Configuration ============= The Vulnerability Scanner system is highly configurable using environment variables. This allows you to deploy the application in different environments (development, testing, production) without changing the code. You can set these variables in two ways: 1. **Environment Variables**: Export them in your shell or define them in your container orchestration (e.g., Kubernetes, Docker Compose). 2. **.env File**: Create a file named ``.env`` in the project root. The application will automatically read this file. .. note:: For Docker Compose deployments, we recommend creating a ``.env`` file alongside your ``docker-compose.yml``. The provided ``docker-compose.yml`` is configured to read from this file. Core Configuration ------------------ These settings control the basic behavior and security of the application. - ``PROJECT_NAME``: The name of the project (default: "Vulnerability Scanner"). - ``API_V1_STR``: The API version string (default: "/api/v1"). - ``DEBUG``: Set to ``true`` to enable debug mode (default: ``false``). - ``SECRET_KEY``: A secure random string used for signing JWT tokens and cryptographic operations. **Change this in production!** (default: "insecure-secret-key-replace-me"). - ``ACCESS_TOKEN_EXPIRE_MINUTES``: Minutes before an access token expires (default: 30). - ``ALGORITHM``: Encryption algorithm for tokens (default: "HS256"). - ``BACKEND_CORS_ORIGINS``: A JSON-formatted list of origins allowed to access the API (e.g., ``["http://localhost:3000", "https://my-app.com"]``). Database Configuration ---------------------- Settings for connecting to the MariaDB/MySQL database. - ``DB_HOST``: Hostname of the database server (default: "db"). - ``DB_PORT``: Database port (default: 3306). - ``DB_USER``: Database username (default: "user" in dev, via secrets in prod). - ``DB_PASSWORD``: Database password. - ``DB_NAME``: Database name (default: "vulnerabilityhub"). - ``DATABASE_URL``: (Optional) Full connection string. Defaults to ``mysql+pymysql://USER:PASS@HOST:PORT/NAME``. Email Configuration ------------------- Settings for sending email notifications. - ``SMTP_SERVER``: SMTP server hostname (default: "mailhog"). - ``SMTP_PORT``: SMTP server port (default: 1025). - ``SMTP_USER``: SMTP username (optional). - ``SMTP_PASSWORD``: SMTP password (optional). - ``SMTP_SENDER``: The email address showing in the "From" field (default: "VulnerabilityHub "). - ``SMTP_USE_TLS``: Set to ``true`` to use implicit TLS (typically port 465). (default: ``false``). - ``SMTP_USE_STARTTLS``: Set to ``true`` to use explicit STARTTLS (typically port 587). (default: ``false``). Rate Limiting ------------- Control the rate limiting behavior for API endpoints. - ``RATE_LIMIT_STORAGE_URL``: Connection string/type for rate limit storage. Defaults to ``memory://`` (in-memory, per-process). Use ``redis://redis:6379`` for distributed limiting. - ``REDIS_URL``: (Deprecated/Legacy) Alternative way to specify Redis URL if used. Other Settings -------------- - ``Mapping Config``: The path to the mapping configuration file is handled via ``src/backend/mapping_config.yaml`` or similar internal paths, typically not changed via env vars unless customizing the volume mount.