Configuration

API server

Environment Variable	Required	Default	Values	Description
`OPENCLARITY_APISERVER_LISTEN_ADDRESS`		`0.0.0.0:8888`		Address of the API Server to send requests to. Example: `localhost:8890`
`OPENCLARITY_APISERVER_HEALTHCHECK_ADDRESS`		`0.0.0.0:8081`		Bind address to used by the API Server for `healthz` endpoint. Example: `localhost:8082` which will make the health endpoints be available at `localhost:8082/healthz/live` and `localhost:8082/healthz/ready`.
`OPENCLARITY_APISERVER_DATABASE_DRIVER`	yes	`LOCAL`	`LOCAL`, `POSTGRES`	Database driver type. `LOCAL` = SQLite, `POSTGRES` = PostgreSQL.
`OPENCLARITY_APISERVER_DB_NAME`	If `OPENCLARITY_APISERVER_DATABASE_DRIVER` is `POSTGRES`			Database name.
`OPENCLARITY_APISERVER_DB_USER`	If `OPENCLARITY_APISERVER_DATABASE_DRIVER` is `POSTGRES`			Database user.
`OPENCLARITY_APISERVER_DB_PASS`	If `OPENCLARITY_APISERVER_DATABASE_DRIVER` is `POSTGRES`			Database user password.
`OPENCLARITY_APISERVER_DB_HOST`	If `OPENCLARITY_APISERVER_DATABASE_DRIVER` is `POSTGRES`			Database host, e.g. `postgresql`.
`OPENCLARITY_APISERVER_DB_PORT`	If `OPENCLARITY_APISERVER_DATABASE_DRIVER` is `POSTGRES`			Database port, e.g. `5432`.
`OPENCLARITY_APISERVER_ENABLE_DB_INFO_LOGS`		`false`		Boolean value whether to enable info logs of the database or not.
`OPENCLARITY_APISERVER_LOCAL_DB_PATH`	If `OPENCLARITY_APISERVER_DATABASE_DRIVER` is `LOCAL`			Path of the database, if `LOCAL` is used as databse driver, e.g. `/data/openclarity.db`.

Orchestrator

Environment Variable	Required	Default	Values	Description
`OPENCLARITY_ORCHESTRATOR_PROVIDER`	yes	`aws`	`aws`, `azure`, `gcp`, `docker`	Provider used for Asset discovery and scans.
`OPENCLARITY_ORCHESTRATOR_APISERVER_ADDRESS`	yes			The URL for the API Server used by the Orchestrator to interact with the API. Example: `https://apiserver.example.com:8888/api`
`OPENCLARITY_ORCHESTRATOR_HEALTHCHECK_ADDRESS`		`:8082`		Bind address to used by the Orchestrator for `healthz` endpoint. Example: `localhost:8082` which will make the health endpoints be available at `localhost:8082/healthz/live` and `localhost:8082/healthz/ready`.
`OPENCLARITY_ORCHESTRATOR_DISCOVERY_INTERVAL`		`2m`		How frequently the Discovery perform discovery of Assets.
`OPENCLARITY_ORCHESTRATOR_CONTROLLER_STARTUP_DELAY`		`7s`		The time interval to wait between controller startups. Do NOT change this parameter unless you know what you are doing.
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_POLL_PERIOD`		`15s`		How frequently poll the API for events related AssetScan objects.
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_RECONCILE_TIMEOUT`		`5m`		Time period for reconciling a AssetScan event is allowed to run.
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_ABORT_TIMEOUT`		`10m`		Time period to wait for the Scanner to gracefully stop on-going scan for AssetScan before setting the state of the AssetScan to `Failed`.
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_DELETE_POLICY`		`Always`	`Always`, `Never`, `OnSuccess`	Whether to delete resources (disk snapshot, container snapshot/images) or not based on the status of the AssetScan. `Always` means the AssetScan is deleted no matter if it failed or not. `Never` skip cleaning up the resources created for scanning. `OnSuccess` means that cleanup is happening only iun case the AssetScan was successful.
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_CONTAINER_IMAGE`	yes			The Scanner container image used for running scans.
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_FRESHCLAM_MIRROR`
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_APISERVER_ADDRESS`				The URL for the API Server used by the Scanner to interact with the API. Example: `https://apiserver.example.com:8888/api`
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_EXPLOITSDB_ADDRESS`				The URL for the ExploitsDB Server used by the Scanner.
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_TRIVY_SERVER_ADDRESS`				The URL for the Trivy Server used by the Scanner.
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_TRIVY_SERVER_TIMEOUT`		`5m`
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_GRYPE_SERVER_ADDRESS`				The URL for the Grype Server used by the Scanner.
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_GRYPE_SERVER_TIMEOUT`		`2m`
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_WATCHER_SCANNER_YARA_RULE_SERVER_ADDRESS`				The URL for the Yara Rule Server used by the Scanner.
`OPENCLARITY_ORCHESTRATOR_SCANCONFIG_WATCHER_POLL_PERIOD`				How frequently the ScanConfig Watcher poll the API for events related ScanConfig objects.
`OPENCLARITY_ORCHESTRATOR_SCANCONFIG_WATCHER_RECONCILE_TIMEOUT`				Time period which a reconciliation for a ScanConfig event is allowed to run.
`OPENCLARITY_ORCHESTRATOR_SCAN_WATCHER_POLL_PERIOD`				How frequently the AssetScan Watcher poll the API for events related Scan objects.
`OPENCLARITY_ORCHESTRATOR_SCAN_WATCHER_RECONCILE_TIMEOUT`				Time period for reconciling a Scan event is allowed to run.
`OPENCLARITY_ORCHESTRATOR_SCAN_WATCHER_SCAN_TIMEOUT`				Time period to wait for the Scan finish before marked it's state as `Failed` with `Timeout` as a reason.
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_PROCESSOR_POLL_PERIOD`				How frequently the AssetScan Processor poll the API for events related AssetScan objects.
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_PROCESSOR_RECONCILE_TIMEOUT`				Time period for processing for a AssetScan result is allowed to run.
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_ESTIMATION_WATCHER_POLL_PERIOD`		`5s`
`OPENCLARITY_ORCHESTRATOR_ASSETSCAN_ESTIMATION_WATCHER_RECONCILE_TIMEOUT`		`15s`
`OPENCLARITY_ORCHESTRATOR_SCAN_ESTIMATION_WATCHER_POLL_PERIOD`		`5s`
`OPENCLARITY_ORCHESTRATOR_SCAN_ESTIMATION_WATCHER_RECONCILE_TIMEOUT`		`2m`
`OPENCLARITY_ORCHESTRATOR_SCAN_ESTIMATION_WATCHER_ESTIMATION_TIMEOUT`		`48h`

Provider

AWS

Environment Variable	Required	Default	Description
`OPENCLARITY_AWS_REGION`	yes		Region where the Scanner instance needs to be created
`OPENCLARITY_AWS_SUBNET_ID`	yes		SubnetID where the Scanner instance needs to be created
`OPENCLARITY_AWS_SECURITY_GROUP_ID`	yes		SecurityGroupId which needs to be attached to the Scanner instance
`OPENCLARITY_AWS_KEYPAIR_NAME`			Name of the SSH KeyPair to use for Scanner instance launch
`OPENCLARITY_AWS_SCANNER_INSTANCE_ARCHITECTURE`		`x86_64`	Architecture to be used for Scanner instance. The Provider will use this value to lookup for instance details in `OPENCLARITY_AWS_SCANNER_INSTANCE_ARCHITECTURE_TO_TYPE_MAPPING` and `OPENCLARITY_AWS_SCANNER_INSTANCE_ARCHITECTURE_TO_AMI_MAPPING`.
`OPENCLARITY_AWS_SCANNER_INSTANCE_ARCHITECTURE_TO_TYPE_MAPPING`		`x86_64:t3.large,arm64:t4g.large`	Comma separated list of architecture:instance_type pairs used for OpenClarity Scanner instance
`OPENCLARITY_AWS_SCANNER_INSTANCE_ARCHITECTURE_TO_AMI_MAPPING`		`x86_64:ami-03f1cc6c8b9c0b899,arm64:ami-06972d841707cc4cf`	Comma separated list of architecture:ami_id pairs used for OpenClarity Scanner instance
`OPENCLARITY_AWS_BLOCK_DEVICE_NAME`		`xvdh`	Block device name used for attaching Scanner volume to the Scanner instance

UI backend

Environment Variable	Required	Default	Description
`OPENCLARITY_UIBACKEND_APISERVER_ADDRESS`	yes		The URL for the API Server used by the UI backend to interact with the API. Example: `https://apiserver.example.com:8888/api`
`OPENCLARITY_UIBACKEND_LISTEN_ADDRESS`		`0.0.0.0:8890`	Address of the UI backend to send requests to. Example: `localhost:8890`
`OPENCLARITY_UIBACKEND_HEALTHCHECK_ADDRESS`		`0.0.0.0:8083`	Bind address to used by the UI backend for `healthz` endpoint. Example: `localhost:8082` which will make the health endpoints be available at `localhost:8083/healthz/live` and `localhost:8083/healthz/ready`.

Last modified September 12, 2024: feat: load content from openclarity repo (#50) (78daf3a)