sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1bf25525d8ee366ef45dd05aad0a5a41f941d275
compliance-scanner-agent/docs/guide/configuration.md
Sharang Parnerkar 1bf25525d8
All checks were successful
CI / Tests (push) Has been skipped
Details
CI / Format (pull_request) Successful in 3s
Details
CI / Clippy (pull_request) Successful in 3m59s
Details
CI / Security Audit (pull_request) Has been skipped
Details
CI / Tests (pull_request) Has been skipped
Details
CI / Format (push) Successful in 3s
Details
CI / Clippy (push) Successful in 3m56s
Details
CI / Security Audit (push) Has been skipped
Details
CI / Deploy Agent (pull_request) Has been skipped
Details
CI / Deploy Dashboard (pull_request) Has been skipped
Details
CI / Deploy Docs (pull_request) Has been skipped
Details
CI / Deploy MCP (pull_request) Has been skipped
Details
CI / Deploy Agent (push) Has been skipped
Details
CI / Deploy Dashboard (push) Has been skipped
Details
CI / Deploy Docs (push) Has been skipped
Details
CI / Deploy MCP (push) Has been skipped
Details
CI / Detect Changes (pull_request) Has been skipped
Details
CI / Detect Changes (push) Has been skipped
Details
docs: add MCP server documentation 
New feature page covering architecture, available tools, local/HTTP
usage, Docker deployment, Coolify setup, dashboard management, and
example queries. Updated environment variable reference and
configuration guide with MCP_PORT. Added sidebar nav entry.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 22:20:53 +01:00

4.3 KiB
Raw Blame History

Configuration

Compliance Scanner is configured through environment variables. Copy .env.example to .env and edit the values.

Required Settings

MongoDB

MONGODB_URI=mongodb://root:example@localhost:27017/compliance_scanner?authSource=admin
MONGODB_DATABASE=compliance_scanner

Agent

AGENT_PORT=3001

Dashboard

DASHBOARD_PORT=8080
AGENT_API_URL=http://localhost:3001

LLM Configuration

The AI features (chat, remediation suggestions) use LiteLLM as a proxy to various LLM providers:

LITELLM_URL=http://localhost:4000
LITELLM_API_KEY=your-key
LITELLM_MODEL=gpt-4o
LITELLM_EMBED_MODEL=text-embedding-3-small

The embed model is used for the RAG/AI Chat feature to generate code embeddings.

Git Provider Tokens

GitHub

GITHUB_TOKEN=ghp_xxxx
GITHUB_WEBHOOK_SECRET=your-webhook-secret

GitLab

GITLAB_URL=https://gitlab.com
GITLAB_TOKEN=glpat-xxxx
GITLAB_WEBHOOK_SECRET=your-webhook-secret

Issue Tracker Integration

Jira

JIRA_URL=https://your-org.atlassian.net
JIRA_EMAIL=user@example.com
JIRA_API_TOKEN=your-api-token
JIRA_PROJECT_KEY=SEC

When configured, new findings automatically create Jira issues in the specified project.

Scan Schedules

Cron expressions for automated scanning:

# Scan every 6 hours
SCAN_SCHEDULE=0 0 */6 * * *

# Check for new CVEs daily at midnight
CVE_MONITOR_SCHEDULE=0 0 0 * * *

Search Engine

SearXNG is used for CVE enrichment and vulnerability research:

SEARXNG_URL=http://localhost:8888

NVD API

An NVD API key increases rate limits for CVE lookups:

NVD_API_KEY=your-nvd-api-key

Get a free key at https://nvd.nist.gov/developers/request-an-api-key.

MCP Server

The MCP server exposes compliance data to external LLMs via the Model Context Protocol. See MCP Server for full details.

# Set MCP_PORT to enable HTTP transport (omit for stdio mode)
MCP_PORT=8090

The MCP server shares the MONGODB_URI and MONGODB_DATABASE variables with the rest of the platform.

Clone Path

Where the agent stores cloned repository files:

GIT_CLONE_BASE_PATH=/tmp/compliance-scanner/repos

All Environment Variables

Variable Required Default Description
MONGODB_URI Yes MongoDB connection string
MONGODB_DATABASE No compliance_scanner Database name
AGENT_PORT No 3001 Agent REST API port
DASHBOARD_PORT No 8080 Dashboard web UI port
AGENT_API_URL No http://localhost:3001 Agent URL for dashboard
LITELLM_URL No http://localhost:4000 LiteLLM proxy URL
LITELLM_API_KEY No LiteLLM API key
LITELLM_MODEL No gpt-4o LLM model for analysis
LITELLM_EMBED_MODEL No text-embedding-3-small Embedding model for RAG
GITHUB_TOKEN No GitHub personal access token
GITHUB_WEBHOOK_SECRET No GitHub webhook signing secret
GITLAB_URL No https://gitlab.com GitLab instance URL
GITLAB_TOKEN No GitLab access token
GITLAB_WEBHOOK_SECRET No GitLab webhook signing secret
JIRA_URL No Jira instance URL
JIRA_EMAIL No Jira account email
JIRA_API_TOKEN No Jira API token
JIRA_PROJECT_KEY No Jira project key for issues
SEARXNG_URL No http://localhost:8888 SearXNG instance URL
NVD_API_KEY No NVD API key for CVE lookups
SCAN_SCHEDULE No 0 0 */6 * * * Cron schedule for scans
CVE_MONITOR_SCHEDULE No 0 0 0 * * * Cron schedule for CVE checks
GIT_CLONE_BASE_PATH No /tmp/compliance-scanner/repos Local clone directory
KEYCLOAK_URL No Keycloak server URL
KEYCLOAK_REALM No Keycloak realm name
KEYCLOAK_CLIENT_ID No Keycloak client ID
REDIRECT_URI No OAuth callback URL
APP_URL No Application root URL
OTEL_EXPORTER_OTLP_ENDPOINT No OTLP collector endpoint
OTEL_SERVICE_NAME No OpenTelemetry service name
MCP_PORT No MCP HTTP transport port (omit for stdio)
Reference in New Issue View Git Blame Copy Permalink