|
MyVuln is the public-safe product hub for CVE intelligence, URL analysis, Intel Feed, API v1, alerting, reports, support, and security policy. Start here: Public scope defines what belongs here. |
MyVuln'in public tarafta güvenle gösterebileceğim ürün vitrini. Canlı ürün, dokümantasyon, destek, güvenlik politikası ve public sınırlar burada durur; private kaynak kod, müşteri verisi ve operasyonel secret'lar burada yer almaz. Buradan başla: Türkçe ürün özeti README.tr.md; public/private sınırı için PUBLIC_SCOPE. |
MyVuln; güvenlik ekipleri, analistler ve operasyon tarafı için tasarlanmış çok kiracılı bir tehdit istihbaratı platformudur. CVE takibi, URL istihbaratı, Intel Feed, API entegrasyonları, uyarı akışları ve raporlama süreçlerini tek bir çalışma yüzeyinde toplar.
Canlı ürün: https://myvuln.io/
Canlı dokümantasyon: https://myvuln.io/docs
Bu repo kaynak kod deposu değildir. MyVuln'in public vitrin, destek, güvenlik politikası ve yayın notları yüzeyidir. Private kaynak kod, Supabase migration'ları, operasyon SQL'leri, iç güvenlik kayıtları, müşteri/tenant verileri ve secret içeren hiçbir dosya burada tutulmaz.
MyVuln is a multi-tenant threat intelligence platform for security teams, analysts, and operational workflows. It brings CVE tracking, URL intelligence, Intel Feed review, API integrations, alerting, exports, and reporting into a single product surface.
Live product: https://myvuln.io/
Live documentation: https://myvuln.io/docs
This is not the source-code repository. This public repository is the safe product hub for MyVuln: overview, support, security policy, and public release notes. Source code, Supabase migrations, operational SQL, internal security records, customer/tenant data, and secrets stay private.
| Need | Start with | Public-safe outcome |
|---|---|---|
| myvuln.io and myvuln.io/docs | Product capabilities, operator workflows and integration boundaries are clear. | |
| Public API v1 summary | External automation paths stay limited to the documented /api/v1/* contract. |
|
| Public scope | Source code, operational SQL, tenant data and secrets remain out of the public tree. | |
| Security policy | Disclosure moves through the private channel instead of public issues. | |
| Support policy | Redacted, high-signal context replaces logs, tokens, tenant data or private screenshots. |
|
CVE, URL, and signal review workflows for analyst triage and investigation tracking. TR: CVE, URL ve sinyal inceleme süreçleri için analist odaklı çalışma alanı. |
Operational feed surface for signal review, enrichment, deduplication, and handoff. TR: Sinyal inceleme, zenginleştirme, tekrar azaltma ve aksiyon aktarımı için operasyonel feed. |
|
API-key protected integration surface for approved security automation and reporting flows. TR: Onaylı otomasyon ve raporlama akışları için API-key korumalı entegrasyon yüzeyi. |
SMTP, webhook, in-app alerts, exports, and report generation for security operations. TR: SMTP, webhook, uygulama içi uyarı, export ve rapor üretimi. |
The public product docs at myvuln.io/docs describe the current public surface for operators and integrators. This repository mirrors only safe, high-level summaries and links back to the live docs for the active product contract.
myvuln.io/docs üzerindeki canlı ürün dokümantasyonu operatör ve entegrasyon ekipleri için güncel public yüzeyi anlatır. Bu repo yalnızca güvenli, üst seviye özetleri tutar ve aktif ürün sözleşmesi için canlı dokümantasyona yönlendirir.
| Public surface | What it covers | Türkçe |
|---|---|---|
| Intelligence workspace | CVE dashboard, CVE database, IoC database, USOM intelligence, Intel Feed, Intelligence Terminal. | CVE paneli, CVE veritabanı, IoC veritabanı, USOM istihbaratı, Intel Feed ve Intelligence Terminal. |
| Public API v1 | CVE feed/search, URL feed/search, SIEM/webhook dispatch. | CVE feed/search, URL feed/search ve SIEM/webhook aktarımı. |
| Operations | World Threat Map, reports, analytics, system logs, SMTP and webhook alert routing. | World Threat Map, raporlar, analitik, sistem logları, SMTP ve webhook uyarı akışı. |
| Administration | Team management, role boundaries, API key lifecycle, account controls. | Ekip yönetimi, rol sınırları, API key yaşam döngüsü ve hesap kontrolleri. |
See also:
| Area | English | Türkçe |
|---|---|---|
| Intelligence | CVE and URL intelligence workflows for analyst teams. | Analist ekipleri için CVE ve URL istihbaratı akışları. |
| Triage | Review queues, status tracking, enrichment, and reporting handoff. | İnceleme kuyrukları, durum takibi, zenginleştirme ve raporlama aktarımı. |
| Integrations | API v1, alerting, webhook, SMTP, and export workflows. | API v1, uyarı, webhook, SMTP ve export iş akışları. |
| Governance | Private source, public-safe docs, coordinated vulnerability reporting. | Private kaynak, public-safe dokümantasyon, koordineli zafiyet bildirimi. |
The external integration contract is limited to /api/v1/*. Public docs currently cover:
| Method | Endpoint | Purpose |
|---|---|---|
| GET | /api/v1/feed/cves |
Normalized CVE feed with filtering and pagination. |
| GET | /api/v1/search/cves |
Analyst-oriented CVE search with relevance ordering. |
| GET | /api/v1/feed/urls |
URL/domain indicator feed with deduplication controls. |
| GET | /api/v1/search/urls |
URL/domain search for investigation workflows. |
| POST | /api/v1/integrations/siem/dispatch |
Splunk, Sentinel, or generic webhook dispatch flow. |
Authentication, limits, response headers, and response examples are documented in the live docs: myvuln.io/docs.
|
Next.js 16, React 19, TypeScript, dashboard-first interface design. |
Supabase-backed private implementation with server-side boundaries. |
Tenant-aware design, API-key integration boundary, RBAC, private disclosure path. |
| Published here | Private by design |
|---|---|
| Product overview and public positioning | Application source code |
| TR/EN public documentation | Environment files and credentials |
| Security disclosure policy | Supabase schema, migrations, and operational SQL |
| Support and issue templates | Internal threat models and hardening records |
| Non-sensitive release notes | Production logs, screenshots, tenant data, customer data |
| Public-safety validation script | API keys, signing keys, tokens, cookies |
The private MyVuln development repository remains private. Public issues and pull requests must not contain source code, schema details, exploit steps, secrets, tenant/customer data, or production evidence.
MyVuln private kaynak reposu private kalır. Public issue veya pull request içinde kaynak kod, schema detayı, exploit adımı, secret, tenant/müşteri verisi veya production kanıtı paylaşılmaz.
Security reports must follow SECURITY.md. Do not publish vulnerability details in public issues.
Güvenlik bildirimleri SECURITY.md üzerinden ilerlemelidir. Zafiyet detayları public issue içinde paylaşılmamalıdır.
myvuln/
README.md Public TR/EN product showcase
SECURITY.md Coordinated vulnerability reporting policy
SUPPORT.md Public-safe support guidance
CHANGELOG.md Public-safe change log
docs/
API_V1.md Public API v1 summary linked to live docs
CAPABILITIES.md Public product capability map
PUBLIC_SCOPE.md Public/private boundary rules
SECURITY_AND_PRIVACY.md High-level security and privacy posture
RELEASE_NOTES.md Public release-note template
scripts/
validate-public-repo.mjs Leak-prevention guard for this public repo
Run before every commit:
npm run validateRecommended public release gate:
npm run validate
gitleaks detect --source . --redact --exit-code 1
git diff --cached --checkThe validator blocks sensitive paths, environment files, private source directories, operational security records, binary-like files, and common secret patterns.
| Destination | Link |
|---|---|
| Live product | myvuln.io |
| Live docs | myvuln.io/docs |
| Public API v1 summary | docs/API_V1.md |
| Capabilities | docs/CAPABILITIES.md |
| Security policy | SECURITY.md |
| Support policy | SUPPORT.md |
| Public scope | docs/PUBLIC_SCOPE.md |
| Security and privacy | docs/SECURITY_AND_PRIVACY.md |
| Public release notes | docs/RELEASE_NOTES.md |