Add VitePress documentation site with complete user guides
Covers getting started, repositories, scanning, findings, configuration, SBOM, code graph, impact analysis, DAST, AI chat, issue tracker integration, Docker deployment, environment variables, Keycloak auth, and OpenTelemetry. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
141
docs/guide/configuration.md
Normal file
141
docs/guide/configuration.md
Normal file
@@ -0,0 +1,141 @@
|
||||
# Configuration
|
||||
|
||||
Compliance Scanner is configured through environment variables. Copy `.env.example` to `.env` and edit the values.
|
||||
|
||||
## Required Settings
|
||||
|
||||
### MongoDB
|
||||
|
||||
```bash
|
||||
MONGODB_URI=mongodb://root:example@localhost:27017/compliance_scanner?authSource=admin
|
||||
MONGODB_DATABASE=compliance_scanner
|
||||
```
|
||||
|
||||
### Agent
|
||||
|
||||
```bash
|
||||
AGENT_PORT=3001
|
||||
```
|
||||
|
||||
### Dashboard
|
||||
|
||||
```bash
|
||||
DASHBOARD_PORT=8080
|
||||
AGENT_API_URL=http://localhost:3001
|
||||
```
|
||||
|
||||
## LLM Configuration
|
||||
|
||||
The AI features (chat, remediation suggestions) use LiteLLM as a proxy to various LLM providers:
|
||||
|
||||
```bash
|
||||
LITELLM_URL=http://localhost:4000
|
||||
LITELLM_API_KEY=your-key
|
||||
LITELLM_MODEL=gpt-4o
|
||||
LITELLM_EMBED_MODEL=text-embedding-3-small
|
||||
```
|
||||
|
||||
The embed model is used for the RAG/AI Chat feature to generate code embeddings.
|
||||
|
||||
## Git Provider Tokens
|
||||
|
||||
### GitHub
|
||||
|
||||
```bash
|
||||
GITHUB_TOKEN=ghp_xxxx
|
||||
GITHUB_WEBHOOK_SECRET=your-webhook-secret
|
||||
```
|
||||
|
||||
### GitLab
|
||||
|
||||
```bash
|
||||
GITLAB_URL=https://gitlab.com
|
||||
GITLAB_TOKEN=glpat-xxxx
|
||||
GITLAB_WEBHOOK_SECRET=your-webhook-secret
|
||||
```
|
||||
|
||||
## Issue Tracker Integration
|
||||
|
||||
### Jira
|
||||
|
||||
```bash
|
||||
JIRA_URL=https://your-org.atlassian.net
|
||||
JIRA_EMAIL=user@example.com
|
||||
JIRA_API_TOKEN=your-api-token
|
||||
JIRA_PROJECT_KEY=SEC
|
||||
```
|
||||
|
||||
When configured, new findings automatically create Jira issues in the specified project.
|
||||
|
||||
## Scan Schedules
|
||||
|
||||
Cron expressions for automated scanning:
|
||||
|
||||
```bash
|
||||
# Scan every 6 hours
|
||||
SCAN_SCHEDULE=0 0 */6 * * *
|
||||
|
||||
# Check for new CVEs daily at midnight
|
||||
CVE_MONITOR_SCHEDULE=0 0 0 * * *
|
||||
```
|
||||
|
||||
## Search Engine
|
||||
|
||||
SearXNG is used for CVE enrichment and vulnerability research:
|
||||
|
||||
```bash
|
||||
SEARXNG_URL=http://localhost:8888
|
||||
```
|
||||
|
||||
## NVD API
|
||||
|
||||
An NVD API key increases rate limits for CVE lookups:
|
||||
|
||||
```bash
|
||||
NVD_API_KEY=your-nvd-api-key
|
||||
```
|
||||
|
||||
Get a free key at [https://nvd.nist.gov/developers/request-an-api-key](https://nvd.nist.gov/developers/request-an-api-key).
|
||||
|
||||
## Clone Path
|
||||
|
||||
Where the agent stores cloned repository files:
|
||||
|
||||
```bash
|
||||
GIT_CLONE_BASE_PATH=/tmp/compliance-scanner/repos
|
||||
```
|
||||
|
||||
## All Environment Variables
|
||||
|
||||
| Variable | Required | Default | Description |
|
||||
|----------|----------|---------|-------------|
|
||||
| `MONGODB_URI` | Yes | — | MongoDB connection string |
|
||||
| `MONGODB_DATABASE` | No | `compliance_scanner` | Database name |
|
||||
| `AGENT_PORT` | No | `3001` | Agent REST API port |
|
||||
| `DASHBOARD_PORT` | No | `8080` | Dashboard web UI port |
|
||||
| `AGENT_API_URL` | No | `http://localhost:3001` | Agent URL for dashboard |
|
||||
| `LITELLM_URL` | No | `http://localhost:4000` | LiteLLM proxy URL |
|
||||
| `LITELLM_API_KEY` | No | — | LiteLLM API key |
|
||||
| `LITELLM_MODEL` | No | `gpt-4o` | LLM model for analysis |
|
||||
| `LITELLM_EMBED_MODEL` | No | `text-embedding-3-small` | Embedding model for RAG |
|
||||
| `GITHUB_TOKEN` | No | — | GitHub personal access token |
|
||||
| `GITHUB_WEBHOOK_SECRET` | No | — | GitHub webhook signing secret |
|
||||
| `GITLAB_URL` | No | `https://gitlab.com` | GitLab instance URL |
|
||||
| `GITLAB_TOKEN` | No | — | GitLab access token |
|
||||
| `GITLAB_WEBHOOK_SECRET` | No | — | GitLab webhook signing secret |
|
||||
| `JIRA_URL` | No | — | Jira instance URL |
|
||||
| `JIRA_EMAIL` | No | — | Jira account email |
|
||||
| `JIRA_API_TOKEN` | No | — | Jira API token |
|
||||
| `JIRA_PROJECT_KEY` | No | — | Jira project key for issues |
|
||||
| `SEARXNG_URL` | No | `http://localhost:8888` | SearXNG instance URL |
|
||||
| `NVD_API_KEY` | No | — | NVD API key for CVE lookups |
|
||||
| `SCAN_SCHEDULE` | No | `0 0 */6 * * *` | Cron schedule for scans |
|
||||
| `CVE_MONITOR_SCHEDULE` | No | `0 0 0 * * *` | Cron schedule for CVE checks |
|
||||
| `GIT_CLONE_BASE_PATH` | No | `/tmp/compliance-scanner/repos` | Local clone directory |
|
||||
| `KEYCLOAK_URL` | No | — | Keycloak server URL |
|
||||
| `KEYCLOAK_REALM` | No | — | Keycloak realm name |
|
||||
| `KEYCLOAK_CLIENT_ID` | No | — | Keycloak client ID |
|
||||
| `REDIRECT_URI` | No | — | OAuth callback URL |
|
||||
| `APP_URL` | No | — | Application root URL |
|
||||
| `OTEL_EXPORTER_OTLP_ENDPOINT` | No | — | OTLP collector endpoint |
|
||||
| `OTEL_SERVICE_NAME` | No | — | OpenTelemetry service name |
|
||||
Reference in New Issue
Block a user