Docker

The repository contains a Dockerfile designed to build and quickly get started with CVEScan.

Image Build

Docker, with BuildKit enable is needed for this step

At the root of the repository, run the following command:

docker build -t cvescan -f ./docker/Dockerfile .

This will build the CVEScan image.

Warning

For compatibility with microprocessors not supporting Advanced Vector Extensions (AVX) add the --build-arg LTS_CPU=1 to you docker build command.

Usage

To use the image, simply run:

docker run \
    -v "$CVESCAN_WORKDIR:/home/user/workdir" \
    -v "$CVESCAN_SOURCES:/home/user/.local/share/cvescan" \
    -v "$CVESCAN_CACHE:/home/user/.cache/cvescan" \
    -v ~/.ssh:/home/user/.ssh:ro \
    -e uid=$(id -u) \
    -e gid=$(id -g) \
    -p 8000:8000 \
    -it --rm cvescan
  • CVESCAN_WORKDIR needs to be set to an absolute path of a directory that will be shared with the container.
  • CVESCAN_SOURCES should be set to the directory which will contain the databases. If you already have them, the expected directory structure is as follows: 
    CVESCAN_SOURCES
    ├── linux
    ├── nvd
    └── uct
  • CVESCAN_CACHE should also be set to the directory which will contain CVEScan's cache. If you already have a cache, the expected directory structure is as follows: 
    CVESCAN_CACHE
    └── cache

IMPORTANT: Anything outside the above specified volumes will either not be accessible or not persisted.

Special note

To serve the UI with cvescan in the container, the command require an additional flag. 

cvescan serve-ui --host "0.0.0.0"