Configuration

The Vulnerability Scanner system is highly configurable using environment variables. This allows you to deploy the application in different environments (development, testing, production) without changing the code.

You can set these variables in two ways: 1. Environment Variables: Export them in your shell or define them in your container orchestration (e.g., Kubernetes, Docker Compose). 2. .env File: Create a file named .env in the project root. The application will automatically read this file.

Note

For Docker Compose deployments, we recommend creating a .env file alongside your docker-compose.yml. The provided docker-compose.yml is configured to read from this file.

Core Configuration

These settings control the basic behavior and security of the application.

  • PROJECT_NAME: The name of the project (default: “Vulnerability Scanner”).

  • API_V1_STR: The API version string (default: “/api/v1”).

  • DEBUG: Set to true to enable debug mode (default: false).

  • SECRET_KEY: A secure random string used for signing JWT tokens and cryptographic operations. Change this in production! (default: “insecure-secret-key-replace-me”).

  • ACCESS_TOKEN_EXPIRE_MINUTES: Minutes before an access token expires (default: 30).

  • ALGORITHM: Encryption algorithm for tokens (default: “HS256”).

  • BACKEND_CORS_ORIGINS: A JSON-formatted list of origins allowed to access the API (e.g., ["http://localhost:3000", "https://my-app.com"]).

Database Configuration

Settings for connecting to the MariaDB/MySQL database.

  • DB_HOST: Hostname of the database server (default: “db”).

  • DB_PORT: Database port (default: 3306).

  • DB_USER: Database username (default: “user” in dev, via secrets in prod).

  • DB_PASSWORD: Database password.

  • DB_NAME: Database name (default: “vulnerabilityhub”).

  • DATABASE_URL: (Optional) Full connection string. Defaults to mysql+pymysql://USER:PASS@HOST:PORT/NAME.

Email Configuration

Settings for sending email notifications.

  • SMTP_SERVER: SMTP server hostname (default: “mailhog”).

  • SMTP_PORT: SMTP server port (default: 1025).

  • SMTP_USER: SMTP username (optional).

  • SMTP_PASSWORD: SMTP password (optional).

  • SMTP_SENDER: The email address showing in the “From” field (default: “VulnerabilityHub <noreply@localhost>”).

  • SMTP_USE_TLS: Set to true to use implicit TLS (typically port 465). (default: false).

  • SMTP_USE_STARTTLS: Set to true to use explicit STARTTLS (typically port 587). (default: false).

Rate Limiting

Control the rate limiting behavior for API endpoints.

  • RATE_LIMIT_STORAGE_URL: Connection string/type for rate limit storage. Defaults to memory:// (in-memory, per-process). Use redis://redis:6379 for distributed limiting.

  • REDIS_URL: (Deprecated/Legacy) Alternative way to specify Redis URL if used.

Other Settings

  • Mapping Config: The path to the mapping configuration file is handled via src/backend/mapping_config.yaml or similar internal paths, typically not changed via env vars unless customizing the volume mount.