Deploy on Docker¶
In this tutorial you will be guided through the necessary steps to set-up the Eclipse Steady backend services.
The setup obtained following these instructions is meant for demonstration purposes. It shall not be used in productive scenarios (both for security and scalability concerns).
Clone locally the
git clone https://github.com/eclipse/steady.git
Customize the file
docker/.env to match your needs, make sure you set the version you want to run in VULAS_RELEASE.
cp docker/.env.sample docker/.env
docker/.envyou must configure at least
POSTGRES_USER=, you should also configure the
HAPROXY's user and password as well as the credentials to access the bugs' frontend
You are now ready to run the system:
(cd docker && docker-compose up -d --build)
To check if everything started successfully, check the page
http://localhost:8033/haproxy?stats. All endpoints should appear as green (you may want to replace
localhost with the actual hostname of your machine).
Credentials and start up time
password can be found in your
.env file, be also advised that
rest-backend could take more than 30 seconds to be available to answer HTTP requests
Populate/maintain the vulnerability database¶
In order for the tool to detect vulnerabilities, you need to import and analyze them first so that they are available in the tool's vulnerability database. Large part of CVE's and bugs are open sourced in vulnerability-assessment-kb.
Follow the instructions mentioned here, to import and build all the vulnerabilities' knowledge.
- Import all the CVEs and bugs in your local database
- Setup your workspace (if you don't have one)
- Become familiar with the various analysis goals (first time users)
- Analyze your Java or Python application (on a regular basis)
- Assess findings using the apps Web frontend (following every analysis)