Secure your software, empower your team.
CodeClarity is a powerful, open-source security analysis platform that serves as an alternative to Snyk, Checkmarx, and Black Duck. It provides:
- β‘ Fast source code analysis - Identify dependencies, licenses, and vulnerabilities instantly
- π Full on-premises control - Your code never leaves your environment
- π CI/CD integration - Seamlessly integrates with GitHub Actions, Jenkins, and more
- 𧩠Extensible plugin system - Create custom analysis pipelines with modular plugins
- π Comprehensive reporting - SBOM generation, vulnerability detection, license compliance
- Built-in Plugins: SBOM builder, vulnerability finder, license finder
- External Integrations: CodeQL support
- Expanding Library: More plugins coming soon
Table of Contents
- CodeClarity Deployment Guide
- π What is CodeClarity?
- π System Requirements
- β‘ Quick Start Guide
- π Start Using the Platform
- π οΈ Detailed Setup Instructions
- π€ Contributing
- π Reporting Issues
- π License
Before you begin, make sure your system meets the following requirements:
- curl: For downloading the setup script. Install instructions
- git: Required for cloning the deployment repository and updating the platform. Install instructions
- git-lfs: Required for fetching database dumps (stored in Git LFS). Install instructions
- openssl: Required for generating SSL certificates. Install instructions
- Docker & Docker Compose: Containerization platform and orchestration tool for running CodeClarity. Docker install | Compose install
- make (optional): Simplifies maintenance and update tasks. Install instructions
Tip
If you're new to Docker, check out the Docker Get Started guide for a quick introduction.
Want to get started in 2 minutes? Run this one-liner to install CodeClarity locally:
curl -O https://raw.githubusercontent.com/CodeClarityCE/deployment/main/setup.sh && bash setup.shWhen prompted, choose Y for localhost installation, and you'll have CodeClarity running at https://localhost:443!
Note
For production deployments or custom configurations, follow the detailed setup instructions below.
You're ready to access CodeClarity! Open https://localhost:443 in your browser to get started.
Warning
Your browser may prompt you to accept the self-signed certificate generated by Caddy. This is expected for local installations.
Note
To help you get started quickly, use the following credentials:
- Login:
john.doe@codeclarity.io - Password:
ThisIs4Str0ngP4ssW0rd?
We recommend changing your password after your first login.
Ready to explore? Follow the Create Your First Analysis guide to begin analyzing your code!
This repository contains all the configuration files needed to deploy CodeClarity. The setup process is designed to be simple and guides you through different deployment scenarios.
This script will automatically clone the deployment repository and guide you through the initial setup of CodeClarity.
Warning
Please make sure the Docker daemon is running before executing the setup script.
curl -O https://raw.githubusercontent.com/CodeClarityCE/deployment/main/setup.sh && bash setup.shWhat does this script do?
- Clone the Deployment Repository: Downloads all necessary configuration files from the CodeClarityCE deployment repository.
- Start Docker Containers: Launches the core CodeClarity services using
docker-compose.yml. - Download Database Dumps: Retrieves pre-populated database dumps with initial platform data.
- Create Databases: Sets up the required databases for CodeClarity, ensuring a clean environment.
- Restore Database Content: Loads the initial data into the databases.
- Restart Containers: Restarts all services to apply changes and ensure everything is running correctly.
The setup script will guide you through two installation options based on your deployment environment:
Best for: Development, testing, and local evaluation
The fastest way to get started with CodeClarity is to install it on your local machine. This option is perfect for:
- Evaluating CodeClarity's features
- Development and testing
- Quick proof-of-concept deployments
When prompted, select localhost installation:
Is this installation running on localhost (Y/n)?
YNote
What happens next:
- CodeClarity will be accessible at
https://localhost:443 - Self-signed certificates will be automatically generated
- No external DNS configuration required
Best for: Production deployments, team environments, and public-facing instances
Choose this option when deploying CodeClarity on a server with a specific domain name.
First, decline the localhost option:
Is this installation running on localhost (Y/n)?
nThen provide your domain name (must point to your server's IP address):
Enter the domain name (localtest.io):
your-domain.comImportant
Prerequisites for domain installation:
- Your domain must be configured to point to your server's IP address
- Ensure ports 80 and 443 are accessible from the internet (if using automatic certificates)
You have two options for SSL certificates:
Let Caddy automatically generate and manage SSL certificates via Let's Encrypt:
Do you want Caddy to generate certificates (Y/n)?
YTip
Requirements for automatic certificates:
- Your server must be publicly accessible from the internet
- Domain must resolve to your server's public IP
- Ports 80 and 443 must be open
- Let's Encrypt rate limits apply
Use your own SSL certificates:
Do you want Caddy to generate certificates (Y/n)?
nNote
Using custom certificates:
- The setup script will create placeholder certificates in the
certsdirectory - Replace the generated certificates with your own before starting the platform
- Restart the platform after replacing certificates:
docker compose restart - Supported formats: PEM-encoded certificate and private key files
To keep your vulnerability database up to date, you can refresh it using the latest data from the National Vulnerability Database (NVD).
Note
Apply for a free NVD API key and add it to your .env.codeclarity file before updating.
To update the knowledge database, run:
make knowledge-updateThis will download and import the latest vulnerability data, ensuring your platform has the most current security information.
After the initial setup, you can manage CodeClarity using standard Docker Compose commandsβno need to rerun the setup script.
Note
Common Docker Compose Commands
docker compose up -d: Start the platform in the background (detached mode).docker compose down: Stop the platform and remove containers.docker compose restart: Restart all platform containers.docker compose pull: Download the latest Docker images from the repository.
Tip
To update CodeClarity to the latest version:
git pull: Fetch the latest changes from the deployment repository.docker compose pull: Download updated Docker images.docker compose restart: Restart containers to apply updates.
Caution
Your data is stored in Docker volumes and will persist between restarts. However, always back up your data before performing major updates.
If you'd like to contribute code or documentation, please see CONTRIBUTING.md for guidelines on how to do so.
Please report any issues with the setup process or other problems encountered while using this repository by opening a new issue in this project's GitHub page.
This project is licensed under the AGPL-3.0-or-later license. You can find the full license details in the LICENSE file.