docker-compose.security.yml

version: "3.7"

x-common: &common
  image: ${NE_IMAGE_REGISTRY:-}${NE_IMAGE_ORGANIZATION:-sixsq}/${NE_IMAGE_REPOSITORY:-nuvlaedge}:${NE_IMAGE_TAG:-2.19.0}
  stop_grace_period: 5s
  logging:
    driver: "json-file"
    options:
      max-size: "${LOG_MAX_SIZE:-250k}"
      max-file: "${LOG_MAX_FILE:-10}"
  labels:
    - "nuvlaedge.component=True"
    - "nuvlaedge.deployment=production"
    - "nuvlaedge.peripheral.component=True"
    - "nuvlaedge.peripheral.type=network"
    - "nuvlaedge.module.name=security"

services:
  security:
    <<: *common
    entrypoint: security-entrypoint
    restart: unless-stopped
    container_name: ${COMPOSE_PROJECT_NAME:-nuvlaedge}-security
    network_mode: host
    privileged: true
    environment:
      - NUVLAEDGE_LOG_LEVEL=${NUVLAEDGE_LOG_LEVEL:-INFO}
      - EXTERNAL_CVE_VULNERABILITY_DB=${EXTERNAL_CVE_VULNERABILITY_DB:-"/~https://github.com/nuvla/vuln-db/blob/main/databases/all.aggregated.csv.gz?raw=true"}
      - EXTERNAL_CVE_VULNERABILITY_DB_UPDATE_INTERVAL=${EXTERNAL_CVE_VULNERABILITY_DB_UPDATE_INTERVAL:-86400}
      - SECURITY_SCAN_INTERVAL=${SECURITY_SCAN_INTERVAL:-1800}
    volumes:
      - nuvlaedge-data:/var/lib/nuvlaedge
      - /etc/machine-id:/rootfs/etc/machine-id:ro
    depends_on:
      - agent