sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bf5a45c958a00d24d902b9cd67cb754f4bf66a6f
compliance-scanner-agent/docs/deployment/docker.md
Sharang Parnerkar 94552d1626
All checks were successful
CI / Format (push) Successful in 3s
Details
CI / Clippy (push) Successful in 3m13s
Details
CI / Security Audit (push) Has been skipped
Details
CI / Tests (push) Has been skipped
Details
Add VitePress documentation site with complete user guides 
Covers getting started, repositories, scanning, findings, configuration,
SBOM, code graph, impact analysis, DAST, AI chat, issue tracker integration,
Docker deployment, environment variables, Keycloak auth, and OpenTelemetry.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 01:18:58 +01:00

2.6 KiB
Raw Blame History

Docker Compose Deployment

The recommended way to deploy Compliance Scanner is with Docker Compose.

Prerequisites

  • Docker and Docker Compose installed
  • At least 4 GB of available RAM
  • Git repository access (tokens configured in .env)

Quick Start

# Clone the repository
git clone <repo-url> compliance-scanner
cd compliance-scanner

# Configure environment
cp .env.example .env
# Edit .env with your MongoDB credentials, tokens, etc.

# Start all services
docker-compose up -d

Services

The docker-compose.yml includes these services:

Service Port Description
mongo 27017 MongoDB database
agent 3001, 3002 Compliance agent (REST API + webhooks)
dashboard 8080 Web dashboard
chromium 3003 Headless browser for DAST crawling
otel-collector 4317, 4318 OpenTelemetry collector (optional)

Volumes

Volume Purpose
mongo_data Persistent MongoDB data
repos_data Cloned repository files

Checking Status

# View running services
docker-compose ps

# View logs
docker-compose logs -f agent
docker-compose logs -f dashboard

# Restart a service
docker-compose restart agent

Accessing the Dashboard

Once running, open http://localhost:8080 in your browser.

If Keycloak authentication is configured, you'll be redirected to sign in. Otherwise, the dashboard is accessible directly.

Updating

# Pull latest changes
git pull

# Rebuild and restart
docker-compose up -d --build

Production Considerations

MongoDB

For production, use a managed MongoDB instance or configure replication:

MONGODB_URI=mongodb+srv://user:pass@cluster.mongodb.net/compliance_scanner

Reverse Proxy

Place the dashboard behind a reverse proxy (nginx, Caddy, Traefik) with TLS:

server {
    listen 443 ssl;
    server_name compliance.example.com;

    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Resource Limits

Add resource limits to Docker Compose for production:

services:
  agent:
    deploy:
      resources:
        limits:
          memory: 2G
          cpus: '2.0'
  dashboard:
    deploy:
      resources:
        limits:
          memory: 512M
          cpus: '1.0'
Reference in New Issue View Git Blame Copy Permalink