sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bf5a45c958a00d24d902b9cd67cb754f4bf66a6f
compliance-scanner-agent/docs/guide/configuration.md
Sharang Parnerkar 94552d1626
All checks were successful
CI / Format (push) Successful in 3s
Details
CI / Clippy (push) Successful in 3m13s
Details
CI / Security Audit (push) Has been skipped
Details
CI / Tests (push) Has been skipped
Details
Add VitePress documentation site with complete user guides 
Covers getting started, repositories, scanning, findings, configuration,
SBOM, code graph, impact analysis, DAST, AI chat, issue tracker integration,
Docker deployment, environment variables, Keycloak auth, and OpenTelemetry.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 01:18:58 +01:00

3.9 KiB
Raw Blame History

Configuration

Compliance Scanner is configured through environment variables. Copy .env.example to .env and edit the values.

Required Settings

MongoDB

MONGODB_URI=mongodb://root:example@localhost:27017/compliance_scanner?authSource=admin
MONGODB_DATABASE=compliance_scanner

Agent

AGENT_PORT=3001

Dashboard

DASHBOARD_PORT=8080
AGENT_API_URL=http://localhost:3001

LLM Configuration

The AI features (chat, remediation suggestions) use LiteLLM as a proxy to various LLM providers:

LITELLM_URL=http://localhost:4000
LITELLM_API_KEY=your-key
LITELLM_MODEL=gpt-4o
LITELLM_EMBED_MODEL=text-embedding-3-small

The embed model is used for the RAG/AI Chat feature to generate code embeddings.

Git Provider Tokens

GitHub

GITHUB_TOKEN=ghp_xxxx
GITHUB_WEBHOOK_SECRET=your-webhook-secret

GitLab

GITLAB_URL=https://gitlab.com
GITLAB_TOKEN=glpat-xxxx
GITLAB_WEBHOOK_SECRET=your-webhook-secret

Issue Tracker Integration

Jira

JIRA_URL=https://your-org.atlassian.net
JIRA_EMAIL=user@example.com
JIRA_API_TOKEN=your-api-token
JIRA_PROJECT_KEY=SEC

When configured, new findings automatically create Jira issues in the specified project.

Scan Schedules

Cron expressions for automated scanning:

# Scan every 6 hours
SCAN_SCHEDULE=0 0 */6 * * *

# Check for new CVEs daily at midnight
CVE_MONITOR_SCHEDULE=0 0 0 * * *

Search Engine

SearXNG is used for CVE enrichment and vulnerability research:

SEARXNG_URL=http://localhost:8888

NVD API

An NVD API key increases rate limits for CVE lookups:

NVD_API_KEY=your-nvd-api-key

Get a free key at https://nvd.nist.gov/developers/request-an-api-key.

Clone Path

Where the agent stores cloned repository files:

GIT_CLONE_BASE_PATH=/tmp/compliance-scanner/repos

All Environment Variables

Variable Required Default Description
MONGODB_URI Yes MongoDB connection string
MONGODB_DATABASE No compliance_scanner Database name
AGENT_PORT No 3001 Agent REST API port
DASHBOARD_PORT No 8080 Dashboard web UI port
AGENT_API_URL No http://localhost:3001 Agent URL for dashboard
LITELLM_URL No http://localhost:4000 LiteLLM proxy URL
LITELLM_API_KEY No LiteLLM API key
LITELLM_MODEL No gpt-4o LLM model for analysis
LITELLM_EMBED_MODEL No text-embedding-3-small Embedding model for RAG
GITHUB_TOKEN No GitHub personal access token
GITHUB_WEBHOOK_SECRET No GitHub webhook signing secret
GITLAB_URL No https://gitlab.com GitLab instance URL
GITLAB_TOKEN No GitLab access token
GITLAB_WEBHOOK_SECRET No GitLab webhook signing secret
JIRA_URL No Jira instance URL
JIRA_EMAIL No Jira account email
JIRA_API_TOKEN No Jira API token
JIRA_PROJECT_KEY No Jira project key for issues
SEARXNG_URL No http://localhost:8888 SearXNG instance URL
NVD_API_KEY No NVD API key for CVE lookups
SCAN_SCHEDULE No 0 0 */6 * * * Cron schedule for scans
CVE_MONITOR_SCHEDULE No 0 0 0 * * * Cron schedule for CVE checks
GIT_CLONE_BASE_PATH No /tmp/compliance-scanner/repos Local clone directory
KEYCLOAK_URL No Keycloak server URL
KEYCLOAK_REALM No Keycloak realm name
KEYCLOAK_CLIENT_ID No Keycloak client ID
REDIRECT_URI No OAuth callback URL
APP_URL No Application root URL
OTEL_EXPORTER_OTLP_ENDPOINT No OTLP collector endpoint
OTEL_SERVICE_NAME No OpenTelemetry service name
Reference in New Issue View Git Blame Copy Permalink