Docker Compose Deployment

The recommended way to deploy Compliance Scanner is with Docker Compose.

Prerequisites

Docker and Docker Compose installed
At least 4 GB of available RAM
Git repository access (tokens configured in .env)

Quick Start

bash

# Clone the repository
git clone <repo-url> compliance-scanner
cd compliance-scanner

# Configure environment
cp .env.example .env
# Edit .env with your MongoDB credentials, tokens, etc.

# Start all services
docker-compose up -d

Services

The docker-compose.yml includes these services:

Service	Port	Description
`mongo`	27017	MongoDB database
`agent`	3001, 3002	Compliance agent (REST API + webhooks)
`dashboard`	8080	Web dashboard
`chromium`	3003	Headless browser for DAST crawling
`otel-collector`	4317, 4318	OpenTelemetry collector (optional)

Volumes

Volume	Purpose
`mongo_data`	Persistent MongoDB data
`repos_data`	Cloned repository files

Checking Status

bash

# View running services
docker-compose ps

# View logs
docker-compose logs -f agent
docker-compose logs -f dashboard

# Restart a service
docker-compose restart agent

Accessing the Dashboard

Once running, open http://localhost:8080 in your browser.

If Keycloak authentication is configured, you'll be redirected to sign in. Otherwise, the dashboard is accessible directly.

Updating

bash

# Pull latest changes
git pull

# Rebuild and restart
docker-compose up -d --build

Production Considerations

MongoDB

For production, use a managed MongoDB instance or configure replication:

bash

MONGODB_URI=mongodb+srv://user:pass@cluster.mongodb.net/compliance_scanner

Reverse Proxy

Place the dashboard behind a reverse proxy (nginx, Caddy, Traefik) with TLS:

nginx

server {
    listen 443 ssl;
    server_name compliance.example.com;

    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Resource Limits

Add resource limits to Docker Compose for production:

yaml

services:
  agent:
    deploy:
      resources:
        limits:
          memory: 2G
          cpus: '2.0'
  dashboard:
    deploy:
      resources:
        limits:
          memory: 512M
          cpus: '1.0'

Docker Compose Deployment ​

Prerequisites ​

Quick Start ​

Services ​

Volumes ​

Checking Status ​

Accessing the Dashboard ​

Updating ​

Production Considerations ​

MongoDB ​

Reverse Proxy ​

Resource Limits ​

Docker Compose Deployment

Prerequisites

Quick Start

Services

Volumes

Checking Status

Accessing the Dashboard

Updating

Production Considerations

MongoDB

Reverse Proxy

Resource Limits