# Backend Configuration PORT=3001 API_HOST=localhost CORS_ORIGINS=http://localhost:3000 # Session secret — REQUIRED. Server will not start without this. # Generate with: openssl rand -base64 32 SESSION_SECRET= # NVD API Key (optional - increases rate limit from 5 to 50 requests per 30s) # Request one at https://nvd.nist.gov/developers/request-an-api-key NVD_API_KEY= # Ivanti / RiskSense API (platform4.risksense.com) # API key from your profile settings — does not expire like session cookies IVANTI_API_KEY= IVANTI_CLIENT_ID=1550 IVANTI_FIRST_NAME= IVANTI_LAST_NAME= # Comma-separated list of BU values to sync from Ivanti. # Broadening this pulls findings for additional BUs into the local cache. # Users see only their assigned teams' findings (filtered at query time). # Default if unset: NTS-AEO-ACCESS-ENG,NTS-AEO-STEAM IVANTI_BU_FILTER=NTS-AEO-ACCESS-ENG,NTS-AEO-STEAM # Comma-separated list of BUs considered "managed" for drift classification. # Findings leaving these BUs are classified as bu_reassignment in the archive. # Default if unset: NTS-AEO-ACCESS-ENG,NTS-AEO-STEAM IVANTI_MANAGED_BUS=NTS-AEO-ACCESS-ENG,NTS-AEO-STEAM # Set to true if behind Charter's SSL inspection proxy (replicates Python verify=False) IVANTI_SKIP_TLS=false # Atlas InfoSec API (atlas-infosec.caas.charterlab.com) # Service account credentials for Basic Auth — used to sync and manage action plans ATLAS_API_URL= ATLAS_API_USER= ATLAS_API_PASS= # Set to true if behind Charter's SSL inspection proxy (disables TLS cert verification) ATLAS_SKIP_TLS=false # Jira Data Center REST API # VPN or Charter Network connection required for all Jira instances. # Service accounts use Basic Auth (JIRA_API_USER + JIRA_API_TOKEN). # PATs require ATLSUP approval and naming convention: Function - Team - ATLSUP-XXXXX # Rate limits: 1440 requests/day, burst of 60/minute. JIRA_BASE_URL= JIRA_AUTH_METHOD=basic # Basic Auth — service account credentials JIRA_API_USER= JIRA_API_TOKEN= # PAT Auth — set JIRA_AUTH_METHOD=pat to use JIRA_PAT= # Default project key and issue type for creating issues from the dashboard JIRA_PROJECT_KEY= JIRA_ISSUE_TYPE=Task # Set to true if behind Charter's SSL inspection proxy JIRA_SKIP_TLS=false # CARD Asset Ownership API (card.charter.com / card.caas.stage.charterlab.com) # OAuth Bearer token auth — service account must be onboarded with the CARD team. # Tokens are acquired automatically via Basic Auth and cached for 1 hour. CARD_API_URL= CARD_API_USER= CARD_API_PASS= # Set to true if behind Charter's SSL inspection proxy CARD_SKIP_TLS=false # PostgreSQL Database (Docker container steam-postgres) # If set, the backend uses Postgres instead of SQLite. # Format: postgresql://user:password@host:port/database DATABASE_URL=postgresql://steam:@localhost:5433/cve_dashboard # GitLab Feedback Integration (bug reports and feature requests from the dashboard) # PAT needs 'api' scope. Project ID is the numeric ID from GitLab project settings. GITLAB_URL=http://steam-gitlab.charterlab.com GITLAB_PROJECT_ID= GITLAB_PAT= # GitLab Webhook Secret — shared secret for validating incoming webhook requests. # Set this same value in GitLab project > Settings > Webhooks > Secret Token. # Generate with: openssl rand -hex 20 GITLAB_WEBHOOK_SECRET=changeme_generate_a_random_secret