Overview
Quor is Getup's catalog of hardened, production-ready container images: zero-CVE baselines, SBOMs, cryptographic signing, and SLSA-verifiable provenance for teams running Kubernetes in production. I built its customer-facing console as the sole front-end engineer, from empty repository to public launch.
What I built
- Image catalog and detail views — browse and filter the hardened-image catalog by category and architecture, drill into an image's tags and per-image security data.
- Account and registry management — pull credentials, organization flows, and settings: the surfaces where a UX mistake can lock a CI pipeline out of its production images.
Architecture
A greenfield React SPA built on Vite and TypeScript, styled with Tailwind CSS, and all-in on the TanStack ecosystem — Router for type-safe routing, Query for server state, Table for the heavy data grids, and Form for the credential and organization flows. Type safety runs from route params to form submissions.
Hard problems
- Heavy data at speed — image catalogs and package-level security data are large; tables, search, and filtering had to stay responsive at real data sizes.
- Greenfield decisions that had to last — stack, design system, data-fetching and auth patterns chosen from zero, with the product growing around them.
- Credential UX with real blast radius — registry access flows were designed so the dangerous mistakes are hard to make.
Outcome
The console shipped to production with Quor's public launch — one front-end engineer, zero to launched product.