sharang/compliance-scanner-agent

Fork 0

Files

Sharang Parnerkar 7e12d1433a

CI / Clippy (push) Successful in 3m17s

Details

CI / Security Audit (push) Successful in 1m36s

Details

CI / Format (push) Successful in 2s

Details

CI / Tests (push) Successful in 4m38s

Details

docs: added vite-press docs (#4 )

Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com>
Reviewed-on: #4

2026-03-08 13:59:50 +00:00

3.9 KiB

Raw Blame History

Configuration

Compliance Scanner is configured through environment variables. Copy .env.example to .env and edit the values.

Required Settings

MongoDB

MONGODB_URI=mongodb://root:example@localhost:27017/compliance_scanner?authSource=admin
MONGODB_DATABASE=compliance_scanner

Agent

AGENT_PORT=3001

Dashboard

DASHBOARD_PORT=8080
AGENT_API_URL=http://localhost:3001

LLM Configuration

The AI features (chat, remediation suggestions) use LiteLLM as a proxy to various LLM providers:

LITELLM_URL=http://localhost:4000
LITELLM_API_KEY=your-key
LITELLM_MODEL=gpt-4o
LITELLM_EMBED_MODEL=text-embedding-3-small

The embed model is used for the RAG/AI Chat feature to generate code embeddings.

Git Provider Tokens

GitHub

GITHUB_TOKEN=ghp_xxxx
GITHUB_WEBHOOK_SECRET=your-webhook-secret

GitLab

GITLAB_URL=https://gitlab.com
GITLAB_TOKEN=glpat-xxxx
GITLAB_WEBHOOK_SECRET=your-webhook-secret

Issue Tracker Integration

Jira

JIRA_URL=https://your-org.atlassian.net
JIRA_EMAIL=user@example.com
JIRA_API_TOKEN=your-api-token
JIRA_PROJECT_KEY=SEC

When configured, new findings automatically create Jira issues in the specified project.

Scan Schedules

Cron expressions for automated scanning:

# Scan every 6 hours
SCAN_SCHEDULE=0 0 */6 * * *

# Check for new CVEs daily at midnight
CVE_MONITOR_SCHEDULE=0 0 0 * * *

Search Engine

SearXNG is used for CVE enrichment and vulnerability research:

SEARXNG_URL=http://localhost:8888

NVD API

An NVD API key increases rate limits for CVE lookups:

NVD_API_KEY=your-nvd-api-key

Get a free key at https://nvd.nist.gov/developers/request-an-api-key.

Clone Path

Where the agent stores cloned repository files:

GIT_CLONE_BASE_PATH=/tmp/compliance-scanner/repos

All Environment Variables

Variable	Required	Default	Description
`MONGODB_URI`	Yes	—	MongoDB connection string
`MONGODB_DATABASE`	No	`compliance_scanner`	Database name
`AGENT_PORT`	No	`3001`	Agent REST API port
`DASHBOARD_PORT`	No	`8080`	Dashboard web UI port
`AGENT_API_URL`	No	`http://localhost:3001`	Agent URL for dashboard
`LITELLM_URL`	No	`http://localhost:4000`	LiteLLM proxy URL
`LITELLM_API_KEY`	No	—	LiteLLM API key
`LITELLM_MODEL`	No	`gpt-4o`	LLM model for analysis
`LITELLM_EMBED_MODEL`	No	`text-embedding-3-small`	Embedding model for RAG
`GITHUB_TOKEN`	No	—	GitHub personal access token
`GITHUB_WEBHOOK_SECRET`	No	—	GitHub webhook signing secret
`GITLAB_URL`	No	`https://gitlab.com`	GitLab instance URL
`GITLAB_TOKEN`	No	—	GitLab access token
`GITLAB_WEBHOOK_SECRET`	No	—	GitLab webhook signing secret
`JIRA_URL`	No	—	Jira instance URL
`JIRA_EMAIL`	No	—	Jira account email
`JIRA_API_TOKEN`	No	—	Jira API token
`JIRA_PROJECT_KEY`	No	—	Jira project key for issues
`SEARXNG_URL`	No	`http://localhost:8888`	SearXNG instance URL
`NVD_API_KEY`	No	—	NVD API key for CVE lookups
`SCAN_SCHEDULE`	No	`0 0 /6 * *`	Cron schedule for scans
`CVE_MONITOR_SCHEDULE`	No	`0 0 0 * * *`	Cron schedule for CVE checks
`GIT_CLONE_BASE_PATH`	No	`/tmp/compliance-scanner/repos`	Local clone directory
`KEYCLOAK_URL`	No	—	Keycloak server URL
`KEYCLOAK_REALM`	No	—	Keycloak realm name
`KEYCLOAK_CLIENT_ID`	No	—	Keycloak client ID
`REDIRECT_URI`	No	—	OAuth callback URL
`APP_URL`	No	—	Application root URL
`OTEL_EXPORTER_OTLP_ENDPOINT`	No	—	OTLP collector endpoint
`OTEL_SERVICE_NAME`	No	—	OpenTelemetry service name

3.9 KiB Raw Blame History

Configuration

Required Settings

MongoDB

Agent

Dashboard

LLM Configuration

Git Provider Tokens

GitHub

GitLab

Issue Tracker Integration

Jira

Scan Schedules

Search Engine

NVD API

Clone Path

All Environment Variables

3.9 KiB

Raw Blame History