OWASP · arkid15r · Jan 2, 2026 · Dec 25, 2025 · Dec 26, 2025 · Dec 30, 2025
diff --git a/.github/workflows/run-ci-cd.yaml b/.github/workflows/run-ci-cd.yaml
@@ -226,6 +226,17 @@ jobs:
           --health-retries=5
         ports:
           - 5432:5432
+      cache:
+        image: redis:8.0.5-alpine3.21
+        env:
+          REDIS_PASSWORD: nest-cache-e2e-password
+        options: >-
+          --health-cmd="redis-cli -a $$REDIS_PASSWORD ping"
+          --health-interval=5s
+          --health-timeout=5s
+          --health-retries=5
+        ports:
+          - 6379:6379
     steps:
       - name: Check out repository
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
@@ -320,6 +331,17 @@ jobs:
           --health-retries=5
         ports:
           - 5432:5432
+      cache:
+        image: redis:8.0.5-alpine3.21
+        env:
+          REDIS_PASSWORD: nest-fuzz-cache-password
+        options: >-
+          --health-cmd="redis-cli -a $$REDIS_PASSWORD ping"
+          --health-interval=5s
+          --health-timeout=5s
+          --health-retries=5
+        ports:
+          - 6379:6379
     steps:
       - name: Check out repository
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8

diff --git a/.github/workflows/setup-e2e-environment/action.yaml b/.github/workflows/setup-e2e-environment/action.yaml
diff --git a/backend/.env.e2e.example b/backend/.env.e2e.example
@@ -13,8 +13,8 @@ DJANGO_DB_PASSWORD=nest_user_e2e_password
 DJANGO_DB_PORT=5432
 DJANGO_OPEN_AI_SECRET_KEY=None
 DJANGO_PUBLIC_IP_ADDRESS="127.0.0.1"
-DJANGO_REDIS_HOST=None
-DJANGO_REDIS_PASSWORD=None
+DJANGO_REDIS_HOST=cache
+DJANGO_REDIS_PASSWORD=nest-cache-e2e-password
 DJANGO_RELEASE_VERSION=None
 DJANGO_SECRET_KEY=None
 DJANGO_SENTRY_DSN=None

diff --git a/backend/.env.fuzz.example b/backend/.env.fuzz.example
@@ -13,8 +13,8 @@ DJANGO_DB_PASSWORD=nest_user_fuzz_password
 DJANGO_DB_PORT=5432
 DJANGO_OPEN_AI_SECRET_KEY=None
 DJANGO_PUBLIC_IP_ADDRESS="127.0.0.1"
-DJANGO_REDIS_HOST=None
-DJANGO_REDIS_PASSWORD=None
+DJANGO_REDIS_HOST=cache
+DJANGO_REDIS_PASSWORD=nest-fuzz-cache-password
 DJANGO_RELEASE_VERSION=None
 DJANGO_SECRET_KEY=None
 DJANGO_SENTRY_DSN=None

diff --git a/backend/Makefile b/backend/Makefile
@@ -132,11 +132,11 @@ restore-backup:
 
 run-backend-e2e:
 	@DOCKER_BUILDKIT=1 \
-	docker compose --project-name nest-e2e -f docker-compose/e2e.yaml up --build --remove-orphans --abort-on-container-exit backend db
+	docker compose --project-name nest-e2e -f docker-compose/e2e/compose.yaml up --build --remove-orphans --abort-on-container-exit backend db cache
 
 run-backend-fuzz:
 	@COMPOSE_BAKE=true DOCKER_BUILDKIT=1 \
-	docker compose --project-name nest-fuzz -f docker-compose/fuzz.yaml up --build --remove-orphans --abort-on-container-exit backend db
+	docker compose --project-name nest-fuzz -f docker-compose/fuzz/compose.yaml up --build --remove-orphans --abort-on-container-exit backend db cache
 
 save-backup:
 	@echo "Saving Nest backup"
@@ -168,9 +168,9 @@ test-fuzz:
 	@docker container rm -f fuzz-nest-db >/dev/null 2>&1 || true
 	@docker volume rm -f nest-fuzz_fuzz-db-data >/dev/null 2>&1 || true
 	@COMPOSE_BAKE=true DOCKER_BUILDKIT=1 \
-	docker compose --project-name nest-fuzz -f docker-compose/fuzz.yaml up --build --remove-orphans --abort-on-container-exit db backend data-loader
+	docker compose --project-name nest-fuzz -f docker-compose/fuzz/compose.yaml up --build --remove-orphans --abort-on-container-exit db cache backend data-loader
 	@COMPOSE_BAKE=true DOCKER_BUILDKIT=1 \
-	docker compose --project-name nest-fuzz -f docker-compose/fuzz.yaml up --build --remove-orphans --abort-on-container-exit db backend graphql
+	docker compose --project-name nest-fuzz -f docker-compose/fuzz/compose.yaml up --build --remove-orphans --abort-on-container-exit db cache backend graphql
 
 update-backend-dependencies:
 	@cd backend && poetry update

diff --git a/backend/apps/api/rest/v0/__init__.py b/backend/apps/api/rest/v0/__init__.py
@@ -68,6 +68,17 @@
         ],
         "throttle": [],
     }
+elif settings.IS_FUZZ_ENVIRONMENT:
+    api_settings_customization = {
+        "auth": None,
+        "servers": [
+            {
+                "description": "Fuzz",
+                "url": settings.SITE_URL,
+            }
+        ],
+        "throttle": [],
+    }
 elif settings.IS_STAGING_ENVIRONMENT:
     api_settings_customization = {
         "servers": [

diff --git a/backend/settings/e2e.py b/backend/settings/e2e.py
@@ -16,12 +16,6 @@ class E2E(Base):
         "http://localhost:3000",
     )
 
-    CACHES = {
-        "default": {
-            "BACKEND": "django.core.cache.backends.locmem.LocMemCache",
-        }
-    }
-
     CORS_ALLOWED_ORIGINS = ALLOWED_ORIGINS
     CSRF_TRUSTED_ORIGINS = ALLOWED_ORIGINS
 

diff --git a/backend/settings/fuzz.py b/backend/settings/fuzz.py
@@ -11,12 +11,6 @@ class Fuzz(Base):
     APP_NAME = "OWASP Nest Fuzz Testing"
     SITE_URL = "http://localhost:9500"
 
-    CACHES = {
-        "default": {
-            "BACKEND": "django.core.cache.backends.locmem.LocMemCache",
-        }
-    }
-
     IS_FUZZ_ENVIRONMENT = True
     LOGGING = {}
     PUBLIC_IP_ADDRESS = values.Value()
diff --git a/docker-compose/e2e.yaml → docker-compose/e2e/compose.yaml b/docker-compose/e2e.yaml → docker-compose/e2e/compose.yaml
@@ -7,12 +7,14 @@ services:
         gunicorn wsgi:application --bind 0.0.0.0:9000
       '
     build:
-      context: ../backend
+      context: ../../backend
       dockerfile: docker/Dockerfile
     depends_on:
       db:
         condition: service_healthy
-    env_file: ../backend/.env.e2e.example
+      cache:
+        condition: service_healthy
+    env_file: ../../backend/.env.e2e.example
     networks:
       - e2e-nest-network
     ports:
@@ -40,7 +42,7 @@ services:
       POSTGRES_USER: ${DJANGO_DB_USER:-nest_user_e2e}
       POSTGRES_DB: ${DJANGO_DB_NAME:-nest_db_e2e}
     volumes:
-      - ../backend/data:/data:ro
+      - ../../backend/data:/data:ro
     networks:
       - e2e-nest-network
     command: >
@@ -68,10 +70,29 @@ services:
     ports:
       - 5433:5432
 
+  cache:
+    command: >
+      sh -c '
+        redis-server --requirepass $$REDIS_PASSWORD --maxmemory 100mb --maxmemory-policy allkeys-lru
+      '
+    container_name: e2e-nest-cache
+    image: redis:8.0.5-alpine3.21
+    environment:
+      REDIS_PASSWORD: ${DJANGO_REDIS_PASSWORD:-nest-cache-e2e-password}
+    healthcheck:
+      interval: 5s
+      retries: 5
+      test: [CMD, redis-cli, -a, $$REDIS_PASSWORD, ping]
+      timeout: 5s
+    networks:
+      - e2e-nest-network
+    volumes:
+      - e2e-cache-data:/data
+
   e2e-tests:
     container_name: e2e-nest-tests
     build:
-      context: ../frontend
+      context: ../../frontend
       dockerfile: docker/Dockerfile.e2e.test
     command: >
       sh -c '
@@ -80,11 +101,12 @@ services:
     depends_on:
       backend:
         condition: service_healthy
-    env_file: ../frontend/.env.e2e.example
+    env_file: ../../frontend/.env.e2e.example
     networks:
       - e2e-nest-network
 
 networks:
   e2e-nest-network:
 volumes:
   e2e-db-data:
+  e2e-cache-data:
diff --git a/docker-compose/fuzz.yaml → docker-compose/fuzz/compose.yaml b/docker-compose/fuzz.yaml → docker-compose/fuzz/compose.yaml
@@ -7,12 +7,14 @@ services:
         gunicorn wsgi:application --bind 0.0.0.0:9500
       '
     build:
-      context: ../backend
+      context: ../../backend
       dockerfile: docker/Dockerfile
     depends_on:
       db:
         condition: service_healthy
-    env_file: ../backend/.env.fuzz.example
+      cache:
+        condition: service_healthy
+    env_file: ../../backend/.env.fuzz.example
     networks:
       - fuzz-nest-network
     ports:
@@ -40,7 +42,7 @@ services:
       POSTGRES_USER: ${DJANGO_DB_USER:-nest_user_fuzz}
       POSTGRES_DB: ${DJANGO_DB_NAME:-nest_db_fuzz}
     volumes:
-      - ../backend/data:/data:ro
+      - ../../backend/data:/data:ro
     networks:
       - fuzz-nest-network
     command: >
@@ -67,18 +69,38 @@ services:
       - fuzz-db-data:/var/lib/postgresql/data
     ports:
       - 5434:5432
+
+  cache:
+    command: >
+      sh -c '
+        redis-server --requirepass $$REDIS_PASSWORD --maxmemory 100mb --maxmemory-policy allkeys-lru
+      '
+    container_name: fuzz-nest-cache
+    image: redis:8.0.5-alpine3.21
+    environment:
+      REDIS_PASSWORD: ${DJANGO_REDIS_PASSWORD:-nest-fuzz-cache-password}
+    healthcheck:
+      interval: 5s
+      retries: 5
+      test: [CMD, redis-cli, -a, $$REDIS_PASSWORD, ping]
+      timeout: 5s
+    networks:
+      - fuzz-nest-network
+    volumes:
+      - fuzz-cache-data:/data
+
   graphql:
     container_name: fuzz-nest-graphql
     build:
-      context: ../backend/docker
+      context: ../../backend/docker
       dockerfile: Dockerfile.fuzz
     environment:
       BASE_URL: http://backend:9500
     depends_on:
       backend:
         condition: service_healthy
     volumes:
-      - ../backend/fuzzing_results:/home/owasp/fuzzing_results
+      - ../../backend/fuzzing_results:/home/owasp/fuzzing_results
     networks:
       - fuzz-nest-network
 
@@ -87,3 +109,4 @@ networks:
 
 volumes:
   fuzz-db-data:
+  fuzz-cache-data:
diff --git a/frontend/Makefile b/frontend/Makefile
@@ -60,9 +60,9 @@ test-frontend-e2e:
 	@docker container rm -f e2e-nest-db >/dev/null 2>&1 || true
 	@docker volume rm -f nest-e2e_e2e-db-data >/dev/null 2>&1 || true
 	@DOCKER_BUILDKIT=1 \
-	docker compose --project-name nest-e2e -f docker-compose/e2e.yaml up --build --remove-orphans --abort-on-container-exit db backend data-loader
+	docker compose --project-name nest-e2e -f docker-compose/e2e/compose.yaml up --build --remove-orphans --abort-on-container-exit db cache backend data-loader
 	@DOCKER_BUILDKIT=1 NEXT_PUBLIC_ENVIRONMENT=local \
-	docker compose --project-name nest-e2e -f docker-compose/e2e.yaml up --build --remove-orphans --abort-on-container-exit db backend e2e-tests
+	docker compose --project-name nest-e2e -f docker-compose/e2e/compose.yaml up --build --remove-orphans --abort-on-container-exit db cache backend e2e-tests
 
 
 test-frontend-unit: