diff --git a/.env.example b/.env.example index a5e71cb..41e1d19 100644 --- a/.env.example +++ b/.env.example @@ -1,87 +1,73 @@ -# ============================================================ -# SecureLens AI — Environment Configuration -# ============================================================ -# Copy this file to .env and fill in your values. -# Never commit your actual .env file to version control. +# copy this to .env and fill in your values +# don't commit your actual .env file -# ------------------------------------------------------------ -# Application -# ------------------------------------------------------------ APP_NAME=SecureLens AI APP_VERSION=1.1.0 DEBUG=true -# ------------------------------------------------------------ -# Server -# ------------------------------------------------------------ HOST=0.0.0.0 PORT=8000 -# ------------------------------------------------------------ -# CORS — comma-separated list of allowed origins -# ------------------------------------------------------------ +# comma-separated, add your frontend origin here CORS_ORIGINS=http://localhost:3000,http://localhost:5173 -# ------------------------------------------------------------ -# Rate Limiting -# ------------------------------------------------------------ RATE_LIMIT=30/minute -# ------------------------------------------------------------ -# Scanner Timeouts (seconds) -# ------------------------------------------------------------ +# how long to wait when scanning a URL (seconds) SCAN_TIMEOUT=5 PATH_CHECK_TIMEOUT=3 -# ------------------------------------------------------------ -# Database -# ------------------------------------------------------------ DATABASE_URL=postgresql+asyncpg://securelens:securelens@localhost:5433/securelens -# ------------------------------------------------------------ -# JWT Auth -# ------------------------------------------------------------ +# change this in production, use something long and random JWT_SECRET=change-me-in-production-use-a-long-random-string -# ------------------------------------------------------------ -# AI Provider (LiteLLM — pick ONE of the options below) -# ------------------------------------------------------------ -# Option 1: Google Gemini (default) +# AI provider - uses LiteLLM so you can swap models by changing these two lines +# gemini (default) AI_MODEL=gemini/gemini-2.0-flash -AI_API_KEY=your-gemini-api-key-here +AI_API_KEY=your-api-key-here -# Option 2: OpenAI +# openai — uncomment to use instead # AI_MODEL=gpt-4o-mini -# AI_API_KEY=your-openai-api-key-here +# AI_API_KEY=sk-... -# Option 3: Anthropic Claude +# anthropic claude — uncomment to use instead # AI_MODEL=claude-3-5-haiku-20241022 -# AI_API_KEY=your-anthropic-api-key-here +# AI_API_KEY=sk-ant-... -# Option 4: OpenRouter (access to all models with one key) +# openrouter — one key for all models # AI_MODEL=openrouter/google/gemini-2.0-flash-exp:free -# AI_API_KEY=your-openrouter-api-key-here +# AI_API_KEY=sk-or-... -# Option 5: Ollama (local, free — no key needed) +# ollama (local, no key needed) # AI_MODEL=ollama/llama3.1 # AI_API_KEY= -# Legacy: still works for Gemini backward compatibility -# GEMINI_API_KEY=your-gemini-api-key-here +# old gemini key still works if you haven't migrated yet +# GEMINI_API_KEY= -# ------------------------------------------------------------ -# Threat Intelligence (Optional — free tier available) -# ------------------------------------------------------------ -# VirusTotal: https://www.virustotal.com/ (500 lookups/day free) +# threat intelligence — both have free tiers, leave blank to skip +# virustotal.com — 500 lookups/day free VIRUSTOTAL_API_KEY= - -# AbuseIPDB: https://www.abuseipdb.com/ (1000 lookups/day free) +# abuseipdb.com — 1000 lookups/day free ABUSEIPDB_API_KEY= -# ------------------------------------------------------------ -# Scheduled Scans -# ------------------------------------------------------------ -# No extra configuration needed. The scheduler starts automatically -# with the app and checks every hour for scans that are due. -# Users create scheduled scans via POST /scheduled-scans (requires JWT auth). -# Webhooks fire automatically if a scheduled scan detects a score drop. +# nuclei active scanner — leave blank if nuclei isn't installed +# it'll search PATH automatically, or set an explicit path here +# install: go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest +NUCLEI_BINARY_PATH= + +# slack alerts — paste your incoming webhook URL here to get notified on scan completion +# and score regressions. leave blank to skip +# create one at: https://api.slack.com/messaging/webhooks +SLACK_WEBHOOK_URL= + +# email alerts via SMTP — leave SMTP_HOST blank to skip +# works with gmail app passwords, sendgrid, etc. +SMTP_HOST= +SMTP_PORT=587 +SMTP_USERNAME= +SMTP_PASSWORD= +SMTP_FROM_EMAIL= +# set to true if your provider uses port 465 (SSL), false for port 587 (STARTTLS) +SMTP_USE_SSL=false