Hi everyone,
I’ve developed DenunzIA, an open-source platform designed for totally anonymous citizen whistleblowing and ethical intelligence. Given the sensitive nature of the data it’s meant to handle, security and anonymity are the top priorities.
The project is currently in a “ready-for-audit” state, and I would love for the community to tear it apart and help me find any potential vulnerabilities.
Technical Stack & Security Implementation:
End-to-End Encryption (E2EE): Using RSA-4096 to protect whistleblower identities.
Backend: Node.js with a focus on secure API endpoints.
Database: PostgreSQL for robust and structured data persistence.
Infrastructure: Fully Dockerized for isolated and reproducible deployments.
Frontend: React/TypeScript with client-side encryption.
What I’m looking for:
Code Audit: Specifically regarding the encryption/decryption flow in services/cryptoService.ts.
Architecture Review: PostgreSQL schema and data isolation.
Vulnerability Assessment: Any potential for leakages in the Docker configuration or API.
The goal is to provide a safe tool for social transparency. Any feedback, PRs, or “issues” reported on GitHub would be greatly appreciated.
Repository: https://github.com/denunciasiie/denunzia-v1
Thanks in advance for your time and expertise!