On-Prem Appliance Config

This article only applies to FOSSA on-prem users (i.e. you are running a FOSSA appliance behind your firewall). Contact support if you need help installing or configuring FOSSA.

These are environment variables you can pass when booting the FOSSA instance to configure behavior.

Basic Params

secret - unique 64-character HEX string used to protect data throughout your app

app__hostname - hostname, defaults to localhost

app__port - fossa access port, defaults to 9578

app__bind_port - (Optional) fossa server bind port, defaults to app_port but can be used if access port is different than bind (i.e. ssl proxy or load balancer)

Database

Postgres connection info

db__host db__port db__username db__password db__database - defaults to fossa

Advanced

app__redirect_server__enabled

app__redirect_server__port

app__server__type - defaults to http

app__server__key - note, these refer to paths mounted in the container. Deploy to certs on the host machine to /fossa/public/data/crt.key and configure FOSSA with /fossa/public/data/crt.key app__server__cert

Misc

app__password_reset_timeout - time in seconds for password reset tokens to time out app__access - access code for users to register, replaces team joining selector app__disable_terms - defaults to false, disables terms of service on registration if enabled

logging__dir - log dir; note /fossa/public/data is mounted in container

Code Host and Tooling Integrations

GitHub

github__enabled github__version - API version, defaults to 3.0.0 github__base_url - Defaults to api.github.com, point this to your internal GitHub Enterprise (GHE) instance if you have one.

github__credentials__oauth2__client_id - Create a custom FOSSA OAuth app in GH or GHE and fill in these fields github__credentials__oauth2__client_secret github__credentials__oauth2__callback

github__timeout github__headers__{header_name}

Bitbucket Server/Stash

bitbucket_server__enabled bitbucket_server__base_url

bitbucket_server__credentials__oauth2__client_id bitbucket_server__credentials__oauth2__client_secret bitbucket_server__credentials__oauth2__private_key

bitbucket_server__credentials__basic__username bitbucket_server__credentials__basic__password

JIRA

jira__enabled jira__base_url

jira__credentials__oauth2__client_id jira__credentials__oauth2__client_secret jira__credentials__oauth2__private_key

jira__credentials__basic__username jira__credentials__basic__password

Slack

slack__enabled

slack__credentials__oauth2__client_id slack__credentials__oauth2__client_secret slack__credentials__oauth2__private_key

Language/Package Manager Integrations

npm

fetchers__npm__registry - URL to npm registry endpoint

npmE or newer registries which support auth_token

fetchers__npm__auth_token - auth token generated by npm after npm login, found in .npmrc

Artifactory or older registries with legacy auth

fetchers__npm__auth__email

fetchers__npm__auth__token - _auth parameter in .npmrc

fetchers__npm__auth__username

Maven/Gradle

Cocoapods

cocoapods_api__enabled cocoapods_api__protocol cocoapods_api__hostname - defaults to localhost cocoapods_api__port

Repository/Server Configuration

Servers is an array of servers that have id, registry, username, and password. In the variables listed below, n is the index of the array servers array.

fetchers__mvn__servers__n__id

fetchers__mvn__servers__n__registry

fetchers__mvn__servers__n__username

fetchers__mvn__servers__n__password

Caching

Request Cache

Database Cache

Package Cache

This config enables code browsing.

cache__package__engine - set to file (default) or s3

cache__package__store_private - defaults to false, meaning cache will ignore private or auth'd packages

s3

Caching with s3 is the preferred method, where you can defined your own security and access features:

cache__package__bucket - which s3 bucket is used for cache

cache__package__s3Options__accessKeyId - (optional) access key ID for s3 user/bucket

cache__package__s3Options__secretAccessKey - (optional) secret key for s3 user/bucket

file

By default FOSSA will fall back to file caching on the node, but this isn't secured or the most reliable option.

cache__package__root - root directory to cache in the container, usually you don't want to touch this

cache__package__maxSize - max size in bytes for total cache directory (defaults to 750MB)

cache__package__maxPackageSize - max size in bytes for each package (defaults to 15MB)

You can disable caching by setting the engine to file and cache__package__maxSize to 0