PostgreSQL
OWASP Nest uses PostgreSQL as its primary database. The Django ORM manages all schema changes through versioned migration files located in each app’s migrations/ directory.
Connection settings are configured through environment variables:
| Variable | Description |
|---|
DJANGO_DB_HOST | Database server hostname |
DJANGO_DB_PORT | Database server port (default 5432) |
DJANGO_DB_NAME | Database name |
DJANGO_DB_USER | Database username |
DJANGO_DB_PASSWORD | Database password |
pgvector
The pgvector PostgreSQL extension is used to store high-dimensional vector embeddings generated by OpenAI. These embeddings power the AI retrieval-augmented generation (RAG) features in the ai app, enabling semantic search over OWASP content such as projects, chapters, repositories, and Slack messages.
The pgvector Python package (pgvector = "^0.4.1") is listed as a core dependency in pyproject.toml.
Migrations
OWASP Nest uses Django’s built-in migration framework. Migrations are auto-generated from model changes and applied with manage.py migrate.
# Generate new migration files after model changes
make migrations
# Apply all pending migrations
make migrate
# Merge diverging migration branches
make merge-migrations
Never modify existing migration files that have already been applied in production. Always generate a new migration to change a schema.
Key models
OWASP app
| Model | Description |
|---|
Project | An OWASP project with level, type, leader, and health metrics. |
Chapter | A regional OWASP chapter with geographic coordinates, country, and region. |
Committee | An OWASP committee. |
Event | A scheduled OWASP event. |
Snapshot | A periodic community snapshot recording new projects, chapters, issues, releases, and members within a date range. |
Sponsor | An OWASP sponsor organization. |
MemberProfile | Extended profile data for OWASP community members. |
GitHub app
| Model | Description |
|---|
Organization | A GitHub organization (primarily the OWASP org and related orgs). |
Repository | A GitHub repository linked to an OWASP project or chapter. |
Issue | A GitHub issue with state, labels, assignees, and linked pull requests. |
PullRequest | A GitHub pull request, linked to closing issues via keywords. |
Release | A GitHub release with tag name, published date, and body. |
User | A GitHub user with login, name, and avatar. |
Label | A GitHub label. |
Milestone | A GitHub milestone. |
Nest app
| Model | Description |
|---|
User | The custom Django user model referenced by AUTH_USER_MODEL. |
ApiKey | API keys used to authenticate requests to the REST v0 API. |
Algolia search index
Alongside PostgreSQL, Algolia provides fast full-text search for the frontend. The algoliasearch-django library synchronizes model data to Algolia indices when records are saved.
Key operations:
# Re-index all data in Algolia
make index-data
python manage.py algolia_reindex
python manage.py algolia_update_replicas
python manage.py algolia_update_synonyms
Algolia indices are prefixed with the value of DJANGO_CONFIGURATION (lowercased), so local development writes to local_* indices and never pollutes production data.
DJANGO_ALGOLIA_EXCLUDED_LOCAL_INDEX_NAMES.
Loading and restoring data
# Restore a pg_dump from backend/data/nest.dump
make load-data
# Create a new dump
make dump-data
