tl;dr: self-hosted `report-uri.com` ?
I messed up my site's Content-Security-Policy and blew up my report quota on report-uri.com last month. I'm happy with them, but I don't really want to pay for this service, and I want to avoid that in the future. So I'm looking for something(s) to:
1. Collect Content-Security-Policy browser reports ([go-csp-collector](https://github.com/jacobbednarz/go-csp-collector) is *sufficient* here, if not great, as it doesn't support the newer [Report-To](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to)) and log to JSON (or whatever)
2. Collect other browser reports such as NEL, Deprecation, Crash and log to JSON
3. Collect SMTP-TLS and DMARC email reports and log to JSON
4. Display them somehow for searching and for seeing trends: preferably something less manual than Grafana, but I can collect the logs and do custom dashboards in Grafana that parse JSON (or whatever) logs if I need to.
5. Let me filter incoming reports based on various things (like ignore CSP reports with no URL)
In my searches I found plenty of SaaS and no source code for the whole thing. Sentry and its clones are too much; I don't want to instrument an app I don't have. I did find plenty of 5-year old abandoned projects, though.
So, what's out there in this space for self-hosting?
For reference, report-uri.com looks like the below, with the ability to drill down and filter and see reports.
![](https://lemmy.world/pictrs/image/ce5d87b9-a1b8-44d9-a1cb-a55e22dd49a0.png)