secureCodeBox · J12934 · Mar 16, 2020 · Feb 13, 2020 · Feb 13, 2020 · Feb 19, 2020
diff --git a/.env b/.env
@@ -2,23 +2,23 @@ CAMUNDADB_DATABASE=camundadb
 CAMUNDADB_ROOT_PW=root
 CAMUNDADB_USER=camunda
 CAMUNDADB_PW=secret
-
+#
 ENGINE_SCANNERSERVICES_USER=defaultScanner
 ENGINE_SCANNERSERVICES_PASSWORD=scan
-
+#
 DEFECT_DOJO_API_KEY=your-defect-dojo-api-key-here
-
+#
 # Default Image Tag. Latest will always be the most recent stable release.
 DEFAULT_TAG=latest
-
+#
 # Enabling the Persistence Providers inside then Engine Container
 # Even when they are disabled here they might still be started (depending on the way you start your compose stack)
 # This flag just changes if the engine writes results into the providers
 ENABLE_ELASTICSEARCH=true
 # DefectDojo integration is currently disabled by default
 # This is planned to change with release 1.2.0
 ENABLE_DEFECT_DOJO=false
-
+#
 # Admin User Configuration
 # By default you will be asked to set the admin password on first login. 
 # It can be set automatically by filling the following env vars.

diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,5 @@
 **.iml
 .DS_Store
 .idea
+.vagrant
+**.log
diff --git a/README.md b/README.md
@@ -41,20 +41,22 @@ The purpose of *secureCodeBox* **is not** to replace the penetration testers or
 There is a german article about [Security DevOps – Angreifern (immer) einen Schritt voraus][secdevops-objspec] in the software engineering journal [OBJEKTSpektrum][objspec].
 
 ## Quickstart
-
-### Prerequisites
- * Minimal Docker version 18.03.0 is required
- * Docker-Compose is required.
- * Your docker host will need at least 4GB virtual memory to run the complete stack. If you want to scale out the scanner you will need more...
-
-For a quick start checkout this repository and start the complete secureCodeBox stack with docker-compose:
+For a quick start checkout this repository and start the complete secureCodeBox stack with docker-compose or vagrant:
 
 ```bash
 git clone https://github.com/secureCodeBox/secureCodeBox
 cd secureCodeBox
 ```
 
-### Start with docker-compose
+You can start the secureCodeBox project based on docker-compose or localy with Vagrant.
+
+### Start with docker and docker-compose
+
+#### Prerequisites
+ * Minimal Docker version 18.03.0 is required
+ * Docker-Compose is required.
+ * Your docker host will need at least 4GB virtual memory to run the complete stack. If you want to scale out the scanner you will need more...
+
 The docker-compose.yml file can be used to launch a secureCodeBox instance.
 To start the secureCodeBox and some demo targets run the following:
 
@@ -69,6 +71,22 @@ Running `docker-compose up` uses the default credentials specified in the [`.env
  * `ENGINE_SCANNERSERVICES_USER` Technical user for the scanner services to access the engines API
  * `ENGINE_SCANNERSERVICES_PASSWORD` Technical users password for the scanner services to access the engines API
 
+### Start with Vagrant (docker and docker compose already included)
+#### Prerequisites
+ * Vagrant Version 2.x is required
+ * VirtualBox is required
+ * Your vagrant maschine will need at least 8GB virtual memory to run the complete stack. If you want to scale out the scanner you will need more...
+
+```bash
+vagrant plugin install vagrant-docker-compose
+vagrant plugin install vagrant-disksize
+```
+To start the complete setup localy you can easily start the vagrant maschine:
+
+```bash
+vagrant up
+```
+
 ### Run your first security scan
 There are several ways to start a security scan with the secureCodeBox. One way is to use the WebUI of the engine and start the scan manually.
 

diff --git a/Vagrantfile b/Vagrantfile
@@ -0,0 +1,127 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Check for plugins needed
+  unless Vagrant.has_plugin?("vagrant-disksize")
+    print "  WARN: Missing plugin 'vagrant-disksize'.\n"
+    print "  Use 'vagrant plugin install vagrant-disksize' to install.\n"
+  end
+
+  unless Vagrant.has_plugin?("vagrant-docker-compose")
+    print "  WARN: Missing plugin 'vagrant-docker-compose'.\n"
+    print "  Use 'vagrant plugin install vagrant-docker-compose' to install.\n"
+  end
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "ubuntu/bionic64"
+  config.vm.hostname = "scb-test"
+
+  # Defines a given disk size for this Box.
+  # You can search for this plugin at https://github.com/sprotheroe/vagrant-disksize
+  config.disksize.size = '40GB'
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  config.vm.network "forwarded_port", guest: 80, host: 80
+  config.vm.network "forwarded_port", guest: 8080, host: 8080
+  config.vm.network "forwarded_port", guest: 443, host: 443
+  config.vm.network "forwarded_port", guest: 8443, host: 8443
+  config.vm.network "forwarded_port", guest: 9200, host: 9200
+  config.vm.network "forwarded_port", guest: 5601, host: 5601
+
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  #config.ssh.guest_port = 29683
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  config.vm.provider "virtualbox" do |vb|
+     vb.name = "scb-test"
+
+     # Display the VirtualBox GUI when booting the machine
+     vb.gui = false
+
+     # Customize the amount of memory on the VM:
+     vb.memory = "8192"
+     vb.cpus = 1
+  end
+
+
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+  # config.vm.provision "shell", inline: <<-SHELL
+  #   apt-get update
+  #   apt-get install -y apache2
+  # SHELL
+
+  compose_env = Hash.new
+  if File.file?(".env")
+    array = File.read(".env").split("\n")
+    array.each do |e|
+      unless e.start_with?("#")
+        var = e.split("=")
+        compose_env[var[0]] = var[1]
+      end
+    end
+  end
+
+  # If errors occur, try running "vagrant provision" manually
+  # after "vagrant up"
+  config.vm.provision :docker
+
+  # To use docker_compose as a provisioning tool, install
+  # vagrant-docker-compose plugin first. It should also solve the
+  # "The '' provisioner could not be found." error:
+  # $ vagrant plugin install vagrant-docker-compose
+  config.vm.provision :docker_compose,
+    project_name: "docker-vagrant",
+    yml: [
+      "/vagrant/docker-compose.yml",
+      "/vagrant/docker-compose.demo.yml"
+    ],
+    env: compose_env,
+    run: "always"
+end
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -3,7 +3,8 @@ services:
   engine:
     image: securecodebox/engine:${DEFAULT_TAG}
     depends_on:
-      - camundadb
+        camundadb:
+          condition: service_healthy
     ports:
       - "8080:8080"
     networks:
@@ -48,6 +49,11 @@ services:
     labels:
       container_group: infrastructure
     command: --max_allowed_packet=65011712 # 512M
+    healthcheck:
+      test: "/usr/bin/mysql --user=${CAMUNDADB_USER} --password=${CAMUNDADB_PW} --execute \"SHOW DATABASES;\""
+      interval: 5s
+      timeout: 1s
+      retries: 5
     environment:
       - MYSQL_ROOT_PASSWORD=${CAMUNDADB_ROOT_PW}
       - MYSQL_DATABASE=${CAMUNDADB_DATABASE}
@@ -184,7 +190,7 @@ services:
       - ENGINE_BASIC_AUTH_PASSWORD=${ENGINE_SCANNERSERVICES_PASSWORD}
 
   persistence-elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.1
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.6
     ports:
       - "9200:9200"
       - "9300:9300"
@@ -199,7 +205,7 @@ services:
       - discovery.type=single-node
 
   persistence-kibana:
-    image: docker.elastic.co/kibana/kibana-oss:6.8.1
+    image: docker.elastic.co/kibana/kibana-oss:6.8.6
     depends_on:
       - persistence-elasticsearch
     ports: