Skip to content

Reference

This page documents the install.sh script: its options and commands.

For a guided first install, see Overview.

Options

Option Description Example
-h Print usage ./install.sh -h
-r Release or branch to install (default: master) ./install.sh -r v3.0.0 prepare
-f Force overwrite of existing configuration files ./install.sh -f prepare
-y Skip confirmation prompts (reset only) ./install.sh -y reset

Commands

Command When to use
prepare First install, or refresh config files
start First install (after prepare + configuration)
upgrade Update to a new version — see Operations
reset Destroy all data and reinstall — see Operations
create-superuser Create or reset the admin account
docker-build Rebuild images manually
docker-up Start containers, migrate, collect static files
init-docker-stack Bootstrap containers and connections
clone-repositories Clone KB repos into the Docker volume
import-opencve-kb Import CVEs into PostgreSQL (one-time)
start-opencve-dag Unpause all Airflow DAGs
init-secret-key Generate Django secret key
bye Display installation summary (URLs, version)

Most commands are idempotent: they skip steps already completed (existing repositories, imported CVEs, superuser, secret key, etc.).

For step-by-step installation, run individual commands from the table above instead of start.

Note

Full command details: ./install.sh -h.

init-docker-stack

Bootstraps the whole OpenCVE stack: builds and starts containers, applies migrations, collects static files, configures Airflow connections, and generates OPENCVE_SECRET_KEY if not already set.

./install.sh init-docker-stack

--------| Docker compose up (1/5)
> starting OpenCVE docker stack...
[...]
> done ✅

--------| Apply Django webserver DB migration (2/5)
> migrating DB schema with latest changes...
> done ✅

--------| Collect static files from Django webserver (3/5)
> collecting latest static files...
> done ✅

--------| Add Airflow connections (4/5)
> adding opencve_postgres Airflow connection...
> done ✅
> adding opencve_redis Airflow connection...
> done ✅

--------| Generate OpenCVE secret key (5/5)
> updating OpenCVE secret key...
> done ✅

Verify running containers:

docker ps
CONTAINER ID   IMAGE                       COMMAND                  CREATED       STATUS                 PORTS                    NAMES
9fb104f950f9   opencve-airflow-webserver   "/usr/bin/dumb-init …"   1 hour ago    Up 1 hour (healthy)    0.0.0.0:8080->8080/tcp   opencve-airflow-webserver-1
00f090d9a66c   opencve-airflow-scheduler   "/usr/bin/dumb-init …"   1 hour ago    Up 1 hour (healthy)    8080/tcp                 opencve-airflow-scheduler-1
8907176332df   opencve-airflow-worker      "/usr/bin/dumb-init …"   1 hour ago    Up 1 hour (healthy)    8080/tcp                 opencve-airflow-worker-1
d9bea2556edc   postgres:15                 "docker-entrypoint.s…"   1 hour ago    Up 1 hour (healthy)    5432/tcp                 opencve-postgres-1
672d2db6326d   nginx:trixie                "/docker-entrypoint.…"   1 hour ago    Up 1 hour              0.0.0.0:80->80/tcp       opencve-nginx-1
da5a51bdb679   redis/redis-stack:latest    "/entrypoint.sh"         1 hour ago    Up 1 hour (healthy)    6379/tcp, 8001/tcp       opencve-redis-1
e762d16ce6f2   opencve-webserver           "gunicorn opencve.ws…"   1 hour ago    Up 1 hour              8000/tcp                 opencve-webserver-1

clone-repositories

Clones the KB repositories into the repositories Docker volume. Skips repositories that are already present (ongoing updates are handled by the OpenCVE DAG).

./install.sh clone-repositories

--------| Initialize OpenCVE repositories (1/1)
> cloning opencve-kb...
> done ✅
> cloning opencve-nvd...
> done ✅
[...]

import-opencve-kb

Imports the OpenCVE KB into PostgreSQL. Skipped if CVEs are already present. Expect 10 to 30 minutes depending on hardware.

./install.sh import-opencve-kb

--------| Import OpenCVE KB inside the database, it can take 10 to 30 min (1/1)
> importing CVEs...
> done ✅

start-opencve-dag

Unpauses all OpenCVE DAGs: opencve, summarize_reports, sync_weaknesses, clean_reports.

./install.sh start-opencve-dag

--------| Unpause Airflow DAGs (1/1)
> unpausing opencve dag...
> done ✅
> unpausing summarize_reports dag...
> done ✅
> unpausing sync_weaknesses dag...
> done ✅
> unpausing clean_reports dag...
> done ✅

Note

You may see a warning about graphviz not being installed. It does not impact OpenCVE.

create-superuser

Creates the admin account for OpenCVE. Skipped if a superuser already exists.

$ ./install.sh create-superuser

--------| Create OpenCVE admin user (1/2)
> creating OpenCVE admin user...
Username: xxx
Email address: xxx
Password:
Password (again):
Superuser created successfully.
> done ✅

--------| Auto confirm the created user (2/2)
> confirming the created admin user...
> done ✅

install-end / bye

Displays a summary of access URLs, installed version, and credentials. Run manually with ./install.sh bye, or it runs automatically at the end of start and upgrade.