Add: Add a docker compose file for easy usage of the tools

It's possible to run the tools via `cd docker && docker compose up` now.
greenbone · Mar 20, 2024 · 5d15484 · 5d15484
1 parent 4b49daf
commit 5d15484
Show file tree

Hide file tree

Showing 2 changed files with 79 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -17,6 +17,7 @@ into a PostgreSQL database.
   - [Install using pipx](#install-using-pipx)
   - [Install using pip](#install-using-pip)
 - [Usage](#usage)
+- [Docker Compose](#docker-compose)
 - [Command Completion](#command-completion)
   - [Setup for bash](#setup-for-bash)
   - [Setup for zsh](#setup-for-zsh)
@@ -64,6 +65,38 @@ All three tools require to setup a PostgreSQL database to work correctly. The
 parameters for the PostgreSQL database like host, port, username and password
 can be set via environment variables or passed as CLI arguments.
 
+## Docker Compose
+
+The tool is easiest to use via the provided [docker compose](https://docs.docker.com/compose/)
+[file](./docker/compose.yml). For a quick setup the following commands can be
+used:
+
+```sh
+cd docker
+echo "DATABASE_PASSWORD=my-super-safe-password" > .env
+docker compose up
+```
+
+Additionally a [NIST API key](https://nvd.nist.gov/developers/request-an-api-key)
+can be used to lower the rate limits for the download.
+
+```sh
+echo "NVD_API_KEY=my-nist-api-key" >> .env
+```
+
+On the first startup all CPE and CVE information will we downloaded. At the next
+startup only the changed and new CPEs and CVEs since the last download are
+updated or created.
+
+To only download CPEs run `docker compose up cpe` and to only download CVEs
+`docker compose up cve`.
+
+To re-download and re-update all CPE and CVE information the data volume can be
+deleted by running `docker volume rm greenbone-scap_data`.
+
+To restart from scratch all containers have to be shutdown and the volumes have
+to be removed. This can be done by running `docker compose down -v`.
+
 ## Command Completion
 
 `greenbone-scap` comes with support for command line completion in bash and zsh.

diff --git a/docker/compose.yml b/docker/compose.yml
@@ -0,0 +1,46 @@
+name: greenbone-scap
+
+services:
+  db:
+    image: postgres:15-bookworm
+    restart: always
+    environment:
+      POSTGRES_DB: scap
+      POSTGRES_USER: scap
+      POSTGRES_PASSWORD: ${DATABASE_PASSWORD}
+    volumes:
+      - postgres:/var/lib/postgresql/data
+    ports:
+      - 5432:5432
+
+  cve:
+    image: ghcr.io/greenbone/greenbone-scap
+    depends_on:
+      - db
+    environment:
+      DATABASE_HOST: db
+      DATABASE_NAME: scap
+      DATABASE_USER: scap
+      DATABASE_PASSWORD: ${DATABASE_PASSWORD}
+      NVD_API_KEY: ${NVD_API_KEY}
+    volumes:
+      - data:/mnt/data
+    command: ["greenbone-cve-download", "--since-from-file", "/mnt/data/last-cve-download", "--store-runtime", "/mnt/data/last-cve-download"]
+
+  cpe:
+    image: ghcr.io/greenbone/greenbone-scap
+    depends_on:
+      - db
+    environment:
+      DATABASE_HOST: db
+      DATABASE_NAME: scap
+      DATABASE_USER: scap
+      DATABASE_PASSWORD: ${DATABASE_PASSWORD}
+      NVD_API_KEY: ${NVD_API_KEY}
+    volumes:
+      - data:/mnt/data
+    command: ["greenbone-cpe-download", "--since-from-file", "/mnt/data/last-cpe-download", "--store-runtime", "/mnt/data/last-cpe-download"]
+
+volumes:
+  postgres:
+  data: