forked from DefectDojo/godojo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
example_dojoConfig.yml
167 lines (163 loc) · 12.1 KB
/
example_dojoConfig.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
# Default config for godojo installations
#
# How to read the lines below:
# Each line represents a value used by the installer in this format:
# [name]: [default] # [ENV] - [Description]
# where
# [name] is the name of the configuration item
# [default] is the default value for the configuration item
# [ENV] is the environmental variable used to override the config item at run time
# [Description] is a description of that the config item's purpose
#
# If the following values are left empty aka "", they will be randomly generated at install time
# CredentialAES256Key
# SecretKey
Install:
Version: "2.4.1" # DD_Version - Release version of DefectDojo from Github Releases
SourceInstall: false # DD_SourceInstall - Boolean if a source install is desired (vs a release)
# If ^ is true, a souce code install will occur overriding the release version provided
SourceBranch: "dev" # DD_SourceBranch - The branch's HEAD to be checked out if SourceInstall is true
SourceCommit: 22294ab6c69468057bce79386768869b2788de5d # DD_SourceCommit - If there is a value here, the specific commit will be used over the branch ^
Quiet: false # DD_Quiet - Suppress normal output - only errors will be shown
Trace: true # DD_Trace - Boolean to enable the most verbose logging during install
Redact: true # DD_Redact - Boolean to redact sensitive info from the logs
DevInstall: false # DD_Dev_Install - Boolean for development installs, uses fixed values
Prompt: false # DD_Prompt - Boolean to prompt for configuration values - NOT IMPLEMENTED YET
Mac: false # DD_Mac - Boolean to set the install target as a Mac - NOT IMPLEMENTED YET
Root: "/opt/dojo" # DD_Root - Root directory for the DefectDojo app Note: No traiing /
Source: "django-DefectDojo" # DD_Source - Directory in DD_Root for DefectDojo source code
Files: "local" # DD_Files - Directory in DD_Root for local files (static assets, uploads, etc)
Media: "media" # DD_Media - Directory in DD_Files for uploaded files (screenshots, test artifacts, etc)
Static: "static" # DD_Static - Directory in DD_Files for static asset files (JS, images, etc)
App: "dojo" # DD_App - Directory in DD_Source where the DefectDojo Django app is located
Sampledata: false # DD_Sampledata - Boolean for installing sample data during the install
PullSource: true # DD_PullSource - Boolean for installer to download source for DefectDojo Note: Usually for debugging the installer itself
DB:
Engine: "MySQL" # DD_DB_Engine - Database engine to use (SQLite, MySQL, PostgreSQL, MariaDB) Note: CASE sEnSiTiVE!
Local: true # DD_DB_Local - Boolean for when DB is on the same host/server/vm (local)
Exists: false # DD_DB_Exists - Boolean for when DB for DefectDojo already exists so no install needed
Ruser: "root" # DD_DB_Ruser - Superuser for the database Note: this and Rpass below REQUIRED for remote and existing DBs
Rpass: "vee0Thoanae1daePooz0ieka" # DD_DB_Rpass - Password for the database superuser Note: set to 24 random characters
Name: "dojodb" # DD_DB_Name - Name of the database that DefectDojo will use
User: "dojodbusr" # DD_DB_User - Username of the database user that DefectDojo will use
Pass: "vee0Thoanae1daePooz0ieka" # DD_DB_Pass - Password for the database user DefectDojo will use Note: set to 24 random characters
Host: "localhost" # DD_DB_Host - Database hostname
Port: 3306 # DD_DB_Port - Port the database is listening on
Drop: false # DD_DB_Drop - Boolean to tell the installer to drop an existing DB if found
OS:
User: "dojo-srv" # DD_OS_User - OS user to own the DefectDojo instll and files
Pass: "wahlieboojoKa8aitheibai3" # DD_OS_Pass - Password for the OS user for DefectDojo Note: set to 24 random characters
Group: "dojo-srv" # DD_OS_Group - OS Group to own the DefectDojo install and files
UID: 1337 # DD_OS_UID - User ID for the DefectDojo OS user
GID: 1337 # DD_OS_GID - Group ID for the DefectDojo OS group
Settings:
Dist: "/dojo/settings/settings.dist.py" # DD_SET_Dist - Path of the distributed settings file relative to DD_Source
File: "/dojo/settings/settings.py" # DD_SET_File - Path of the settings.py file relative to DD_Source Note: Created at install time
Env: "/dojo/settings/.env.prod" # DD_SET_Env - Path to DefectDojo's environmental variables file
Admin:
User: "admin" # DD_ADMIN_User - Admin user for the DefectDojo web app
Pass: "admin" # DD_ADMIN_Pass - Password for the DefectDojo web app admin user Note: set to 24 random characters
Email: "admin@localhost" # DD_ADMIN_Email - Email address for the web app admin user
First: "Default" # DD_ADMIN_First - Web app admin users's first name
Last: "Admin" # DD_ADMIN_Last - Web app admin users's last name
Others: "" # DD_ADMIN_Others - List of additional DefectDojo web app admins e.g. username1:pass1,username2:pass2
Settings:
AllowedHosts: "*" # DD_ALLOWED_HOSTS - List of hostnames/IPs allowed to connect to DefectDojo
CeleryBeatScheduleFilename: "" # DD_CELERY_BEAT_SCHEDULE_FILENAME - DD_Files + doj.celery.beat.db
CeleryBrokerHost: "" # DD_CELERY_BROKER_HOST - Hostname for the Celery broker
CeleryBrokerPassword: "" # DD_CELERY_BROKER_PASSWORD - Password for the Celery broker
CeleryBrokerPath: "/dojo.celerydb.sqlite" # DD_CELERY_BROKER_PATH - DD_Files + /dojo.celerydb.sqlite if sqlite is the broker
CeleryBrokerPort: -1 # DD_CELERY_BROKER_PORT - Port used by backend (RabbitMQ or Redis)
CeleryBrokerScheme: "sqla_sqlite" # DD_CELERY_BROKER_Scheme - amqp when RabbitMQ is the broker
CeleryBrokerURL: "" # DD_CELERY_BROKER_URL - URL to connect to the Celery broker
CeleryBrokerUser: "" # DD_CELERY_BROKER_USER - User to connect to the Celery broker
CeleryLogLevel: "" # DD_CELERY_LOG_LEVEL - TODO
CeleryResultBackend: "django-db" # DD_CELERY_RESULT_BACKEND - TODO
CeleryResultExpires: 86400 # DD_CELERY_RESULT_EXPIRES - TODO
CeleryTaskIgnoreResult: true # DD_CELERY_TASK_IGNORE_RESULT - TODO
CeleryTaskSerializer: "pickle" # DD_CELERY_TASK_SSERIALIZER - TODO
CredentialAES256Key: "" # DD_CREDENTIAL_AES_256_KEY - Key used to AES encrypt credentials stored in the DefectDojo database
CSRFCookieHTTPOnly: true # DD_CSRF_COOKIE_HTTPONLY - Boolean to use HTTPOnly on the Django CSRF cookie
CSRFCookieSecure: false # DD_CSRF_COOKIE_SECURE - Boolean to use the secure flag on the Django CSRF cookie
DatabaseEngine: "" # DD_DATABASE_ENGINE - Set from DD_DB_Engine
DatabaseHost: "" # DD_DATABASE_HOST - Set from DD_DB_Host
DatabaseName: "" # DD_DATABASE_NAME - Set from DD_DB_Name
DatabasePassword: "" # DD_DATABASE_PASSWORD - Set from DD_DB_Pass
DatabasePort: "" # DD_DATABASE_PORT - Set from DD_DB_Port
#DatabaseType: "" # DEPRECATED
DatabaseURL: "" # DD_DATABASE_URL - Set from the DD_DB_ variables
DatabaseUser: "" # DD_DATABASE_USER - Set from DD_DB_User
DataUploadMaxMemorySize: 8388608 # DD_DATA_UPLOAD_MAX_MEMORY_SIZE - aka 8 mb TODO
Debug: true # DD_DEBUG - Boolean to set Django debugging on
DjangoAdminEnabled: false # DD_DJANGO_ADMIN_ENABLED - TODO
EmailURL: "smtp://user@:password@localhost:25" # DD_EMAIL_URL - TODO
Env: "" # DD_ENV - TODO
EnvPath: "" # DD_ENV_PATH - TODO
ForceLowercaseTags: true # DD_FORCE_LOWERCASE_TAGS - Boolean to lowercase any tags entered
#Host: "" # TODO
#Initialize: "" # TODO
Lang: "en-us" # DD_LANG - Language for DefectDojo
LanguageCode: "en-us" # DD_LANGUAGE_CODE - Language code for DefectDojo
LoginRedirectURL: "/" # DD_LOGIN_REDIRECT_URL - Where to redirect after a successful login
MaxTagLength: 25 # DD_MAX_TAG_LENGTH - Max characters for tags in DefectDojo
MediaRoot: "" # DD_MEDIA_ROOT - DD_Root + DD_Files + DD_Media
MediaURL: "/media/" # DD_MEDIA_URL - the URI path to media items
Port: "" # DD_PORT - TODO
PortScanContactEmail: "email@localhost" # DD_PORT_SCAN_CONTACT_EMAIL - Port scan contact email address
PortScanExternalUnitEmailList: "['email@localhost']" # DD_PORT_SCAN_EXTERNAL_UNIT_EMAIL_LIST - List of email addresses like ['email@ex.com'] or ['email@ex.com', 'another@ex.com']
PortScanResultEmailFrom: "email@localhost" # DD_PORT_SCAN_RESULT_EMAIL_FROM - TODO
PortScanSourceIP: "127.0.0.1" # DD_PORT_SCAN_SOURCE_IP - TODO
SecretKey: "" # DD_SECRET_KEY - Used by Django for encryption like creating CSRF tokens Note: If empty, generated 128 character random value is used
SecureBrowserXSSFilter: false # DD_SECURE_BROWSER_XSS_FILTER - Boolean to set the X-XSS-Protection header
SecureContentTypeNosniff: "" # DD_SECURE_CONTENT_TYPE_NOSNIFF - Boolean to set the ContentType Nosniff header
SecureHSTSIncludeSubdomains: false # DD_SECURE_HSTS_INCLUDE_SUBDOMAINS - Boolean on including subdomains in HSTS
SecureHSTSSeconds: 31536000 # DD_SECURE_HSTS_SECONDS - 1 year in seconds - how long HSTS is valid
SecureProxySSLHeader: false # DD_SECURE_PROXY_SSL_HEADER - Boolean to set the Proxy SSL header
SecureSSLRedirect: false # DD_SECURE_SSL_REDIRECT - Boolean on DefectDojo always redirecting to HTTPS
SessionCookieHTTPOnly: true # DD_SESSION_COOKIE_HTTPONLY - Boolean on DefectDojo adding HTTPOnly to session cookie
SessionCookieSecure: false # DD_SESSION_COOKIE_SECURE - Boolean on DefectDojo adding secure flag to session cookie
SiteID: 1 # DD_SITE_ID - TODO
SocialAuthAzureadTenantOauth2Enabled: "" # DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_ENABLED - Boolean to enable Azure AD login
SocialAuthAzureadTenantOauth2Key: "" # DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY - Azure AD OAuth2 key
SocialAuthAzureadTenantOauth2Resource: "" # DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_RESOURCE - Azure AD OAuth2 resource
SocialAuthAzureadTenantOauth2Secret: "" # DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET - Azure AD OAuth2 secret
SocialAuthAzureadTenantOauth2TenantID: "" # DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID - Azure AD OAuth2 Tenant ID
SocialAuthGoogleOauth2Enable: "" # DD_SOCIAL_AUTH_GOOGLE_OAUTH2_ENABLE - Boolean to enable Google login
SocialAuthGoogleOauth2Key: "" # DD_SOCIAL_AUTH_GOOGLE_OAUTH2_KEY - Google OAuth2 key
SocialAuthGoogleOauth2Secret: "" # DD_SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET - Google OAuth2 secret
SocialAuthOktaOauth2APIURL: "" # DD_SOCIAL_AUTH_OKTA_OAUTH2_API - Okta API for OAuth2
SocialAuthOktaOauth2Enabled: "" # DD_SOCIAL_AUTH_OKTA_OAUTH2_ENABLED - Boolean to enable Okta login
SocialAuthOktaOauth2Key: "" # DD_SOCIAL_AUTH_OKTA_OAUTH2_KEY - Okta OAuth2 key
SocialAuthOktaOauth2Secret: "" # DD_SOCIAL_AUTH_OKTA_OAUTH2_SECRET - Okta OAuth2 secret
StaticRoot: "" # DD_STATIC_ROOT - DD_Root + DD_Files + DD_Static
StaticURL: "/static/" # DD_STATIC_URL - URI path for static files for DefectDojo
TeamName: "Security Team" # DD_TEAM_NAME - Name for the security team
TestDatabaseName: "test_defectdojo" # DD_TEST_DATABASE_NAME - TODO
TestRunner: "django.test.runner.DiscoverRunner" # DD_TEST_RUNNER - TODO
TimeZone: "UTC" # DD_TIME_ZONE - Time zone for DefectDojo app
TrackMigrations: false # DD_TRACK_MIGRATIONS - TODO
UrlPrefix: "" # DD_URL_PREFIX - Defaults to empty string, used to put DefectDojo in an off-root path (/dojo)
UseI18n: true # DD_USE_I18N - Boolean for internationalization
UseL10n: true # DD_USE_L10N - Boolean for internationalization
UseTZ: true # DD_USE_TZ - TODO
UUID: "" # DD_UUID - TODO
UwsgiEndpoint: "" # DD_UWSGI_ENDPOINT - Endpoint for uwsgi
UwsgiHost: "" # DD_UWSGI_HOST - Hostname for uwsgi
UwsgiMode: "" # DD_UWSGI_MODE - Mode for uwsgi
UwsgiPass: "" # DD_UWSGI_PASS - Password for uwsgi
UwsgiPort: "" # DD_UWSGI_PORT - Port for uwsgi
Whitenoise: false # DD_WHITENOISE - Boolean to have whtienoise serve static files for DefectDojo
Wkhtmltopdf: "/usr/local/bin/wkhtmltopdf" # DD_WKHTMLTOPDF - DEPRECATED
# These are optional config values that generally never need to be changed and are used while testing godojo
# rather then actual installs
Options:
HelpURL: "https://github.com/mtesauro/godojo" # DD_
ReleaseURL: "https://github.com/DefectDojo/django-DefectDojo/archive/" # DD_
CloneURL: "https://github.com/DefectDojo/django-DefectDojo.git" # DD_
YarnGPG: "https://dl.yarnpkg.com/debian/pubkey.gpg" # DD_
YarnRepo: "deb https://dl.yarnpkg.com/debian/ stable main" # DD_
NodeURL: "https://deb.nodesource.com/setup_12.x" # DD_
Embd: false
Key: ""
Tmpdir: "/opt/.dojo-temp/"
UsrInst: true