sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7e12d1433ab6491a3badcd5654bc124d2aacbeea
compliance-scanner-agent/docs/deployment/docker.md
Sharang Parnerkar 7e12d1433a
All checks were successful
CI / Clippy (push) Successful in 3m17s
Details
CI / Security Audit (push) Successful in 1m36s
Details
CI / Format (push) Successful in 2s
Details
CI / Tests (push) Successful in 4m38s
Details
docs: added vite-press docs (#4) 
Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com>
Reviewed-on: #4
2026-03-08 13:59:50 +00:00

2.6 KiB
Raw Blame History

Docker Compose Deployment

The recommended way to deploy Compliance Scanner is with Docker Compose.

Prerequisites

  • Docker and Docker Compose installed
  • At least 4 GB of available RAM
  • Git repository access (tokens configured in .env)

Quick Start

# Clone the repository
git clone <repo-url> compliance-scanner
cd compliance-scanner

# Configure environment
cp .env.example .env
# Edit .env with your MongoDB credentials, tokens, etc.

# Start all services
docker-compose up -d

Services

The docker-compose.yml includes these services:

Service Port Description
mongo 27017 MongoDB database
agent 3001, 3002 Compliance agent (REST API + webhooks)
dashboard 8080 Web dashboard
chromium 3003 Headless browser for DAST crawling
otel-collector 4317, 4318 OpenTelemetry collector (optional)

Volumes

Volume Purpose
mongo_data Persistent MongoDB data
repos_data Cloned repository files

Checking Status

# View running services
docker-compose ps

# View logs
docker-compose logs -f agent
docker-compose logs -f dashboard

# Restart a service
docker-compose restart agent

Accessing the Dashboard

Once running, open http://localhost:8080 in your browser.

If Keycloak authentication is configured, you'll be redirected to sign in. Otherwise, the dashboard is accessible directly.

Updating

# Pull latest changes
git pull

# Rebuild and restart
docker-compose up -d --build

Production Considerations

MongoDB

For production, use a managed MongoDB instance or configure replication:

MONGODB_URI=mongodb+srv://user:pass@cluster.mongodb.net/compliance_scanner

Reverse Proxy

Place the dashboard behind a reverse proxy (nginx, Caddy, Traefik) with TLS:

server {
    listen 443 ssl;
    server_name compliance.example.com;

    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Resource Limits

Add resource limits to Docker Compose for production:

services:
  agent:
    deploy:
      resources:
        limits:
          memory: 2G
          cpus: '2.0'
  dashboard:
    deploy:
      resources:
        limits:
          memory: 512M
          cpus: '1.0'
Reference in New Issue View Git Blame Copy Permalink