-
Notifications
You must be signed in to change notification settings - Fork 0
Quick Start
homelabforge edited this page Apr 5, 2026
·
3 revisions
Get VulnForge running in 5 minutes.
- Docker with Docker Compose
- Access to Docker socket (via socket proxy recommended)
- 1GB RAM minimum
- Linux/macOS/Windows with WSL2
mkdir -p /srv/vulnforge/{data,config}
cd /srv/vulnforgeversion: "3.8"
services:
socket-proxy:
image: tecnativa/docker-socket-proxy:latest
container_name: socket-proxy-ro
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
CONTAINERS: 1
IMAGES: 1
INFO: 1
NETWORKS: 1
VOLUMES: 1
networks:
- vulnforge
restart: unless-stopped
trivy:
image: aquasec/trivy:latest
container_name: trivy
command: server --listen 0.0.0.0:8080
volumes:
- trivy-cache:/root/.cache
networks:
- vulnforge
restart: unless-stopped
vulnforge:
image: ghcr.io/homelabforge/vulnforge:latest
container_name: vulnforge
ports:
- "8787:8787"
volumes:
- ./data:/data
environment:
DOCKER_SOCKET_PROXY: tcp://socket-proxy-ro:2375
TRIVY_CONTAINER_NAME: trivy
SCAN_SCHEDULE: "0 2 * * *" # Daily at 2 AM
networks:
- vulnforge
depends_on:
- socket-proxy
- trivy
restart: unless-stopped
security_opt:
- no-new-privileges:true
volumes:
trivy-cache:
networks:
vulnforge:
name: vulnforgedocker compose up -dOpen your browser to http://localhost:8787
On first access, enter the bootstrap token from container logs and create your admin account:
docker logs vulnforge | grep "SETUP TOKEN"- Navigate to the Containers page
- Click "Discover Containers" to detect all running and stopped containers
- Review the discovered containers
- Click "Scan All" to perform vulnerability assessment on all containers
- Monitor real-time progress in the Scans page
- Review findings in the Vulnerabilities page
- Navigate to Settings
- Configure:
- Scan schedule (default: daily at 2 AM)
- Notification thresholds
- Secret scanning toggle
- Data retention policies
- First-Time Setup - Complete walkthrough
- Vulnerability Scanning - Learn about triage and remediation
- Notifications - Set up ntfy alerts
- Authentication - Secure your instance
If you see "Docker daemon permission denied":
# Add your user to docker group
sudo usermod -aG docker $USER
newgrp dockerEnsure the socket proxy has correct permissions:
environment:
CONTAINERS: 1
IMAGES: 1
INFO: 1If scans fail due to database issues, check Trivy logs:
docker logs trivyThe scanner will automatically retry with stale database if fresh update fails.
- Troubleshooting - Comprehensive problem-solving guide
- FAQ - Frequently asked questions
- GitHub Issues - Report bugs