sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
be019b5d4c16189226ac8384871779c37b4c7ba9
compliance-scanner-agent/docs/deployment/docker.md
Sharang Parnerkar 7e12d1433a
All checks were successful
CI / Clippy (push) Successful in 3m17s
Details
CI / Security Audit (push) Successful in 1m36s
Details
CI / Format (push) Successful in 2s
Details
CI / Tests (push) Successful in 4m38s
Details
docs: added vite-press docs (#4) 
Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com>
Reviewed-on: #4
2026-03-08 13:59:50 +00:00

126 lines
2.6 KiB
Markdown
Raw Blame History

# Docker Compose Deployment
The recommended way to deploy Compliance Scanner is with Docker Compose.
## Prerequisites
- Docker and Docker Compose installed
- At least 4 GB of available RAM
- Git repository access (tokens configured in `.env`)
## Quick Start
```bash
# Clone the repository
git clone <repo-url> compliance-scanner
cd compliance-scanner
# Configure environment
cp .env.example .env
# Edit .env with your MongoDB credentials, tokens, etc.
# Start all services
docker-compose up -d
```
## Services
The `docker-compose.yml` includes these services:
| Service | Port | Description |
|---------|------|-------------|
| `mongo` | 27017 | MongoDB database |
| `agent` | 3001, 3002 | Compliance agent (REST API + webhooks) |
| `dashboard` | 8080 | Web dashboard |
| `chromium` | 3003 | Headless browser for DAST crawling |
| `otel-collector` | 4317, 4318 | OpenTelemetry collector (optional) |
## Volumes
| Volume | Purpose |
|--------|---------|
| `mongo_data` | Persistent MongoDB data |
| `repos_data` | Cloned repository files |
## Checking Status
```bash
# View running services
docker-compose ps
# View logs
docker-compose logs -f agent
docker-compose logs -f dashboard
# Restart a service
docker-compose restart agent
```
## Accessing the Dashboard
Once running, open [http://localhost:8080](http://localhost:8080) in your browser.
If Keycloak authentication is configured, you'll be redirected to sign in. Otherwise, the dashboard is accessible directly.
## Updating
```bash
# Pull latest changes
git pull
# Rebuild and restart
docker-compose up -d --build
```
## Production Considerations
### MongoDB
For production, use a managed MongoDB instance or configure replication:
```bash
MONGODB_URI=mongodb+srv://user:pass@cluster.mongodb.net/compliance_scanner
```
### Reverse Proxy
Place the dashboard behind a reverse proxy (nginx, Caddy, Traefik) with TLS:
```nginx
server {
listen 443 ssl;
server_name compliance.example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
```
### Resource Limits
Add resource limits to Docker Compose for production:
```yaml
services:
agent:
deploy:
resources:
limits:
memory: 2G
cpus: '2.0'
dashboard:
deploy:
resources:
limits:
memory: 512M
cpus: '1.0'
```
Reference in New Issue View Git Blame Copy Permalink