-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
68 lines (61 loc) · 3.33 KB
/
Copy path.env.example
File metadata and controls
68 lines (61 loc) · 3.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# .env.example — CiberWebScan environment variables (current implementation)
# Copy this file to `.env` and update values for your environment.
# IMPORTANT: Do NOT commit your real `.env` file (secrets, API keys, credentials).
#
# NOTE ABOUT BEHAVIOR:
# The current `ConfigLoader` implementation *replaces all underscores (`_`) with dots (`.`)*
# when mapping environment variables to configuration keys. Because many model fields
# contain underscores (for example `user_agent`, `rate_limit`, `include_screenshots`),
# those specific fields **cannot** be overridden via environment variables today.
# Use `~/.ciberwebscan/config.yaml` for complex settings (examples below).
#
# -----------------------------------------------------------------------------
# Supported environment overrides (work with current loader)
# -----------------------------------------------------------------------------
# Logging / runtime
LOG_LEVEL=INFO
CIBERWEBSCAN_LOGGING_LEVEL=INFO # -> logging.level
# HTTP client / proxies
CIBERWEBSCAN_HTTP_TIMEOUT_CONNECT=10.0 # -> http.timeout.connect
CIBERWEBSCAN_HTTP_TIMEOUT_READ=30.0 # -> http.timeout.read
CIBERWEBSCAN_HTTP_PROXY_ROTATE=false # -> http.proxy.rotate
# Use standard proxy env vars for proxy URLs
HTTP_PROXY=http://proxy.example.com:3128
HTTPS_PROXY=http://proxy.example.com:3128
NO_PROXY=localhost,127.0.0.1
# Playwright / Scraping (only simple keys are supported via envs)
CIBERWEBSCAN_SCRAPING_DYNAMIC_ENABLED=false # -> scraping.dynamic.enabled
CIBERWEBSCAN_SCRAPING_DYNAMIC_HEADLESS=true # -> scraping.dynamic.headless
# NOTE: `scraping.dynamic.browser_type` cannot be set via env due to underscore in
# the field name; set it in config.yaml instead.
# Attack (safety)
CIBERWEBSCAN_ATTACK_ENABLED=false # -> attack.enabled
# Individual attack flags (xss/sqli/traversal/enumeration) map correctly because
# their field names do not contain underscores, e.g. CIBERWEBSCAN_ATTACK_XSS
# can be used to toggle `attack.xss`.
# Example (uncomment to use):
# CIBERWEBSCAN_ATTACK_XSS=false
# CIBERWEBSCAN_ATTACK_SQLI=false
# Cache
CIBERWEBSCAN_CACHE_ENABLED=true # -> cache.enabled
# Analysis / CVE API keys
# Prefer the direct env vars below — the `analysis.cve.*` fields (which contain
# underscores) cannot be reliably set via CIBERWEBSCAN_ env vars with the current loader.
NVD_API_KEY=
VULNERS_API_KEY=
# -----------------------------------------------------------------------------
# Fields that MUST be configured in `config.yaml` (not supported via env today)
# -----------------------------------------------------------------------------
# - user_agent.* (e.g. `user_agent.agents`, `user_agent.mode`)
# - http.rate_limit.* (e.g. `http.rate_limit.requests_per_second`)
# - export.include_screenshots
# - analysis.cve.nvd_api_key, analysis.cve.vulners_api_key
# - attack.user_consent
# -----------------------------------------------------------------------------
# Tips
# -----------------------------------------------------------------------------
# - Edit this file and save it as `.env` in the project root for local development.
# - Environment variables override values from `~/.ciberwebscan/config.yaml`.
# - For debugging set: LOG_LEVEL=DEBUG
# - Do NOT commit `.env` containing secrets or API keys to git.
# -----------------------------------------------------------------------------