Skip to main content
The OWASP Nest backend is a Python API server built with Django 6.x. It exposes two APIs — a public REST API and an internal GraphQL API — and integrates with PostgreSQL, Redis, and Algolia to serve the Nest frontend and third-party SDK consumers.

Tech stack

Django 6.x

Core web framework. Handles routing, ORM, admin, migrations, and middleware.

Django Ninja

REST framework for the public v0 API. Auto-generates an OpenAPI schema at /api/v0/openapi.json.

Strawberry GraphQL

GraphQL framework for the internal API consumed by the Next.js frontend.

PostgreSQL

Primary relational database. Uses pgvector for AI embedding storage.

Redis

Provides API response caching via django-redis and powers the Django RQ task queue.

Algolia

Full-text search index for projects, chapters, and other OWASP entities.

Directory structure

backend/
├── apps/                  # All Django applications
│   ├── ai/                # AI agent (LangGraph, LangChain, OpenAI)
│   ├── api/               # REST v0 and GraphQL API definitions
│   ├── common/            # Shared utilities and middleware
│   ├── core/              # Core models and base classes
│   ├── github/            # GitHub integration (orgs, repos, issues)
│   ├── mentorship/        # Mentorship program models
│   ├── nest/              # Nest-specific models (users, API keys)
│   ├── owasp/             # OWASP project and chapter data
│   ├── sitemap/           # XML sitemap generation
│   └── slack/             # NestBot Slack integration
├── data/                  # Database dumps and backup files
├── settings/              # Django configuration files (base, local, production, …)
├── tests/                 # Automated tests
├── manage.py
├── pyproject.toml         # Poetry dependencies and tool configuration
└── .env.example           # Environment variable template

Next steps

Local setup

Run the backend locally using Docker Compose.

Environment variables

Reference for all required and optional environment variables.

Django apps

Detailed description of each Django application.

API overview

REST and GraphQL API entry points.

Build docs developers (and LLMs) love

Get started for freeTalk to us