Skip to main content

Getting Started

This guide covers deploying the entire application production environments. For development environments, please refer to the Development Guide.

warning

There are three main environments:

  • dev - Development environment
  • prod - Production environment
  • docker - Docker environment

The makefile commands are different for each environment. It is recommended to set the environment variable ENV to the environment you want to deploy to in the root .env file.

Setup and Installation

The recommended way to install SCCCE is to use the SCCCE CLI. The binary is available on the GitHub Releases page.

SCCCE CLI

sccce --help

Installation Methods

Requirements:

  • git installed

Commands:

  • Download the latest release from GitHub Releases
  • Unzip the .tar.gz release
  • Run the sccce binary

Setup the environment

export ENV=prod && make init
# Add ENV=prod to .env
# Update config/app.yaml
make db

Run the application

## CLI 
./sccce --config "config/app.yaml" 

## Run Server 
./sccce --config "config/app.yaml" server 
## or 
make run

SCCCE Web Portal and API

sccce server

This command serves the SCCCE web portal, backend API, and Documentations.

Requirements:

  • git installed

Commands:

  • Download the latest release from GitHub Releases
  • Unzip the .tar.gz release
  • Update the app.yaml file within the extracted folder
  • Run ./sccce server

SCCCE Container Images

The available versions of SCCCE container images are:

  • latest: in sync with the main branch (not stable)
  • stable: in sync with the latest release (stable)

The container images are available at:

warning

Work in progress!

Setup the environment:

ENV=docker && make init
# Add ENV=docker to .env
# Update config/app.yaml
make db

Running the application:

docker compose up -d
# or
make run

Manual Installation

warning

This is not up to date.

Below is an example to deploy the SCCCE to a fresh Centos installation.

Update Libraries

# update the libraries
yum install epel-release -y
yum -y update
yum groupinstall "Development Tools" -y
yum install git wget jq sed -y
yum clean all

Open Firewall

# open firewall
firewall-cmd --zone=public --add-port=3001/tcp --permanent
firewall-cmd --zone=public --add-port=8081/tcp --permanent
firewall-cmd --zone=public --add-port=27017/tcp --permanent
firewall-cmd --zone=public --add-port=48000/tcp --permanent
firewall-cmd --zone=public --add-port=48001/tcp --permanent
firewall-cmd --reload

Install Docker

# install docker
# https://get.docker.com
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
sudo chmod 666 /var/run/docker.sock
sudo usermod -a -G docker $USER
sudo systemctl enable docker
# Auto-start on boot
sudo systemctl start docker

Install Docker Compose

# install docker-compose
# https://docs.docker.com/compose/install/
sudo curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

# confirm docker installed successfully
docker --version
docker-compose --version

info

Skip to Clone SCCCE if you are not developing the application.

Install Python (For development purpose)

# Ready FYP program libraries
yum install -y python3
python3 --version
yum install -y python-pip
python3 -m ensurepip
pip3 --version

Install Golang (For development purpose)

# Install Golang binary
wget https://go.dev/dl/go1.17.5.linux-amd64.tar.gz
tar -zxvf go1.17.5.linux-amd64.tar.gz -C /usr/local/
echo "export PATH=$PATH:/usr/local/go/bin" >> ~/.bash_profile
mkdir /go
echo "export GOPATH=/go" >> ~/.bash_profile
GOPATH=/go
source ~/.bash_profile
rm -f go1.17.5.linux-amd64.tar.gz
go version

Install AWSCLI (Optional)

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
./aws/install -i /usr/local/aws-cli -b /usr/local/bin
rm -f awscliv2.zip
aws --version

Install AzureCLI (Optional)

rpm --import https://packages.microsoft.com/keys/microsoft.asc
echo -e "[azure-cli]\nname=Azure CLI\nbaseurl=https://packages.microsoft.com/yumrepos/azure-cli\nenabled=1\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" | tee /etc/yum.repos.d/azure-cli.repo
yum install azure-cli -y
az version

Install GCPCLI (Optional)

echo -e "[google-cloud-sdk]\nname=Google Cloud SDK\nbaseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=0\ngpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg\n https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg" | tee /etc/yum.repos.d/google-cloud-sdk.repo
yum install google-cloud-sdk -y
gcloud version

Install Kubectl (Optional)

KUBECONFIG=/root/.kube/config
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
echo "export PATH=$PATH:/usr/local/bin/kubectl" >> ~/.bash_profile
kubectl version --client
mkdir -p /root/.kube
touch /root/.kube/config
chown $(id -u):$(id -g) /root/.kube/config

Install K8S baseline checker's packages: copper, yq (Optional)

wget --output-document="/bin/copper" https://github.com/cloud66-oss/copper/releases/download/2.0.1/linux_amd64_2.0.1
chmod +x /bin/copper
YQ_VERSION=v4.17.2
YQ_BINARY=yq_linux_amd64
wget https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/${YQ_BINARY}.tar.gz -O - |  tar xz && mv ${YQ_BINARY} /bin/yq
copper version
yq --version

Install Kube-linter (Optional)

echo "export GO111MODULE=on" >> ~/.bash_profile
echo "export PATH=$PATH:/go/bin" >> ~/.bash_profile
go install golang.stackrox.io/kube-linter/cmd/kube-linter@latest
kube-linter version

Install Kube-hunter (Optional)

pip3 install --user kube-hunter
echo "export PATH=/root/.local/bin:$PATH" >> ~/.bash_profile
kube-hunter --list
cd /tmp
git clone https://github.com/aquasecurity/kube-hunter.git

Install Kubebench (Optional)

cd /tmp
git clone https://github.com/aquasecurity/kube-bench.git

Clone SCCCE

# Remeber to add your SSH key to Github before git clone a private repo
# clone the git repo
git clone https://github.com/jyyyeung/SCCCE.git

# go into the project root folder
cd SCCCE

# copy the files and modify as needed
cp .env.default .env
cp docker-compose.prd.yml docker-compose.yml

# start the docker containers
sudo docker-compose up -d

To Rebuild after code update

# go into the project root folder
cd SCCCE

# pull the git repo
git pull

# rebuild the docker containers
sudo docker compose up -d --build

Setting up Third-party tools

More information can be found in the Tools Guide.

Greenbone