Deploy with Docker
Overview
This article provides instructions for deploying the Mend for GitHub Enterprise containers using Docker.
Getting it Done
Target Machine: Run the Containers
Note: To deploy a dedicated SAST scanner the following environment variable must be set for both the controller and the scanner. WS_SAST_SCAN_PREFIX = SAST_ . It can be set in the docker run command as seen in the examples below but best practice is to set it within the dockerfiles.
Deploy Using Docker
On the target environment, create a directory (e.g., ‘<path/to/config/dir>’) and add to it the configuration properties JSON file (prop.json) that you previously edited and exported using the Configuration Editor.
Then, you will need to create a network bridge and run the following Docker containers by using Docker or Kubernetes.
Create a network bridge (this will create a private network between the different containers since all containers need to run within the same network):
docker network create -d bridge my_bridgeRun the 'wss-ghe-app' app container:
docker run --name wss-ghe-app --network my_bridge -p 9494:9494 -p 5678:5678 -v <path/to/config/directory>:/etc/usr/local/whitesource/conf wss-ghe-app:<version>
# For example:
docker run --name wss-ghe-app --network my_bridge -p 9494:9494 -p 5678:5678 -v c:/tmp/ghe/:/etc/usr/local/whitesource/conf/ wss-ghe-app:19.5.2
# For dedicated SAST example if you did not modify the Dockerfile
docker run --name wss-ghe-app --network my_bridge -p 9494:9494 -e WS_SAST_SCAN_PREFIX='SAST_' -p 5678:5678 -v c:/tmp/ghe/:/etc/usr/local/whitesource/conf/ wss-ghe-app:19.5.2Run the ‘wss-scanner’ scanner container:
docker run --name wss-scanner --restart=always --network my_bridge -p 9393:9393 -v <path/to/config/directory>:/etc/usr/local/whitesource/conf/ wss-scanner:<version>
# For example:
docker run --name wss-scanner --restart=always --network my_bridge -p 9393:9393 -v c:/tmp/ghe/:/etc/usr/local/whitesource/conf/ wss-scanner:19.5.2Run the dedicated SAST scanner container:
docker run --name wss-scanner-sast --restart=always --network my_bridge -p 9393:9393 -v <path/to/config/directory>:/etc/usr/local/whitesource/conf/ wss-scanner:<version>
# For example if you DID modify the scanner Dockerfile
docker run --name wss-scanner-sast --restart=always --network my_bridge -p 9393:9393 -v c:/tmp/ghe/:/etc/usr/local/whitesource/conf/ wss-scanner-sast:19.5.2
# For dedicated SAST example if you did NOT modify the scanner Dockerfile
docker run --name wss-scanner-sast --restart=always --network my_bridge -e WS_SAST_SCAN_PREFIX='SAST_' -p 9393:9393 -v c:/tmp/ghe/:/etc/usr/local/whitesource/conf/ wss-scanner:19.5.2Run the ‘wss-remediate’ server container:
docker run --name remediate-server --network my_bridge -e LOG_LEVEL=debug -p 8080:8080 -v <path/to/config/directory>/prop.json:/etc/usr/local/whitesource/conf/prop.json -v /tmp:/tmp wss-remediate:<version>
# For example:
docker run --name remediate-server --network my_bridge -e LOG_LEVEL=debug -p 8080:8080 -v c:/tmp/ghe/prop.json:/etc/usr/local/whitesource/conf/prop.json -v /tmp:/tmp wss-remediate:19.5.2Changing Remediate Server Port
If port 8080 is not available, you can use a different port by modifying only the first port entry in the 'docker run' command. For example:
docker run --name remediate-server --network my_bridge -e LOG_LEVEL=debug -p 8082:8080 -v c:/tmp/ghe/prop.json:/etc/usr/local/whitesource/conf/prop.json -v /tmp:/tmp wss-remediate:19.5.2
Next Steps after deploying the Mend for GitHub Enterprise containers with Docker
After successfully deploying the Mend for GitHub Enterprise containers, you are ready to Install the Mend for GitHub Enterprise App you created earlier.