Skip to main content

What is ShipSec Studio?

ShipSec Studio is an open-source, no-code security workflow orchestration platform. Build, execute, and monitor security automation workflows through a visual interface — focus on security, not infrastructure.

System Overview

┌────────────────────────────────────────────────────────────────────────┐
│                              FRONTEND                                  │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐    │
│  │   Visual    │  │  Terminal   │  │  Timeline   │  │   Config    │    │
│  │   Builder   │  │   Viewer    │  │   Replay    │  │    Panel    │    │
│  │ (ReactFlow) │  │  (xterm.js) │  │  (Zustand)  │  │  (Forms)    │    │
│  └─────────────┘  └─────────────┘  └─────────────┘  └─────────────┘    │
└───────────────────────────────────┬────────────────────────────────────┘
                                    │ REST API + Unified SSE
┌───────────────────────────────────▼─────────────────────────────────────┐
│                               BACKEND                                   │
│  ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐       │
│  │Workflows │ │ Secrets  │ │ Storage  │ │  Trace   │ │  Auth    │       │
│  │  + DSL   │ │(AES-256) │ │ (MinIO)  │ │ Events   │ │ (Clerk)  │       │
│  └──────────┘ └──────────┘ └──────────┘ └──────────┘ └──────────┘       │
│  ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐       │
│  │ Webhooks │ │Schedules │ │ Agents   │ │Human     │ │Integr-   │       │
│  │          │ │ (CRON)   │ │          │ │Inputs    │ │ations    │       │
│  └──────────┘ └──────────┘ └──────────┘ └──────────┘ └──────────┘       │
└───────────────────────────────────┬─────────────────────────────────────┘
                                    │ Temporal Client
┌───────────────────────────────────▼─────────────────────────────────────┐
│                              TEMPORAL                                   │
│            Workflow Orchestration • Retry Logic • Durability            │
└───────────────────────────────────┬─────────────────────────────────────┘
                                    │ Activity Execution
┌───────────────────────────────────▼─────────────────────────────────────┐
│                               WORKER                                    │
│  ┌─────────────────────────────────────────────────────────────────┐    │
│  │                    COMPONENT REGISTRY                           │    │
│  │  ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐            │    │
│  │  │  Tools   │ │    AI    │ │  Human   │ │   Core   │            │    │
│  │  │(Security)│ │  Agents  │ │ in Loop  │ │  Utils   │            │    │
│  │  └──────────┘ └──────────┘ └──────────┘ └──────────┘            │    │
│  └─────────────────────────────────────────────────────────────────┘    │
│  ┌─────────────────────────────────────────────────────────────────┐    │
│  │                      SERVICE ADAPTERS                           │    │
│  │  Secrets │ Storage │ Artifacts │ Trace │ Terminal │ Logs        │    │
│  └─────────────────────────────────────────────────────────────────┘    │
└─────────────────────────────────────────────────────────────────────────┘

┌───────────────────────────────────▼─────────────────────────────────────┐
│                           INFRASTRUCTURE                                │
│  ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐       │
│  │PostgreSQL│ │  MinIO   │ │  Redis   │ │Redpanda  │ │   Loki   │       │
│  │  (Data)  │ │ (Files)  │ │(Terminal)│ │ (Kafka)  │ │  (Logs)  │       │
│  └──────────┘ └──────────┘ └──────────┘ └──────────┘ └──────────┘       │
└─────────────────────────────────────────────────────────────────────────┘

Technology Stack

LayerStack
FrontendReact 19, TypeScript, Vite, TailwindCSS, Radix UI, ReactFlow, xterm.js, Zustand
BackendNestJS, TypeScript, Bun, Drizzle ORM, Clerk Auth
WorkerNode.js, TypeScript, Temporal SDK, Docker
InfrastructurePostgreSQL 16, Temporal, MinIO, Redis, Redpanda (Kafka), Loki

Core Deep-Dives

To keep this guide concise, complicated subsystems are documented in their own dedicated files:

Component Categories

Components are the building blocks of workflows:
CategoryDescriptionExamples
securitySecurity scanning and enumeration toolsSubfinder, DNSX, Nuclei, Naabu, HTTPx, TruffleHog
aiAI/ML and agent componentsLLM Generate, AI Agent, MCP Providers
coreUtility and data processingHTTP Request, File Loader, Logic Script, JSON Transform
notificationAlerts and messagingSlack, Email
manual-actionHuman-in-the-loopApprovals, Forms, Selection
githubGitHub integrationsRemove Org Membership

Security Architecture

Authentication & Multi-tenancy

  • Clerk Integration — Production-ready authentication for hosted environments.
  • Local Auth — Default for local setup using ADMIN_USERNAME / ADMIN_PASSWORD.
  • Organization Isolation — All data scoped by organization_id.

Secrets Management

  • AES-256-GCM encryption at rest.
  • Versioned secrets with active/inactive tracking.
  • Master key via SECRET_STORE_MASTER_KEY environment variable.

Container Isolation

  • IsolatedContainerVolume — Per-tenant, per-run Docker volumes. See Isolated Volumes.
  • Network isolation — Components run with network: none or bridge.
  • Automatic cleanup — Volumes destroyed after execution.

Development URLs

ServiceURL
Frontendhttp://localhost:5173
Backend APIhttp://localhost:3211
Temporal UIhttp://localhost:8081
MinIO Consolehttp://localhost:9001
Redpanda Consolehttp://localhost:8082
Lokihttp://localhost:3100

Learn More

  • Component Development: /development/component-development
  • Getting Started: /getting-started