Docker image¶
Get Docker¶
The first step is to download and install Docker on your platform. Refer to the following Docker documentation and choose the best installation path for you: Get Docker
Build the Image¶
VulnerableCode is distributed with Dockerfile
and docker-compose.yml
files
required for the creation of the Docker image.
Clone the git VulnerableCode repo, create an environment file, and build the Docker image:
git clone https://github.com/nexB/vulnerablecode.git && cd vulnerablecode
make envfile
docker-compose build
Note
The image will need to be re-built when the VulnerableCode app source code is
modified or updated via
docker-compose build --no-cache vulnerablecode
Run the Image¶
Run your image as a container
docker-compose up
At this point, the VulnerableCode app should be running at port 8000
on your Docker host.
Go to http://localhost:8000/ on a web browser to access the web UI.
Optionally, you can set NGINX_PORT
environment variable in your shell or in the .env file
to run on a different port than 8000.
Note
To access a dockerized VulnerableCode app from a remote location, the ALLOWED_HOSTS
setting need to be provided in your docker.env
file:
ALLOWED_HOSTS=.domain.com,127.0.0.1
Refer to Django ALLOWED_HOSTS settings for documentation.
Warning
Serving VulnerableCode on a network could lead to security issues and there are several steps that may be needed to secure such a deployment. Currently, this is not recommendend.
Invoke the importers¶
Connect to the Docker container bash
.
From here you can access manage.py
and run management commands
to import data as specified in the Data import section and
run commands for the importers from there
For example:
docker-compose exec vulnerablecode bash
./manage.py import --list