sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
feat/ui-improvements
compliance-scanner-agent/docs/guide/getting-started.md
Sharang Parnerkar 7e12d1433a
All checks were successful
CI / Clippy (push) Successful in 3m17s
Details
CI / Security Audit (push) Successful in 1m36s
Details
CI / Format (push) Successful in 2s
Details
CI / Tests (push) Successful in 4m38s
Details
docs: added vite-press docs (#4) 
Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com>
Reviewed-on: #4
2026-03-08 13:59:50 +00:00

56 lines
2.1 KiB
Markdown
Raw Permalink Blame History

# Getting Started
Compliance Scanner is a security compliance platform that scans your Git repositories for vulnerabilities, builds software bills of materials, performs dynamic application testing, and provides AI-powered code intelligence.
## Architecture
The platform consists of three main components:
- **Agent** — Background service that clones repositories, runs scans, builds graphs, and exposes a REST API
- **Dashboard** — Web UI built with Dioxus (Rust full-stack framework) for viewing results and managing repositories
- **MongoDB** — Database for storing all scan results, findings, SBOM data, and graph structures
## Quick Start with Docker Compose
The fastest way to get running:
```bash
# Clone the repository
git clone <repo-url> compliance-scanner
cd compliance-scanner
# Copy and configure environment variables
cp .env.example .env
# Edit .env with your settings (see Configuration)
# Start all services
docker-compose up -d
```
This starts:
- MongoDB on port `27017`
- Agent API on port `3001`
- Dashboard on port `8080`
- Chromium (for DAST crawling) on port `3003`
Open the dashboard at [http://localhost:8080](http://localhost:8080).
## What Happens During a Scan
When you add a repository and trigger a scan, the agent runs through these phases:
1. **Clone** — Clones or pulls the latest code from the Git remote
2. **SAST** — Runs static analysis using Semgrep with rules for OWASP, GDPR, OAuth, and general security
3. **SBOM** — Extracts all dependencies using Syft, identifying packages, versions, licenses, and known vulnerabilities
4. **CVE Check** — Cross-references dependencies against the NVD database for known CVEs
5. **Graph Build** — Parses the codebase to construct a code knowledge graph of functions, classes, and their relationships
6. **Issue Sync** — Creates or updates issues in connected trackers (GitHub, GitLab, Jira) for new findings
Each phase produces results visible in the dashboard immediately.
## Next Steps
- [Add your first repository](/guide/repositories)
- [Understand scan results](/guide/findings)
- [Configure integrations](/guide/configuration)
Reference in New Issue View Git Blame Copy Permalink