Deploy on Docker

In this tutorial you will be guided through the necessary steps to set-up the Eclipse Steady backend services.

Important Remark

The setup obtained following these instructions is meant for demonstration purposes. It shall not be used in productive scenarios (both for security and scalability concerns).

Pre-requisites

  • git
  • docker
  • docker-compose

Installation

Setup

Clone locally the Steady repository

git clone https://github.com/eclipse/steady.git

Customize the file docker/.env to match your needs, make sure you set the version you want to run in VULAS_RELEASE.

cp docker/.env.sample docker/.env

In docker/.env you must configure at least POSTGRES_USER=, you should also configure the HAPROXY's user and password as well as the credentials to access the bugs' frontend

Run

You are now ready to run the system:

(cd docker && docker-compose up -d --build)

To check if everything started successfully, check the page http://localhost:8033/haproxy?stats. All endpoints should appear as green (you may want to replace localhost with the actual hostname of your machine).

Credentials and start up time

username and password can be found in your .env file, be also advised that rest-backend could take more than 30 seconds to be available to answer HTTP requests

Populate/maintain the vulnerability database

In order for the tool to detect vulnerabilities, you need to import and analyze them first so that they are available in the tool's vulnerability database. Large part of CVE's and bugs are open sourced in vulnerability-assessment-kb.

Follow the instructions mentioned here, to import and build all the vulnerabilities' knowledge.


Get going:

  1. Import all the CVEs and bugs in your local database
  2. Setup your workspace (if you don't have one)
  3. Become familiar with the various analysis goals (first time users)
  4. Analyze your Java or Python application (on a regular basis)
  5. Assess findings using the apps Web frontend (following every analysis)

Further links: