Environment variables

There are expert configuration variables for the BDBA virtual appliance that can be configured when SSH access is enabled. The environment variables can be configured using the /etc/appcheck/environment file. The file format is a standard KEY=VALUE on each line. The keys are listed in the sections below.

After the environment variables are configured, relevant services need to be restarted. This can be achieved by executing:


        # sudo systemctl restart appcheck
        # sudo systemctl restart frontend-worker
        # sudo systemctl restart frontend-worker-long
        # sudo systemctl restart frontend-worker-updates

Common BDBA Environment Variables

APPCHECK_LOG_LEVEL - logging devel ("DEBUG", "INFO", "WARNING", "CRITICAL"). Defaults to INFO.

DATA_UPDATE_UPSTREAM - Upstream source for data updates (default https://bdba.blackduck.com/)

API_PAGINATION_LIMIT - maximum number of entries per page in APIs (default 1000).

USE_NVD_VALUES- use values from NVD instead of BDSA (versions, scores etc). Default false.

METRICS_STATISTICS_INTERVAL - default "interval" for collecting statistics in hours. Default 24.

SLOW_SCAN_THRESHOLD - "Slow scan" threshold trigger in metrics in seconds. Default 7200.

RESULT_UPDATE_DAYS - Update window for old results in days. Applies vulnerability updates only for newer results. Default 730.

VACUUM_DAYS - Days to run postgresql vacuum (default sunday)

MEMCACHED_LOCATION - location of memcached (default "127.0.0.1:11211").

FRONTEND_WORKER_CONCURRENCY - number of concurrent result post-processors. Default 3.

MAX_DECOMPRESSION_RATIO: The maximum decompression value of files extracted by the worker from an archive. The default value is 20, meaning if an 1MB archive contains a 20MB file, it will not be extracted. This value may need to be adjusted if you are extracting files from a file system that compresses files very efficiently. In appliance the files are stored to a different location.

Appliance Environment Variables

ALLOWED_HOSTS: List of allowed values for HTTP Host header. Wildcards are allowed, and values are separated by comma (,). Default is "*".

POSTGRES_DBNAME - postgresql database name

POSTGRES_USER - user for postgresql

POSTGRES_PASSWORD - password for postgresql

POSTGRES_HOST` - postgresql host

POSTGRES_PORT - port for postgresql

PGSSLMODE - postgresql sql mode

PGSSLKEY - postgresql ssl key

PGSSLCERT - postgresql ssl certificate

PGSSLROOTCERT - postgresql ssl root certificate

CONCURRENT_RESULT_UPDATES - number of concurrent result updates, that is, additional background processing tasks for updating results on vuln updates, version updates etc. (default 0 - disable).