SecScanMCP/.env.example at main · zakariaf/SecScanMCP · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# MCP Security Scanner Environment Configuration
# Copy this file to .env and update with your settings

# Service Configuration
LOG_LEVEL=INFO
PORT=8000
HOST=0.0.0.0

# Scanner Configuration
SCAN_TIMEOUT=600
MAX_CONCURRENT_SCANS=5

# Tool Cache Directories (now inside container user home)
TRIVY_CACHE_DIR=/home/scanner/.cache/trivy
GRYPE_DB_CACHE_DIR=/home/scanner/.cache/grype
SYFT_CACHE_DIR=/home/scanner/.cache/syft

# Tool Configuration
# Trivy
TRIVY_QUIET=true
TRIVY_DEBUG=false
TRIVY_TIMEOUT=10m
TRIVY_SKIP_UPDATE=false
TRIVY_OFFLINE_SCAN=false

# Grype
GRYPE_DB_AUTO_UPDATE=true
GRYPE_QUIET=true
GRYPE_CHECK_FOR_APP_UPDATE=false

# Syft
SYFT_CHECK_FOR_APP_UPDATE=false
SYFT_CATALOGERS_ENABLED=all

# Dynamic Analysis (Docker)
DOCKER_HOST=unix:///var/run/docker.sock
DOCKER_TIMEOUT=30
SANDBOX_MEMORY_LIMIT=512m
SANDBOX_CPU_LIMIT=0.5

# Network Configuration (if behind proxy)
# HTTP_PROXY=http://proxy.example.com:8080
# HTTPS_PROXY=http://proxy.example.com:8080
# NO_PROXY=localhost,127.0.0.1,.example.com

# Performance Settings
ENABLE_SBOM_CACHE=true
SBOM_CACHE_TTL=3600
PARALLEL_ANALYZERS=true
MAX_ANALYZER_WORKERS=4

# Security Settings
ENABLE_DYNAMIC_ANALYSIS=true
VERIFY_SECRETS=false  # Requires API keys for verification

# Optional: External Integrations
# GITHUB_TOKEN=ghp_xxxxxxxxxxxx  # For enhanced GitHub scanning
# GITLAB_TOKEN=glpat-xxxxxxxxxxxx  # For GitLab repos
# BITBUCKET_TOKEN=xxxxxxxxxxxx  # For Bitbucket repos

# Optional: Webhook Configuration
# WEBHOOK_URL=https://your-app.com/webhooks/scan-complete
# WEBHOOK_SECRET=your-webhook-secret

# Optional: Custom Configuration File
# CONFIG_FILE=/app/config/scanner.yaml

# Development Settings
DEBUG=false
RELOAD=false  # Auto-reload on code changes