Add VitePress documentation site with complete user guides

Covers getting started, repositories, scanning, findings, configuration, SBOM, code graph, impact analysis, DAST, AI chat, issue tracker integration, Docker deployment, environment variables, Keycloak auth, and OpenTelemetry. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 01:18:58 +01:00
parent 65abc55915
commit 94552d1626
21 changed files with 4019 additions and 0 deletions
--- a/docs/deployment/docker.md
+++ b/docs/deployment/docker.md
@@ -0,0 +1,125 @@
+# Docker Compose Deployment
+
+The recommended way to deploy Compliance Scanner is with Docker Compose.
+
+## Prerequisites
+
+- Docker and Docker Compose installed
+- At least 4 GB of available RAM
+- Git repository access (tokens configured in `.env`)
+
+## Quick Start
+
+```bash
+# Clone the repository
+git clone <repo-url> compliance-scanner
+cd compliance-scanner
+
+# Configure environment
+cp .env.example .env
+# Edit .env with your MongoDB credentials, tokens, etc.
+
+# Start all services
+docker-compose up -d
+```
+
+## Services
+
+The `docker-compose.yml` includes these services:
+
+| Service | Port | Description |
+|---------|------|-------------|
+| `mongo` | 27017 | MongoDB database |
+| `agent` | 3001, 3002 | Compliance agent (REST API + webhooks) |
+| `dashboard` | 8080 | Web dashboard |
+| `chromium` | 3003 | Headless browser for DAST crawling |
+| `otel-collector` | 4317, 4318 | OpenTelemetry collector (optional) |
+
+## Volumes
+
+| Volume | Purpose |
+|--------|---------|
+| `mongo_data` | Persistent MongoDB data |
+| `repos_data` | Cloned repository files |
+
+## Checking Status
+
+```bash
+# View running services
+docker-compose ps
+
+# View logs
+docker-compose logs -f agent
+docker-compose logs -f dashboard
+
+# Restart a service
+docker-compose restart agent
+```
+
+## Accessing the Dashboard
+
+Once running, open [http://localhost:8080](http://localhost:8080) in your browser.
+
+If Keycloak authentication is configured, you'll be redirected to sign in. Otherwise, the dashboard is accessible directly.
+
+## Updating
+
+```bash
+# Pull latest changes
+git pull
+
+# Rebuild and restart
+docker-compose up -d --build
+```
+
+## Production Considerations
+
+### MongoDB
+
+For production, use a managed MongoDB instance or configure replication:
+
+```bash
+MONGODB_URI=mongodb+srv://user:pass@cluster.mongodb.net/compliance_scanner
+```
+
+### Reverse Proxy
+
+Place the dashboard behind a reverse proxy (nginx, Caddy, Traefik) with TLS:
+
+```nginx
+server {
+    listen 443 ssl;
+    server_name compliance.example.com;
+
+    ssl_certificate /path/to/cert.pem;
+    ssl_certificate_key /path/to/key.pem;
+
+    location / {
+        proxy_pass http://localhost:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+```
+
+### Resource Limits
+
+Add resource limits to Docker Compose for production:
+
+```yaml
+services:
+  agent:
+    deploy:
+      resources:
+        limits:
+          memory: 2G
+          cpus: '2.0'
+  dashboard:
+    deploy:
+      resources:
+        limits:
+          memory: 512M
+          cpus: '1.0'
+```