A gamified learning platform for product security professionals to master the TARA (Threat Analysis & Risk Assessment) platform through hands-on practice.
TARA Training guides new product security professionals through the complete TARA workflow, from initial project setup through report generation. Users complete progressive learning modules with step-by-step tasks while working alongside the TARA platform in a side-by-side experience.
-
13 Progressive Modules covering the complete TARA workflow:
- Initial Onboarding
- Project Setup
- Document Management
- Architecture Modeling
- Asset Identification
- Threat Generation
- Attack Path Analysis
- Risk Assessment
- Mitigation Planning
- Requirements Generation
- SBOM & Vulnerabilities
- Compliance & Verification
- Report Generation
-
80/20 Split-Pane Interface: TARA launcher on the left (80%), educational content sidebar on the right (20%)
-
Step-by-Step Instructions: Numbered, detailed instructions for each task with specific UI guidance
-
"Why It Matters" Context: Business context for every security concept
-
Tips & Best Practices: Expert guidance throughout
-
Module Completion Flow: Auto-navigation to next task with "Continue to next module" prompts
- Security Shield: Visual hexagonal progress indicator that builds as you complete modules (13 segments total)
- Streak Tracking: Stay motivated with daily learning streaks displayed on the dashboard
- Pre-Assessment: Benchmark your knowledge before starting
- Post-Assessment: Measure improvement after completing the curriculum
- Category Breakdown: See progress across STRIDE, Risk, SBOM, and Compliance topics
- Before/After Comparison: Visualize your growth
- Framework: Next.js 15 with App Router
- Styling: Tailwind CSS + shadcn/ui
- Database: Supabase (PostgreSQL)
- State: React Query + nuqs for URL state
- Icons: Lucide React
- Theme: Dark mode with glassmorphism effects
- Node.js 18+
- npm or pnpm
- A Supabase account (free tier works)
- Clone the repository:
git clone <repository-url>
cd tara-training- Install dependencies:
npm install-
Create a Supabase project at supabase.com
-
Copy the environment template and add your Supabase credentials:
cp .env.local.example .env.localEdit .env.local:
NEXT_PUBLIC_SUPABASE_URL=your_supabase_url
NEXT_PUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key
NEXT_PUBLIC_TARA_URL=https://finite-state-tara-ai.vercel.app-
Set up the database by running the SQL in
supabase/schema.sqlin your Supabase SQL Editor -
Start the development server:
npm run dev-
Sign In: Enter your email address on the welcome screen. No password required - your email is used to track your progress across sessions.
-
Dashboard: After signing in, you'll see your personal dashboard with:
- Learning progress overview
- Current streak
- Quick access to continue where you left off
Your home base showing:
- Overall progress percentage
- Modules completed vs. total
- Tasks completed
- Current learning streak
The main learning hub:
- Overall Progress: Visual ring showing completion percentage
- Recent Activity: Your last completed tasks with timestamps
- Module Cards: All 13 modules with status indicators:
- π Locked: Complete prerequisite modules first
- Available: Ready to start
- In Progress: Currently working on
- β Completed: All tasks done
- Click on an available or in-progress module
- View the module overview with all tasks listed
- Click "Start" on the first incomplete task
Each task has an 80/20 split layout:
Left Side (80%) - TARA Launcher:
- Click "Launch TARA" to open the TARA platform in a new browser tab
- Arrange your windows side-by-side for the best experience
- Complete the task in TARA following the instructions
Right Side (20%) - Instructions Sidebar:
- Task: Current task name with progress (e.g., "1/4")
- Instructions: Step-by-step numbered guide
- Why This Matters: Context for the task
- Tips: Pro tips and best practices
- Mark Complete: Click when you've finished the task
- After completing a task, the app auto-navigates to the next task after 1.5 seconds
- When you finish all tasks in a module, a "Continue to next module" banner appears
- Your progress is saved automatically - you can close the browser and resume later
- Use the "β Back to [Module Name]" link to return to the module overview
- Take before starting the curriculum to benchmark your knowledge
- Multiple choice questions covering all TARA topics
- Results are saved for comparison with post-assessment
- Take after completing all modules
- Same format as pre-assessment
- Compare scores to see your improvement
- Review which areas improved most
- View and update your email
- Log out (clears your local session)
tara-training/
βββ src/
β βββ app/ # Next.js App Router pages
β β βββ (dashboard)/ # Protected dashboard routes
β β β βββ dashboard/ # Main dashboard
β β β βββ modules/ # Module list and task pages
β β β βββ assessment/ # Pre/post assessments
β β β βββ settings/ # User settings
β β βββ api/ # API routes
β β βββ progress/ # Progress tracking API
β βββ components/
β β βββ ui/ # shadcn/ui components
β β βββ dashboard/ # Dashboard components (nav, welcome)
β β βββ quest-board/ # Module cards, security shield
β β βββ lesson/ # Lesson layout, sidebar, TARA launcher
β β βββ email-entry/ # Email form, user context
β β βββ gamification/ # Badges, XP display
β βββ content/
β β βββ modules/ # Curriculum content (modules + tasks)
β β βββ assessment/ # Assessment questions
β βββ hooks/ # Custom React hooks (useProgress)
β βββ lib/ # Utilities and clients
β β βββ supabase/ # Supabase client
β β βββ progress.ts # Progress API helpers
β β βββ utils.ts # Utility functions
β βββ types/ # TypeScript types
βββ supabase/
β βββ schema.sql # Database schema + seed data
βββ public/
βββ *.png # Logo and favicon assets
The platform uses a simple email-based identification system (no authentication required):
| Table | Purpose |
|---|---|
users |
Email-keyed user records with last active timestamp |
user_progress |
Module status tracking (not_started, in_progress, completed) |
task_completions |
Individual task completion records |
assessment_results |
Pre/post assessment scores and answers |
user_gamification |
Streak tracking and last activity date |
Note: Module and task content is managed in src/content/modules/index.ts as TypeScript data, not in the database.
The platform follows a dark color palette with teal accents:
- Background: Dark slate with subtle gradients
- Primary: Teal (#14b8a6) for interactive elements
- Accent: Cyan for secondary highlights
- Glass Effects:
backdrop-blurwith subtle borders (.glass-cardclass) - Text: High contrast with muted-foreground for secondary text
# Start development server
npm run dev
# Build for production
npm run build
# Run linting
npm run lint
# Type checking
npx tsc --noEmit
# Format code
npx prettier --write .The app can be deployed to Vercel with zero configuration:
- Push to GitHub
- Import to Vercel
- Add environment variables:
NEXT_PUBLIC_SUPABASE_URLNEXT_PUBLIC_SUPABASE_ANON_KEYNEXT_PUBLIC_TARA_URL
- Deploy
- TARA opens in new tab: Due to security headers on the TARA platform, it cannot be embedded in an iframe. Users launch TARA in a separate browser tab and work side-by-side.
- Manual task verification: Tasks require manual "Mark Complete" clicks. Automatic verification would require TARA platform integration.
Contributions are welcome! Please read our contributing guidelines before submitting PRs.
MIT License - see LICENSE file for details.