forked from ossf/package-analysis
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
107 lines (102 loc) · 3.71 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
version: "3"
services:
zookeeper:
image: confluentinc/cp-zookeeper@sha256:87314e87320abf190f0407bf1689f4827661fbb4d671a41cba62673b45b66bfa
ports:
- 2181:2181
healthcheck:
test: nc -z localhost 2181 || exit -1
interval: 10s
timeout: 5s
retries: 3
restart: on-failure
environment:
ZOOKEEPER_CLIENT_PORT: 2181
ZOOKEEPER_TICK_TIME: 2000
ZOOKEEPER_SYNC_LIMIT: 2
kafka:
image: confluentinc/cp-kafka@sha256:c6320f9a0cbf57075e102546de110dcebdf374955f12388d58c23a54b8a47d31
ports:
- 9094:9094
depends_on:
zookeeper:
condition: service_healthy
healthcheck:
test: kafka-topics --bootstrap-server kafka:9092 --list
interval: 30s
timeout: 10s
retries: 23
restart: on-failure
environment:
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_LISTENERS: INTERNAL://kafka:9092,OUTSIDE://kafka:9094
KAFKA_ADVERTISED_LISTENERS: INTERNAL://kafka:9092,OUTSIDE://localhost:9094
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL:PLAINTEXT,OUTSIDE:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL
KAFKA_offsets_topic_replication_factor: 1
minio:
image: minio/minio@sha256:684ce208c005fe032659ec77bafa6a17a16c41686c334618dec924b3505e7090
hostname: minio
ports:
- 9000:9000
restart: on-failure
environment:
MINIO_ROOT_USER: minio
MINIO_ROOT_PASSWORD: minio123
MINIO_REGION_NAME: dummy_region
entrypoint: sh
command: -c 'mkdir -p /data/package-analysis/{analyzed-packages,dynamic,execution-logs,file-writes,static} && /usr/bin/minio server /data'
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
analysis:
image: gcr.io/ossf-malware-analysis/analysis:latest
privileged: true
ports:
- 6060:6060
restart: unless-stopped
entrypoint: "/usr/local/bin/worker"
environment:
OSSMALWARE_WORKER_SUBSCRIPTION: kafka://worker?topic=workers
OSSF_MALWARE_NOTIFICATION_TOPIC: kafka://notifications
OSSF_MALWARE_ANALYZED_PACKAGES: s3://package-analysis/analyzed-packages?endpoint=minio:9000&disableSSL=true&s3ForcePathStyle=true
OSSF_MALWARE_ANALYSIS_RESULTS: s3://package-analysis/dynamic?endpoint=minio:9000&disableSSL=true&s3ForcePathStyle=true
OSSF_MALWARE_ANALYSIS_EXECUTION_LOGS: s3://package-analysis/execution-logs?endpoint=minio:9000&disableSSL=true&s3ForcePathStyle=true
OSSF_MALWARE_ANALYSIS_FILE_WRITE_RESULTS: s3://package-analysis/file-writes?endpoint=minio:9000&disableSSL=true&s3ForcePathStyle=true
OSSF_MALWARE_STATIC_ANALYSIS_RESULTS: s3://package-analysis/static?endpoint=minio:9000&disableSSL=true&s3ForcePathStyle=true
OSSF_MALWARE_ANALYSIS_ENABLE_PROFILER: "true"
OSSF_MALWARE_FEATURE_FLAGS: ""
KAFKA_BROKERS: kafka:9092
AWS_ACCESS_KEY_ID: minio
AWS_SECRET_ACCESS_KEY: minio123
AWS_REGION: dummy_region
depends_on:
kafka:
condition: service_healthy
minio:
condition: service_healthy
scheduler:
image: gcr.io/ossf-malware-analysis/scheduler:latest
entrypoint: "/usr/local/bin/scheduler"
depends_on:
kafka:
condition: service_healthy
restart: on-failure
environment:
OSSMALWARE_WORKER_TOPIC: kafka://workers
OSSMALWARE_SUBSCRIPTION_URL: kafka://worker?topic=package-feeds
KAFKA_BROKERS: kafka:9092
feeds:
image: gcr.io/ossf-malware-analysis/scheduled-feeds:latest
restart: on-failure
ports:
- 8080:8080
depends_on:
kafka:
condition: service_healthy
environment:
PACKAGE_FEEDS_CONFIG_PATH: /config/feeds.yml
volumes:
- "./config/:/config/"