MCPcopy
hub / github.com/freedomofpress/securedrop

github.com/freedomofpress/securedrop @2.16.0 sqlite

repository ↗ · DeepWiki ↗ · release 2.16.0 ↗
2,477 symbols 10,065 edges 244 files 831 documented · 34%
README

SecureDrop

There are many ways to contribute to SecureDrop, and we welcome your help! By contributing to this project, you agree to abide by our Code of Conduct.

codecov Translation status Gitter

SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from, and communicate with anonymous sources. It was originally created by the late Aaron Swartz and is currently managed by the Freedom of the Press Foundation.

Project status

SecureDrop is a stable, mature project that is actively in use in newsrooms across the globe. Most feature development efforts are focused towards the SecureDrop Workstation, SecureDrop Client, and SecureDrop Protocol; see the "Future directions for SecureDrop" blog post for more information.

SecureDrop continues to receive security and bug fixes in the meantime.

Documentation

SecureDrop's end user documentation is hosted at https://docs.securedrop.org. It is maintained in a standalone repository: https://github.com/freedomofpress/securedrop-docs.

By default, the documentation describes the most recent SecureDrop release. This is known as the stable version and is recommended for end users (Sources, Journalists, or Administrators). The latest documentation is automatically built from the most recent commit to the SecureDrop documentation repository. It is most useful for developers and contributors to the project. You can switch between versions of the documentation by using the toolbar in the bottom left corner of the Read the Docs screen.

Developer documentation can be found at https://developers.securedrop.org/, maintained in https://github.com/freedomofpress/securedrop-dev-docs/.

Found an issue?

If you're here because you want to report an issue in SecureDrop, please observe the following protocol to do so responsibly:

How to Install SecureDrop

See the Installation Guide.

How to Use SecureDrop

How to Contribute to SecureDrop

See our contribution page.

Developer Quickstart

To run SecureDrop locally, ensure you have Docker installed and:

make dev

This will start the source interface on 127.0.0.1:8080 and the journalist interface on 127.0.0.1:8081. The credentials to login are printed in the Terminal. To login to the journalist interface, you must also generate a two-factor code.

To provision a Python 3 virtual environment for development:

make venv && source ./venv/bin/activate

License

SecureDrop is open source and released under the GNU Affero General Public License v3.

Wordlists

The wordlist we use to generate source passphrases come from various sources:

Acknowledgments

A huge thank you to all SecureDrop contributors! You can find a list of code and documentation contributors in the "Contributors" tab on GitHub. SecureDrop is translated into many languages by a community of volunteers; please see our Weblate instance for details. Thanks to our friends at PyUp for sponsoring a subscription to their Python security database.

Core symbols most depended-on inside this repo

get_api_headers
called by 154
securedrop/tests/utils/api_helper.py
get_default
called by 132
securedrop/store.py
login_journalist
called by 121
securedrop/tests/utils/__init__.py
exists
called by 79
admin/securedrop_admin/__init__.py
random_chars
called by 72
securedrop/tests/migrations/helpers.py
now
called by 71
securedrop/two_factor.py
random_bool
called by 64
securedrop/tests/migrations/helpers.py
wait_for
called by 62
securedrop/tests/functional/app_navigators/_nav_helper.py

Shape

Function 1,210
Method 875
Class 250
Route 142

Languages

Python97%
TypeScript3%

Modules by API surface

securedrop/tests/test_journalist.py199 symbols
securedrop/models.py85 symbols
admin/securedrop_admin/__init__.py81 symbols
securedrop/pretty_bad_protocol/_parsers.py77 symbols
securedrop/tests/test_journalist_api.py69 symbols
securedrop/tests/test_source.py60 symbols
admin/tests/test_securedrop-admin.py56 symbols
devops/demo/landing-page/webroot/assets/js/jsOTP.js55 symbols
securedrop/journalist_app/api.py44 symbols
securedrop/tests/functional/app_navigators/journalist_app_nav.py35 symbols
securedrop/pretty_bad_protocol/gnupg.py35 symbols
admin/tests/test_integration.py34 symbols

Dependencies from manifests, versioned

Flask2.0.3 · 1×
Flask-Babel1.0.0 · 1×
Flask-SQLAlchemy2.5.1 · 1×
Flask-WTF1.0.0 · 1×
Jinja23.1.6 · 1×
SQLAlchemy1.3.0 · 1×
Werkzeug2.2.3 · 1×
alembic1.1.0 · 1×
ansible8.7.0 · 1×
ansible-core2.15.13 · 1×
argon2-cffi20.1.0 · 1×
argon2_cffi20.1.0 · 1×

For agents

$ claude mcp add securedrop \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact