How to install Whitespots security portal

How to install Whitespots security portal

Whitespots Team
owasp

Hello everyone.

In this lesson, you’ll learn how to install and configure the Whitespots Portal and the Auditor component.

We’ll go through all the steps one by one, from start to finish.

After completing the lesson, if you want to explore even further, check out the comprehensive installation guide in the Whitespots Wiki documentation.

This guide is available at: https://docs.whitespots.io
It always contains up-to-date information reflecting the latest changes.

Before installing the AppSec Portal, make sure that your system meets the minimum recommended requirements:

  • Minimum system resources: 4 GB of RAM and 2 CPU cores.
  • Recommended system resources for 500–700 assets: 16 GB of RAM and 4 CPU cores.
  • Free disk space for installation and data storage.
  • Network access for external users (users must be able to connect to the portal over the network).

Also make sure you have the following software installed on your machine (for Docker Compose installation type):

Installation of the AppSec Portal

Clone the repository

Connect to your server and clone the portal repository:

bash
git clone https://gitlab.com/whitespots-public/appsec-portal.git appsec-portal

You can find the repository address in the Whitespots Wiki documentation in the AppSec Portal → Installation section.

Navigate to the root directory of the AppSec Portal project:

bash
cd appsec-portal

Set environment variables

Run the script to set all necessary environment variables:

bash
./set_vars.sh

For now, accept the default values for optional variables, but make sure that the IMAGE_VERSION parameter is set correctly.

You must find the actual version in the Whitespots Wiki documentation under AppSec Portal → Release Notes:
https://docs.whitespots.io/appsec-portal/release-notes

Copy the name of the latest release and paste it into the IMAGE_VERSION variable.

bash
DB_NAME{default=postgres}
DB_USER{default=postgres}
DB_PASS{default=postgres}
DB_HOST{default=postgres}
DB_PORT{default=5432}
RABBITMQ_DEFAULT_USER{default=admin}
RABBITMQ_DEFAULT_PASS{default=mypass}
AMQP_HOST_STRING{default=amqp://admin:mypass@rabbitmq:5672/}
COOKIES_SECURE{default=True}
DOMAIN=http://localhost
IMAGE_VERSION= release_v25.07.1

Important note:
Do not run this script twice!

Start the AppSec Portal

Start the portal by running:

bash
sh run.sh

Create a superuser account

If you plan to use SSO login, the superuser account can serve as a backup login.
To create an administrator account, execute:

bash
docker compose exec back python3 manage.py createsuperuser --username admin

Fill in the parameters for the new user.

The portal has been successfully installed! Now let’s move on to the web interface.

Logging in to the Web Interface

The first time you log in, you will be asked to enter a license. If you are an existing customer, you already have a license.

To obtain a free license:

  1. Go to Whitespots.io and click the Get a License button on the main screen.
  2. Log in to the Whitespots Store by creating a new account or using your Google account.
  3. Copy the free license key and paste it into the License Activation field.

After activation, log in to the Portal as Superuser.

Important note:

The following features are not available in the free version:

  • Auto Validator
  • Deduplicator
  • CVSS
  • Auditor

In this training, we’ll enter the paid license to unlock all of these features.

You can request a separate training environment by sending an email to:
sales@whitespots.io

You can change the license at any time by visiting the License section in Global Settings.

Installation of the Auditor

The second part of the lesson is dedicated to installing the Auditor component.

Before installing the Auditor, make sure that your system meets the minimum recommended requirements:

  • Minimum system resources: 4 GB of RAM and 2 CPU cores.
  • Free disk space for installation and data storage.
  • Network access to and from the portal, and to the location of your asset (the product to be scanned).

Clone the repository

Clone the Auditor repository to your server:

bash
git clone https://gitlab.com/whitespots-public/auditor.git auditor

Navigate to the root directory of the Auditor project:

bash
cd auditor

Set environment variables

Open the .env file.
You can copy all the settings without changes, except for the IMAGE_VERSION parameter.

You must find the actual version in the Whitespots Wiki documentation under AppSec Portal → Release Notes:
https://docs.whitespots.io/appsec-portal/release-notes

Start the Auditor

To start the app, execute:

bash
docker compose up -d

This will start all the services described in the docker-compose.yml file in the background.

After running this command, the application should be accessible on the port specified in the configuration (default: 8080, configurable in docker-compose.yml).

Create a new token

You will receive an access token the first time you start.
Copy it and set it in the .env file as the value of the ACCESS_TOKEN variable.

To complete the setup, execute:

bash
docker compose down
docker compose up -d

Now we’re ready to connect our Portal and Auditor!

Previous
General information about security portal
Next
Perform the initial configuration