
  • Keep components small and focused
  • Write self-documenting code with clear names
Run npm run lint before committing to catch common issues.

Testing

While comprehensive test coverage is a work in progress, contributors should:
  • Test changes manually in the browser
  • Verify database operations complete successfully
  • Test with different user roles (Admin, Analyst, Viewer)
  • Check responsive design on multiple screen sizes
  • Verify dark mode compatibility

Database Changes

If your contribution modifies the database schema:
  1. Update the Prisma schema (prisma/schema.prisma)
  2. Create a migration: 
    npx prisma migrate dev --name your_migration_name
  3. Update seed data if necessary (prisma/seed.js)
  4. Document the schema change in your PR
Database migrations should be backward compatible when possible. Breaking changes require discussion in the PR.

Security Considerations

VulnTrack handles sensitive security data. When contributing:
  • Never commit secrets or credentials
  • Use parameterized queries (Prisma handles this)
  • Validate and sanitize user input
  • Implement proper authorization checks
  • Follow OWASP secure coding practices
  • Report security vulnerabilities privately (see Security Policy)

Contribution Workflow

1. Make Your Changes

  • Write clean, well-documented code
  • Follow existing code style and patterns
  • Add comments for complex logic
  • Update documentation if needed

2. Commit Your Changes

Write clear, descriptive commit messages: 
git add .
git commit -m "feat: add STRIDE threat category filtering"
Commit Message Format: 
type: short description

[optional longer description]

[optional footer]
Types:
  • feat: - New feature
  • fix: - Bug fix
  • docs: - Documentation changes
  • style: - Code style changes (formatting, no logic change)
  • refactor: - Code refactoring
  • test: - Adding or updating tests
  • chore: - Maintenance tasks

3. Push to Your Fork

git push origin feature/your-feature-name

4. Open a Pull Request

1

Go to GitHub

Navigate to your fork on GitHub. You’ll see a prompt to create a pull request.
2

Write a Clear Description

Describe:
  • What changes you made
  • Why you made them
  • How to test the changes
  • Any breaking changes or migration notes
3

Link Related Issues

Reference any related GitHub issues:
Fixes #123
Relates to #456
4

Request Review

Tag maintainers or relevant contributors for review.

5. Respond to Feedback

Maintainers may request changes:
  • Address all feedback promptly
  • Make additional commits to your branch
  • Push updates to the same PR
  • Engage in constructive discussion
Don’t take feedback personally. The goal is to improve the project together.

Documentation Contributions

Documentation is crucial for VulnTrack’s success:

Documentation Site

The documentation site you’re reading is part of the main repository:
  • Located in docs/ directory
  • Written in MDX (Markdown with React components)
  • Built with Mintlify
To contribute:
  1. Edit MDX files in docs/
  2. Preview changes locally (if Mintlify CLI installed)
  3. Submit PR with documentation updates

VulnTrack Research Blog

Contribute technical guides to the built-in Research blog:
  • Write in MDX format
  • Include code examples and diagrams
  • Follow professional typography standards
  • Focus on educational content
Topics We’re Looking For:
  • Vulnerability analysis and case studies
  • Security framework comparisons
  • Threat modeling techniques
  • Tool integration guides

Reporting Bugs

Found a bug? Help us fix it:

Before Reporting

  • Check existing issues to avoid duplicates
  • Verify the bug on the latest version
  • Gather reproduction steps

Bug Report Template

Include in your GitHub Issue: 
## Description
Clear description of the bug.

## Steps to Reproduce
1. Go to '...'
2. Click on '...'
3. Scroll down to '...'
4. See error

## Expected Behavior
What you expected to happen.

## Actual Behavior
What actually happened.

## Environment
- VulnTrack Version: [e.g., 0.1.0]
- Node.js Version: [e.g., 20.x]
- PostgreSQL Version: [e.g., 15.x]
- OS: [e.g., Ubuntu 22.04]
- Browser: [e.g., Chrome 120]

## Screenshots
If applicable, add screenshots.

## Additional Context
Any other relevant information.

Requesting Features

Want to see a new feature in VulnTrack?

Feature Request Template

## Feature Description
Clear description of the proposed feature.

## Problem It Solves
What problem does this feature address?

## Proposed Solution
How would you implement this feature?

## Alternatives Considered
What other approaches did you consider?

## Additional Context
Mockups, examples, or related projects.
Before requesting a feature, check GitHub Discussions to see if it’s already been proposed.

Community

GitHub Discussions

Use GitHub Discussions for:
  • General questions
  • Feature ideas and brainstorming
  • Show and tell (integrations, deployments)
  • Community support

GitHub Issues

Use GitHub Issues for:
  • Bug reports
  • Confirmed feature requests
  • Documentation issues
  • Task tracking

License

By contributing to VulnTrack, you agree that your contributions will be licensed under the MIT License. 
MIT License

Copyright (c) 2025 OG DMERLIN

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
This means:
  • ✅ Commercial use allowed
  • ✅ Modification allowed
  • ✅ Distribution allowed
  • ✅ Private use allowed
  • ⚠️ No warranty provided
  • 📄 License and copyright notice required

Recognition

Contributors are recognized:
  • In the GitHub contributors list
  • In release notes for significant contributions
  • In the VulnTrack community
Thank you for helping make VulnTrack better!

Build docs developers (and LLMs) love

Get started for freeTalk to us