37690ce734
Some checks failed
CI / Check (pull_request) Failing after 5m55s
CI / Detect Changes (pull_request) Has been skipped
CI / Deploy Agent (pull_request) Has been skipped
CI / Deploy Dashboard (pull_request) Has been skipped
CI / Deploy Docs (pull_request) Has been skipped
CI / Deploy MCP (pull_request) Has been skipped
Browser tool: - Session-persistent Chrome tab (same tab reused across all calls in a pentest) - Auto-screenshot on every navigate and click (stored in attack chain for report) - Fill uses CDP Input.insertText (fixes WebSocket corruption on special chars) - Switched from browserless/chromium to chromedp/headless-shell (stable WS) Context window optimization: - Strip screenshot_base64 from LLM conversation (kept in DB for report) - Truncate HTML to 2KB, page text to 1.5KB in LLM messages - Cap element/link arrays at 15 items - SAST triage: batch 30 findings per LLM call instead of all at once Report improvements: - Auto-embed screenshots in attack chain timeline (navigate + click nodes) - Cover page shows best app screenshot - Attack chain phases capped at 8 (no more 20x "Final") User cleanup: - TestUserRecord model tracks created test users per session - cleanup.rs: Keycloak (Admin REST API), Auth0 (Management API), Okta (Users API) - Auto-cleanup on session completion when cleanup_test_user is enabled - Env vars: KEYCLOAK_ADMIN_USERNAME, KEYCLOAK_ADMIN_PASSWORD System prompt: - Explicit browser usage instructions (navigate → get_content → click → fill) - SPA auth bypass guidance (check page content, not HTTP status) - Screenshot instructions for evidence collection Other: - Pin mongo:7 in docker-compose (mongo:latest/8 segfaults on kernel 6.19) - Add deploy/docker-compose.mailserver.yml for Postfix + Dovecot Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
64 lines
1.3 KiB
YAML
64 lines
1.3 KiB
YAML
services:
|
|
mongo:
|
|
image: mongo:7
|
|
ports:
|
|
- "27017:27017"
|
|
environment:
|
|
MONGO_INITDB_ROOT_USERNAME: root
|
|
MONGO_INITDB_ROOT_PASSWORD: example
|
|
volumes:
|
|
- mongo_data:/data/db
|
|
|
|
agent:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile.agent
|
|
ports:
|
|
- "3001:3001"
|
|
- "3002:3002"
|
|
env_file: .env
|
|
environment:
|
|
OTEL_EXPORTER_OTLP_ENDPOINT: http://otel-collector:4317
|
|
OTEL_SERVICE_NAME: compliance-agent
|
|
depends_on:
|
|
- mongo
|
|
volumes:
|
|
- repos_data:/tmp/compliance-scanner/repos
|
|
|
|
dashboard:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile.dashboard
|
|
ports:
|
|
- "8080:8080"
|
|
env_file: .env
|
|
environment:
|
|
OTEL_EXPORTER_OTLP_ENDPOINT: http://otel-collector:4317
|
|
OTEL_SERVICE_NAME: compliance-dashboard
|
|
depends_on:
|
|
- mongo
|
|
- agent
|
|
|
|
chromium:
|
|
image: browserless/chrome:latest
|
|
ports:
|
|
- "3003:3000"
|
|
environment:
|
|
MAX_CONCURRENT_SESSIONS: 5
|
|
CONNECTION_TIMEOUT: 60000
|
|
PREBOOT_CHROME: "true"
|
|
restart: unless-stopped
|
|
|
|
otel-collector:
|
|
image: otel/opentelemetry-collector-contrib:latest
|
|
ports:
|
|
- "4317:4317"
|
|
- "4318:4318"
|
|
volumes:
|
|
- ./otel-collector-config.yaml:/etc/otelcol-contrib/config.yaml
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
|
mongo_data:
|
|
repos_data:
|