docker-compose.yml

# CxSAST run stack with Portainer for management.
#
# CxSAST - http://localhost:8000/CxWebClient/
# Portainer - http://localhost:9000
#
# See README.md for more information

version: "3.2"
services:
  db:
    image: cxai/cxdb
    ports:
        - "1433:1433"
    volumes:
        - cxdb:/var/opt/mssql
    environment:
        - SA_PASSWORD=Passw0rd!
    networks:               # default overlay network works fine too, this is defined for easier troubleshooting
        - internal
    deploy:
        placement:
            constraints: [node.platform.os == linux]
        restart_policy:
            condition: on-failure # none    - if it's down keep it down
            delay: 5s
            max_attempts: 3

  manager:
    image: cxai/cxmanagers
    volumes:
        - cxlicense:c:/temp
    networks:
        - internal
    environment:
        - sast_db=db
    deploy:
        endpoint_mode: dnsrr
        placement:
            constraints: [node.platform.os == windows]
        restart_policy:
            condition: on-failure
            delay: 5s
            max_attempts: 3
    depends_on:
        - "db"

  portal:
    image: cxai/cxportal
    volumes:
        - cxlicense:c:/temp
    ports:
        # the host mode required because of dnsrr
        - target: 80
          published: 8000
          protocol: tcp
          mode: host
        #- "9443:433"
        #- "9080:80"
        #- "80:80"
    environment:
        - sast_manager=manager
    networks:
        - internal
    deploy:
        endpoint_mode: dnsrr
        placement:
            constraints: [node.platform.os == windows]
        restart_policy:
            condition: on-failure
            delay: 5s
            max_attempts: 3
    depends_on:
        - "db"

  engine:
    image: cxai/cxengine
    volumes:
        - cxlicense:c:/temp
    environment:
        - sast_server=manager
        - sast_admin=admin@cx
        - sast_adminpwd=admin
    hostname: engine
    networks:
        - internal
    deploy:
        endpoint_mode: dnsrr
        placement:
            constraints: [node.platform.os == windows]
        restart_policy:
            condition: on-failure
            delay: 5s
            max_attempts: 3
    depends_on:
        - "manager"

  portainer:
    image: portainer/portainer
    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - portainer:/data
    ports:
        - "9000:9000"
    networks:
        - internal
    deploy:
        placement:
            constraints:
                - node.role == manager
                - node.platform.os == linux
        restart_policy:
            condition: on-failure
            delay: 5s
            max_attempts: 3

# volumes need to be external so they are not re-created each time a stack is provisioned
volumes:
    cxdb:
        external: true
    cxlicense:
        external: true
    portainer_data:
        external: true

# the net is defined to be attachable for troubleshooting, not really necessary otherwise
networks:
    internal:
        attachable: true