Satwikvarma/devsecops-3tier-app — reverse-engineered prompt

Build me a simple 3 tier web app that demonstrates a DevSecOps workflow.

I want a frontend page that users can open in the browser, a Node and Express backend API that the frontend talks to, and a database for saving basic app data. Keep the app simple, the main goal is to show the architecture and workflow clearly, not to build a huge product.

Containerize everything with Docker and make it runnable locally with Docker Compose using one command. Include an nginx layer if needed so the frontend and backend are wired together cleanly.

Set up GitHub Actions so every push to main installs dependencies, builds the frontend and backend containers, and runs security scanning on the images with Trivy. The workflow should fail when high or critical vulnerabilities or exposed secrets are found.

Please make the project easy to understand for someone learning DevSecOps, with clear README instructions for running it locally and explaining the pipeline.