Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Configuration Reference

This page documents all configuration options for Vulnera.

Environment Variables

All configuration can be set via environment variables with the VULNERA__ prefix using double underscores for nesting.

Core Settings

VariableDescriptionDefault
DATABASE_URLPostgreSQL connection stringRequired
VULNERA__AUTH__JWT_SECRETJWT signing secret (32+ chars)Required
VULNERA__SERVER__ADDRESSServer bind address0.0.0.0:3000
VULNERA__SERVER__ENABLE_DOCSEnable Swagger UItrue

LLM Configuration

Vulnera supports multiple LLM providers for AI-powered features.

Provider Selection

VariableDescriptionDefault
VULNERA__LLM__PROVIDERActive provider: google_ai, openai, azuregoogle_ai
VULNERA__LLM__DEFAULT_MODELModel name for generationgemini-2.0-flash
VULNERA__LLM__TEMPERATUREGeneration temperature (0.0-1.0)0.3
VULNERA__LLM__MAX_TOKENSMaximum tokens to generate2048
VULNERA__LLM__TIMEOUT_SECONDSRequest timeout60
VULNERA__LLM__ENABLE_STREAMINGEnable streaming responsestrue

Google AI (Gemini)

VariableDescription
GOOGLE_AI_KEYAPI key from aistudio.google.com
VULNERA__LLM__GOOGLE_AI__BASE_URLCustom API endpoint

Recommended models: gemini-2.0-flash, gemini-1.5-pro

OpenAI

VariableDescription
OPENAI_API_KEYAPI key from platform.openai.com
VULNERA__LLM__OPENAI__BASE_URLCustom endpoint (for Ollama, vLLM, etc.)
VULNERA__LLM__OPENAI__ORGANIZATION_IDOrganization ID

Recommended models: gpt-4, gpt-4-turbo, gpt-3.5-turbo

Azure OpenAI

VariableDescription
AZURE_OPENAI_KEYAzure API key
VULNERA__LLM__AZURE__ENDPOINTAzure resource endpoint
VULNERA__LLM__AZURE__DEPLOYMENTDeployment name
VULNERA__LLM__AZURE__API_VERSIONAPI version (default: 2024-02-15-preview)

Resilience Settings

VariableDescriptionDefault
VULNERA__LLM__RESILIENCE__ENABLEDEnable circuit breaker + retrytrue
VULNERA__LLM__RESILIENCE__MAX_RETRIESMax retry attempts3
VULNERA__LLM__RESILIENCE__INITIAL_BACKOFF_MSInitial backoff delay500
VULNERA__LLM__RESILIENCE__MAX_BACKOFF_MSMaximum backoff delay30000
VULNERA__LLM__RESILIENCE__CIRCUIT_BREAKER_THRESHOLDFailures before circuit opens5
VULNERA__LLM__RESILIENCE__CIRCUIT_BREAKER_TIMEOUT_SECSSeconds before circuit recovery60

Enrichment Settings

VariableDescriptionDefault
VULNERA__LLM__ENRICHMENT__MAX_FINDINGS_TO_ENRICHMax findings to enrich10
VULNERA__LLM__ENRICHMENT__MAX_CONCURRENT_ENRICHMENTSConcurrent enrichment calls3
VULNERA__LLM__ENRICHMENT__INCLUDE_CODE_CONTEXTInclude code in promptstrue
VULNERA__LLM__ENRICHMENT__MAX_CODE_CONTEXT_CHARSMax code snippet length2000

Sandbox Configuration

The sandbox provides secure isolation for SAST and secrets detection modules.

VariableDescriptionDefault
VULNERA__SANDBOX__ENABLEDEnable sandboxingtrue
VULNERA__SANDBOX__BACKENDSandbox backend (see below)landlock
VULNERA__SANDBOX__FAILURE_MODESandbox setup behaviorbest_effort
VULNERA__SANDBOX__EXECUTION_TIMEOUT_SECSExecution timeout30
VULNERA__SANDBOX__MEMORY_LIMIT_MBMemory limit (process backend)256

Sandbox Backends

BackendDescriptionRequirements
landlockKernel-level isolationLinux 5.13+
autoAuto-detect best backendLinux/non-Linux
processFork-based isolationAny Linux
noopDisable sandboxingNot recommended

Landlock provides near-zero overhead security using Linux kernel capabilities.

Failure modes:

ModeBehavior
best_effortContinue analysis if sandbox setup degrades
fail_closedAbort module execution if sandbox setup fails

Cache Configuration

VariableDescriptionDefault
VULNERA__CACHE__DRAGONFLY_URLRedis/Dragonfly URLOptional
VULNERA__CACHE__DEFAULT_TTL_SECSDefault cache TTL3600

Example Configuration

Minimal (Development)

DATABASE_URL='postgresql://localhost/vulnera'
VULNERA__AUTH__JWT_SECRET='dev-secret-key-at-least-32-chars!'
GOOGLE_AI_KEY='your-api-key'

Production

DATABASE_URL='postgresql://user:pass@db.example.com:5432/vulnera'
VULNERA__AUTH__JWT_SECRET='production-secret-minimum-32-chars!'
VULNERA__CACHE__DRAGONFLY_URL='redis://cache.example.com:6379'

# LLM
VULNERA__LLM__PROVIDER='google_ai'
GOOGLE_AI_KEY='your-production-key'
VULNERA__LLM__RESILIENCE__ENABLED=true

# Sandbox
VULNERA__SANDBOX__ENABLED=true
VULNERA__SANDBOX__BACKEND='landlock'
VULNERA__SANDBOX__FAILURE_MODE='best_effort'

# Server
VULNERA__SERVER__ENABLE_DOCS=false
VULNERA__SERVER__CORS_ORIGINS='https://vulnera.studio'