This guide describes how to set up ISDuBA for a development build on Ubuntu 24.04. These settings are not suitable for production.
The setup should be performed via the installation scripts.
An example-configuration for isdubad can be found in example_isdubad.toml. Please edit to your needs.
Initially there is a migration needed to configure the database
by starting isdubad with the ISDUBA_DB_MIGRATE environment variable
set to true or by adjusting the toml-configuration file, e.g.
ISDUBA_DB_MIGRATE=true ./cmd/isdubad/isdubad -c isduba.tomlCreate additional users via createUsers script. A list of users created by the setup scripts can be found in the users.txt.
Create groups via createGroup script. The restrictions set with the script are explained in keycloak_values.md
The keycloak admin user created via the scripts will
have the username password keycloak,
unless otherwise specified via the environment variable KEYCLOAK_ADMIN.
The password can be specified via the environment variable
KEYCLOAK_ADMIN_PASSWORD, a file (-f option)
or directly (using the -p option).
If neither is set, then the script will try to see if
docs/scripts/password.txt contains a password.
If this is not set either, then a random password will be generated
and stored in docs/scripts/password.txt.
Import the advisories into the database via the bulk importer:
An example for a local PostgreSQL:
~/downloaded_advisories: location to download your advisories from, replace with your actual location
./cmd/bulkimport/bulkimport ~/downloaded_advisoriesThe following will define a TOKEN variable which holds the information
about a user with name USERNAME and password USERPASSWORD
as configured in keycloak.
(You can check the TOKEN via jwt.io. Keycloak should be up and running.)
TOKEN=`curl -d 'client_id=auth' -d 'username=USERNAME' -d 'password=USERPASSWORD' -d 'grant_type=password' 'http://127.0.0.1:8080/realms/isduba/protocol/openid-connect/token' | jq -r .access_token`
echo $TOKENTo start the frontend via a vite dev-server:
cd client
npm run devThis will start the client application and print the URL a browser could be pointed to.
With a previously created configuration file (named e.g. isduba.toml) you could start the backend from the main directory:
./cmd/isdubad/isdubad -c isduba.tomlMake sure to have keycloak running when trying to access the application.
(If set up via the script available under:)
sudo -u keycloak /opt/keycloak/bin/kc.sh start-dev(The isduba-keycloak-specific-config is configured in client/.env.)
The setup scripts utilize Keycloak's health checks to determine whether Keycloak is running. The port to use may change depending on your Keycloak version or admin's configuration. The default for the current version of 25 is port 9000. This means it may be necessary to call docs/scripts/keycloak/configurekeycloak.sh with the -l/--live flag to manually set a port, e.g. for keycloak 24:
./configureKeycloak.sh --live 8080Not setting the correct port without the -k/--keycloakRunning option will cause the script to call the wrong port infinitely.