The Docker installation is the method to choose if you want to quickly deploy OpenCVE without managing the dependencies (like PostgreSQL, Redis or Celery).
The current documentation has been tested on Debian 10 and Ubuntu LTS 20.04 with the following requirements :
- Docker-compose 1.21.0+
- Docker 20.10.1+
- 5 GB RAM
Get the OpenCVE docker repository:
$ git clone https://github.com/opencve/opencve-docker.git
Prepare and copy the configuration file from the conf directory:
$ cd opencve-docker && cp ./conf/opencve.cfg.example ./conf/opencve.cfg
Update the following keys in the
- server_name (use the same port if you changed it in the .env file)
- secret_key (see the Flask recommandations)
- smtp_user & smtp_password if any or leave empty
If you want to change the default postgresql password (strongly advised), you can add it in the
.env file before the docker-compose build:
Then don't forget to change it in the opencve.cfg file.
You will need a SMTP server to send the notification emails. Its configuration is out of scope of this procedure.
Initialize the stack
You can now build the OpenCVE image:
$ docker-compose build
Then start everything except the beat:
$ docker-compose up -d postgres redis webserver celery_worker
Initialize the database
The database can be initialized with the following command:
$ docker exec -it webserver opencve upgrade-db
Import the data
The tables are created, you can now populate them using the
import-data command :
$ docker exec -it webserver opencve import-data
This command download the list of CPE, the list of CWE and each CVE's year (from 2002 until now), so it can take several minutes. Don't worry you will only do it once.
The NVD data are downloaded, extracted and then parsed in-memory before being inserted in the database. For that the
import-data command needs 5GB at least to correctly do its job. Afterwards, the worker use very small memory as only the diff is used with the NVD.
If you launch
opencve import-data without this memory space the command will be killed (OOM) by your operating system and your data will be incompletes.
We wrote a documentation to handle this problem using a SWAP file.
Create an admin
You can now create the admin :
$ docker exec -it webserver opencve create-user john email@example.com --admin Password: Repeat for confirmation: [*] User john created.
This command is required for the first admin, then you will be able to manage the users with the admin pages.
Start the beat
The last step is to start the scheduler :
$ docker-compose up -d celery_beat
You can now use OpenCVE with your own dockerized instance of it.