<h1 align="center"> 🐛 OWASP BLT </h1> <h3 align="center">Bug Logging Tool - Gamified Crowd-Sourced QA Testing & Vulnerability Disclosure</h3> <p align="center"> <strong>A gamified platform for discovering and reporting bugs across websites, applications, Git repositories, and more.</strong> </p> <p align="center"> <a href="https://legacy.owaspblt.org">🌐 Website</a> • <a href="https://github.com/OWASP-BLT/BLT/blob/main/CONTRIBUTING.md">📖 Contributing Guide</a> • <a href="https://owasp.org/slack/invite">💬 Join Slack</a> • <a href="https://github.com/OWASP-BLT/BLT/issues">🐛 Report Bug</a> </p>

📊 Project Stats

🎯 What is OWASP BLT?

OWASP BLT (Bug Logging Tool) is a gamified crowd-sourced QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more.

The platform helps coders and security researchers discover organizations, repositories, and projects to test and report to, making it easier to find meaningful security work and contribute to the community.

Our team has created dozens of open-source tools to assist in our main vision, including tools specific to the OWASP foundation. We embrace the AI revolution and have developed AI-powered tools and processes for efficient coding in harmony between humans and AI.

Built by the community for the community, BLT makes it easy for security researchers, developers, and organizations to collaborate on finding and fixing vulnerabilities.

✨ Key Features

🔍 QA Testing & Vulnerability Disclosure - Discover and report bugs across websites, apps, git repositories, and projects
🗺️ Discover Testing Opportunities - Find organizations, repositories, and projects to test and report to
🏆 Rewards & Recognition - Earn rewards, badges, and recognition for your contributions to software quality and security
👥 Crowd-Sourced Testing - Join a vibrant community of testers, security researchers, and developers
🎮 Gamification - Leaderboards, challenges, and competitions to make testing engaging and rewarding
💰 Staking System - Innovative blockchain-based reward system for contributors
🤖 AI-Powered Tools - Leverage AI for efficient coding, PR reviews, issue generation, and similarity scanning
📊 Comprehensive Dashboard - Track your progress, statistics, and impact across all platforms
🌐 Open Source Ecosystem - Dozens of open-source tools supporting our mission
🛡️ OWASP Project - Part of the Open Worldwide Application Security Project family

🚀 Quick Start

Prerequisites

Python 3.11.2+
PostgreSQL
Docker & Docker Compose (recommended)

Installation

Using Docker (Recommended)

# Clone the repository
git clone https://github.com/OWASP-BLT/BLT.git
cd BLT

# Configure environment
windows(powershell/command prompt): copy .env.example .env
Mac/Linux/Git Bash: cp .env.example .env

# Build and start
docker-compose build
docker-compose up

Access the application at http://localhost:8000

Docker Desktop (Windows)

This project uses Linux containers.

On modern Docker Desktop (WSL 2–based), Linux containers are enabled by default. You may not see a “Switch to Linux containers” option in the Docker tray menu — this is expected.

If Docker Desktop is running and the following command shows OSType: linux, then your setup is correct and no additional action is required:

docker info | findstr OSType

Using Poetry

# Install Poetry
pip install poetry

# 1. Install dependencies first (Creates the virtual environment)
poetry install

# 2. Activate the virtual environment
poetry shell


#### Beginner-Friendly Non-Docker Setup (Codespaces for Windows Beginners)

Docker/virtualization issues on Windows? Use Poetry + SQLite in GitHub Codespaces (free cloud VS Code—no local compilation/virtualization problems!).

1. Create Codespace on main branch.
2. `cp .env.example .env`
3. `poetry install` (add `poetry run pip install psutil` if errors)
4. Edit `.env`:
   - `DATABASE_URL=sqlite:///db.sqlite3`
   - Add `SECRET_KEY=bengaluru2026-sharanyaa-random!@#`
   - Comment Postgres lines with `#`
   - Dummy: `OPENAI_API_KEY=dummy`
   - Keep `DEBUG=True`
5. `poetry run python manage.py migrate`
6. `poetry run python manage.py createsuperuser`
7. Run on free port: `poetry run python manage.py runserver 0.0.0.0:8001`
8. Open port 8001 in Ports tab.

Tested by complete beginner Sharanyaa from Bengaluru—app running perfectly in Codespaces on January 14, 2026! 🚀

# Set up database
python manage.py migrate
python manage.py loaddata website/fixtures/initial_data.json
python manage.py createsuperuser

# Run the server
python manage.py runserver

For detailed setup instructions, see our Contributing Guide.

Beginner-Friendly Non-Docker Setup (Codespaces for Windows Beginners)

Docker/virtualization issues on Windows? Use Poetry + SQLite in GitHub Codespaces (free cloud—no local problems!).

Create Codespace on main branch.
cp .env.example .env
poetry install (add poetry run pip install psutil if "ModuleNotFound" errors)
Edit .env:
- DATABASE_URL=sqlite:///db.sqlite3
- Add SECRET_KEY=your-random-bengaluru2026!@#
- Comment Postgres lines with #
- Dummy keys: OPENAI_API_KEY=dummy
- Keep DEBUG=True

Optional CSRF fix in blt/settings.py: Set ALLOWED_HOSTS = ['*'] and add:

CSRF_TRUSTED_ORIGINS = [
    'https://*.github.dev',
    'https://*.app.github.dev',
    'http://localhost:*',
]

🤝 Contributing

We welcome contributions from everyone! Whether you're fixing bugs, adding features, improving documentation, or spreading the word, your help is appreciated.

📚 Read our Contributing Guide
🐛 Check out open issues
💡 Look for issues tagged with good first issue if you're new
🎨 Follow our coding standards (Black, isort, ruff)
✅ Run pre-commit before submitting changes

📊 GitHub Action Leaderboard

Our repository uses an automated leaderboard bot to recognize and gamify contributions. When you open a pull request, a leaderboard comment is automatically posted showing your monthly ranking compared to other contributors.

How It Works

The leaderboard bot runs automatically on every new pull request using GitHub Actions. It:

Collects Monthly Statistics - Aggregates contribution data for the current month (UTC timezone)
Calculates Points - Awards points based on various contribution types
Ranks Contributors - Sorts users by total points, with tiebreakers
Posts Leaderboard - Comments on the PR showing the contributor's rank and nearby competitors

Scoring System

The leaderboard awards points based on these contribution types:

| Activity | Points | Notes | |----------|--------|-------| | Open PR | +1 per PR | All currently open PRs (repo-wide, no scoring cap; new PRs blocked if 50+ open) | | Merged PR | +10 per PR | PRs merged during the current month | | Closed PR (not merged) | -2 per PR | PRs closed without merging during the current month | | Code Review | +5 per review | First two reviews per PR, where the review was submitted during the current month | | Comments | +2 per comment | Issue/PR comments during the current month (excludes comments that mention @coderabbitai) | | CodeRabbit Discussions | Configurable | See below for details |

Total Score Formula:

Total = (Open PRs × 1) + (Merged PRs × 10) + (Closed PRs × -2) + (Reviews × 5) + (Comments × 2) + CodeRabbit Bonus

Ranking Logic

Contributors are sorted by:

Total points (highest first)
Number of merged PRs (tiebreaker)
Number of reviews (second tiebreaker)
Alphabetical order (final tiebreaker, case-insensitive)

Top 3 contributors receive medal emojis: 🥇 🥈 🥉

CodeRabbit Discussion Tracking

The bot tracks discussions with CodeRabbit AI to encourage thoughtful code review engagement. This feature is configurable:

Environment Variables:

CR_DISCUSSION_MODE: How to handle CodeRabbit discussions
- visible (default): Shows discussion count in leaderboard table
- hidden: Coun

BLT

Install / Use

README