Page Comparison

...

• A Linux distribution with Kernel 2.6 or greater.

  • Shared installations will require NFS version 4. See below for more details.

• A volume with at least 20GB of disk space per codebase for large codebases.

• At least 8GB of RAM.

• A multi-core machine or a VM at least 2 VCPUs.

Deployment Flavors

Selecting a Deployment Flavor

...

• Simple will provide the fastest way to get set up with CodeMRI® Platform Web, however it depends on everything running on a single machine.

• Shared is ideal for integration with your build pipeline, and for teams that will need to share a single vault among multiple machines.

Simple

A self-contained setup in which the server will be run from the same machine, whether physical or virtual, as the machine executing the scans. This is the best setup for evaluation or proof-of-concept installations where you want things to come up and running as fast as possible, and where you do not need to run CodeMRI® on continuous integration systems.

Image RemovedImage Added

Simple Deployment Layout

...

A shared vault setup means that the machine running the server and the machine(s) running the scans (also known as "processors") are different. This is the best setup for integration with your build pipeline. In this case, the vault will be shared over NFS for use by processors.

Image RemovedImage Added

Shared Deployment Layout

...

Due to the complex nature of Silverthread’s analytics, you will need a partition with ample disk space for scans. For most installations we recommend a minimum disk size of 40GB. Here you will find a table of our recommendations based on codebase size:

We highly recommend monitoring your disk space closely, especially in a continuous integration environment. If you believe you have an exceptional case (e.g. a codebase with millions of files), please contact support@silverthreadinc.com for guidance.

...

CodeMRI® Platform Installation

Step 1: Download and

...

install CodeMRI®

...

Download the archive

Download the “CodeMRI Platform for Linux” archive from https://www.codemri.com/installers (Account required). Unpack the archive on the target machine into a directory i.e., /srv/cmri:

...

Follow the instruction at /wiki/spaces/SCKB/pages/2828861441

Server Setup

Step 1: Set up a vault

1. Create a vault (if none exists):

mkdir /desired/vault/location
cd /desired/vault/location
cmri vault create

Step 2: Run the server setup script

...

You can run the platform setup script as local user.

...

:

# cd /srv/cmri/server
# ./setup.sh

After accepting the license agreement, the script will install the CodeMRI® Platform CLI.

To launch the CodeMRI Platform, runcmri from /srv/cmri/bin

...

Step 3: Select Deployment Type

-Server Todeployments allowcome thein LOCALmultiple userflavors:
to
run* the "cmri" command outside of /srv/cmri/bin: 
    - save the following entry in the local users .bashrc file: export PATH=/srv/cmri/bin:$PATH
- To allow the ALL users to run the "cmri" command outside of /srv/cmri/bin:
    - create the file /etc/profile.d/99-codemri-platform.sh with the following content: export PATH=/srv/cmri/bin:$PATH

Step 1: Run the server setup script:

# cd /srv/cmri
# ./setup-server.sh

Step 2: Select Deployment Type

Server deployments come in multiple flavors:

* Type 'simple' for a self-contained setup. A self-contained setup means that server will be run from the same machine,
  whether physical or virtual, as the machine executing the scans. This is the best setup for evaluation or
  proof-of-concept installations where you want things to come up and running as fast as possible.

* Type 'shared' for a shared-vault setup. A shared vault setup means that the machine running the server and the
  machine(s) running the scans (also known as "processors") are different. This is the best setup for integration with
  Continuous Integration (CI). In this case, the vault will be shared over NFS for use by processors. Before beginning
  this process, you will need to ensure that your machine has NFS version 4 (NFSv4). This has been in the Linux kernel
  since 2.6, so any reasonably modern Linux distribution should have access to NFSv4.

* Type 'skip' to cancel server setup altogether. This machine will not be set up as a server. Use this if you are not
  interested in running the web-based application, or if this is a shared environment and you are setting up a worker
  machine.
  
Please enter an installation type.
simple

Type simple and press Enter.

Step 3: Provide Vault Information

Vault Location

In order to use the server, a data vault is required. Please choose a volume with enough space according to the Capacity Planning section above.

Please provide a path to either an existing vault, or a new vault to create.

Server User

Next, provide the user who will be running the CodeMRI® Platform Web server. The user must be a name of an existing user on your OS.

What is the name of the user who will run the vault?

If you have provided an existing vault, the wizard will set the vault up to communicate with the server. If you specify a directory without a pre-existing vault, the wizard will prompt you to create a new vault. If there is a pre-existing vault, a new folder called web_data will be created and populated within that vault.

Step 4: Confirm Network Settings

Bind and Port Settings

The CodeMRI® Web server requires 2 ports:

• One for the web site itself.

• A second for the administrative interface.

The setup wizard will prompt you with the defaults:

With default settings the server will bind to 0.0.0.0:8000, meaning port 8000 all interfaces. 
A remote administration interface will also be provided on 0.0.0.0:9201 with a default username/password combination of admin/silverthread. 
Would like like to change any of these values? (y/n)

You will need to customize these values if you are running other services on the machine that already use one or more of the default port numbers.

Once the automated installation is complete, proceed with the following instructions:

• Create a vault (if none exists):

mkdir /desired/vault/location
cd /desired/vault/location
cmri vault create

• Associate license (if not already associated) https://silverthread.atlassian.net/wiki/spaces/CKB/pages/2527789057/CodeMRI+-+Cheat+Sheet#Licensing

• Create an endpoint to associate the vault with a web portal. Using the default settings (IP Address = 0.0.0.0, Port = 8000) if default settings were selected, or otherwise using the custom values for IP Address and Port, enter the following in a terminal:

cd /srv/cmri/bin
cmri shell
vault config set analytics.endpoint 'http://<IP Address>:<Port>/analytics/v1'
exit

• Run a script to ensure the database is up-to-date, enter the following in a terminal:

cd /srv/cmri/bin
cmri-server-init

• For the web-platform, it is HIGHLY recommended to perform the following (if not done in the previous platform setup):

To allow the ALL users to run the "cmri" command outside of /srv/cmri/bin:
  - create the file /etc/profile.d/99-codemri-platform.sh with the following content: export PATH=/srv/cmri/bin:$PATH

That’s all. Once you have completed these steps, the server is set up and ready to be run. Please proceed to the Running and Administration section.

Shared Deployment Steps

Pre-Installation Checks

Before beginning this process, you will need to ensure that your machine has NFS version 4 (NFSv4). If you are unsure, you can check by running rpcinfo as shown below:

$ rpcinfo -p localhost | grep 'nfs$'
    
100003    3   tcp   2049  nfs
100003    4   tcp   2049  nfs
100003    3   udp   2049  nfs
100003    4   udp   2049  nfs

If you see entries with 4 in the second column, you are running NFS version 4. If you do not see any entries, you may not be running NFS at all; follow your distribution’s guide for installing and running NFS.

Once you have the NFS service running, be sure you can access the NFS service from other machines on your network. While not a complete test by any means, you can do a simple smoke test on another machine using netcat:

$ (nc -z <ip> 2049 && echo "nfs REACHABLE") || echo "nfs NOT REACHABLE"
$ (nc -z <ip> 111 && echo "rpc.d REACHABLE") && echo "rpc.d NOT REACHABLE"

If you cannot reach NFS from other machines, make sure the service is running locally. You may need to change your firewall settings. If you use firewalld:

$ sudo -i
# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --add-service=mountd
# firewall-cmd --permanent --add-service=rpc-bind
# firewall-cmd --reload

CodeMRI® Platform Installation

Step 1: Download and Extract CodeMRI® Platform

Download the archive

Download the “CodeMRI Platform for Linux” archive from https://www.codemri.com/installers (Account required). Unpack the archive on the target machine into /srv/cmri as root:

# mkdir -p /srv/cmri
# cd /srv/cmri
# unzip /path/to/codemri-platform-linux-X.Y.Z.zip

Step 2: Run the setup script

You must run the setup script as root.

# cd /srv/cmri
# ./setup.sh

Server Setup

Step 1: Run Setup Script

Once you have NFS up and running, and CodeMRI® installed, run setup-server.sh from the installation directory as root:

$ sudo -i
# cd /srv/cmri
# ./setup-server.sh

Step 2: Select Deployment Type

Server deployments come in multiple flavors:

* Type 'simple' for a self-contained setup. A self-contained setup means that server will be run from the same machine,
  whether physical or virtual, as the machine executing the scansType 'simple' for a self-contained setup. A self-contained setup means that server will be run from the same machine,
  whether physical or virtual, as the machine executing the scans. This is the best setup for evaluation or
  proof-of-concept installations where you want things to come up and running as fast as possible.

* Type 'shared' for a shared-vault setup. A shared vault setup means that the machine running the server and the
  machine(s) running the scans (also known as "processors") are different. This is the best setup for integration with
  Continuous Integration (CI). In this case, the vault will be shared over NFS for use by processors. Before beginning
  this process, you will need to ensure that your machine has NFS version 4 (NFSv4). This has been in the Linux kernel
  since 2.6, so any reasonably modern Linux distribution should have access to NFSv4.

* Type 'skip' to cancel server setup altogether. This machine will not be set up as a server. Use this if you are not
  interested in running the web-based application, or if this is a shared environment and you are setting up a worker
  machine.
  
Please enter an installation type.
simple

Type simple and press Enter.

Step 4: Provide Vault Information

Vault Location

In order to use the server, a data vault is required. Please choose a volume with enough space according to the Capacity Planning section above.

Please provide a path to either an existing vault, or a new vault to create.

Server User

Next, provide the user who will be running the CodeMRI® Platform Web server. The user must be a name of an existing user on your OS.

What is the name of the user who will run the vault?

If you have provided an existing vault, the wizard will set the vault up to communicate with the server. If you specify a directory without a pre-existing vault, the wizard will prompt you to create a new vault. If there is a pre-existing vault, a new folder called web_data will be created and populated within that vault.

Step 5: Confirm Network Settings

Bind and Port Settings

The CodeMRI® Web server requires 2 ports:

• One for the web site itself.

• A second for the administrative interface.

The setup wizard will prompt you with the defaults:

With default settings the server will bind to 0.0.0.0:8000, meaning port 8000 all interfaces. 
A remote administration interface will also be provided on 0.0.0.0:9201 with a default username/password combination of admin/silverthread. 
Would like like to change any of these values? (y/n)

You will need to customize these values if you are running other services on the machine that already use one or more of the default port numbers.

Once the automated installation is complete, proceed with the following instructions:

• Create an endpoint to associate the vault with a web portal. Using the default settings (IP Address = 0.0.0.0, Port = 8000) if default settings were selected, or otherwise using the custom values for IP Address and Port, enter the following in a terminal:

cd /srv/cmri/bin
cmri shell
vault config set analytics.endpoint 'http://<IP Address>:<Port>/analytics/v1'
exit

• Run a script to ensure the database is up-to-date, enter the following in a terminal:

cd /srv/cmri/bin
cmri-server-init

• For the web-platform, it is HIGHLY recommended to perform the following (if not done in the previous platform setup):

To allow the ALL users to run the "cmri" command outside of /srv/cmri/bin:
  - create the file /etc/profile.d/99-codemri-platform.sh with the following content: export PATH=/srv/cmri/bin:/srv/cmri/server:$PATH

That’s all. Once you have completed these steps, the server is set up and ready to be run. Please proceed to the Running and Administration section.

Shared Deployment Steps

Pre-Installation Checks

Before beginning this process, you will need to ensure that your machine has NFS version 4 (NFSv4). If you are unsure, you can check by running rpcinfo as shown below:

$ rpcinfo -p localhost | grep 'nfs$'
    
100003    3   tcp   2049  nfs
100003    4   tcp   2049  nfs
100003    3   udp   2049  nfs
100003    4   udp   2049  nfs

If you see entries with 4 in the second column, you are running NFS version 4. If you do not see any entries, you may not be running NFS at all; follow your distribution’s guide for installing and running NFS.

Once you have the NFS service running, be sure you can access the NFS service from other machines on your network. While not a complete test by any means, you can do a simple smoke test on another machine using netcat:

$ (nc -z <ip> 2049 && echo "nfs REACHABLE") || echo "nfs NOT REACHABLE"
$ (nc -z <ip> 111 && echo "rpc.d REACHABLE") && echo "rpc.d NOT REACHABLE"

If you cannot reach NFS from other machines, make sure the service is running locally. You may need to change your firewall settings. If you use firewalld:

$ sudo -i
# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --add-service=mountd
# firewall-cmd --permanent --add-service=rpc-bind
# firewall-cmd --reload

CodeMRI® Platform Installation

Step 1: Download and install CodeMRI®

Follow the instruction at /wiki/spaces/SCKB/pages/2828861441

Server Setup

Step 1: Set up a vault

1. Create a vault (if none exists):

mkdir /desired/vault/location
cd /desired/vault/location
cmri vault create

Step 2: Run the server setup script:

# cd /srv/cmri/server
# ./setup.sh

Step 3: Select Deployment Type

Server deployments come in multiple flavors:

* Type 'simple' for a self-contained setup. A self-contained setup means that server will be run from the same machine,
  whether physical or virtual, as the machine executing the scans. This is the best setup for evaluation or
  proof-of-concept installations where you want things to come up and running as fast as possible.

* Type 'shared' for a shared-vault setup. A shared vault setup means that the machine running the server and the
  machine(s) running the scans (also known as "processors") are different. This is the best setup for evaluationintegration orwith
  proof-of-concept installations where you want things to come up and running as fast as possible.

* Type 'shared' for a shared-vault setup. A shared vault setup means that the machine running the server and the
  machine(s) running the scans (also known as "processors") are different. This is the best setup for integration with
  Continuous Integration (CI). In this case, the vault will be shared over NFS for use by processors. Before beginning
  this process, you will need to ensure that your machine has NFS version 4 (NFSv4). This has been in the Linux kernel
  since 2.6, so any reasonably modern Linux distribution should have access to NFSv4.

* Type 'skip' to cancel server setup altogether. This machine will not be set up as a server. Use this if you are not
  interested in running the web-based application, or if this is a shared environment and you are setting up a worker
  machine.
  
Please enter an installation type.
shared

Type shared and press Enter.

Step 3: Provide User Information

You will need a user to own the centralized vault. The default is user is "codemri" with a group of "codemri", but you may elect to use an existing user account. 
If you elect the default choice, the user/group combination will be created. Would you like to use the defaults (y/n)?

If you have already set up a designated CodeMRI® user on your server machine, you may elect to run the server as that user. Otherwise, you can accept the defaults and the wizard will create a codemri user along with a corresponding group. The codemri user has no home directory and is created as nologin for security purposes.

Step 4: Confirm Network Information

Port and Binding Address

The CodeMRI® Web server requires 2 ports:

• One for the web site itself.

• A second for the administrative interface.

The setup wizard will prompt you with the defaults:

With default settings the server will bind to 0.0.0.0:8000, meaning port 8000 all interfaces. 
A remote administration interface will also be provided on 0.0.0.0:9201 with a default username/password combination of admin/silverthread. 
Would like like to change any of these values? (y/n)

You may need to customize the default values if you are running any other services on the machine.

LAN IP Address

In order to reach the server, other machines connecting to the vault will read an IP address or hostname from the vault:

We have automatically detected your machine's LAN IP address as 192.168.50.54. Is this address not reachable from other machines or would you like to provide a different address or hostname (y/n)?

Other machines connecting to the centralized vault will need to know how to reach the machine the server is running on. Ensure the automatically detected value is correct. If not, type y, press Enter, and provide the correct IP or hostname.

Step 5: Provide Vault Information

Vault Information

Please provide a path to either an exisiting vault, or a new vault to create. 
Be sure to choose a disk with at least 20GB of space per codebase to scan. 
If the vault directory does not exist, it will be created.

Enter the path to the vault (e.g. /usr/share/vault). Be sure to choose a location with plenty of space, see the Capacity Planning section above for details.

If a vault is not present, the wizard will walk you through the process of creating the vault. Be sure to answer y to the following prompt:

Would you like to create a vault here? (y/n)

Enter your contact information as prompted, then the vault will be created and set up.

Step 6: Share Setup

Finally, the wizard will prompt you about network share information:

We need to set up NFS in order to share the centralized vault to other hosts. This comes with a set of defaults optimized for a trusted network that will work on most setups by default:

* Export vault directory to any IP address.
* all_squash,anonuid=1000,anongid=1000; meaning that any user accessing the share will be mapped to the owner of the vault. This removes the need to handle UID/GID synchronization.
* rw, anyone will have both read and write access to the share.

If you want to use the default NFS settings, type "auto".
If you want to use a different sharing technology (e.g. Samba for sharing with Windows machines) or customize the NFS setup, type "manual". Note that electing this means that you will need to manually set up the share.

If the default settings are acceptable, type auto.
If you need to set up another network sharing technology, or if your organization has stricter security requirements you will need to set up the share manually. Type manual, and proceed to manually set up your network share.

If you have selected auto, the wizard will give you a line to paste into the /etc/fstab of machines you would like to have access to the vault:

192.168.50.54:/usr/share/cmri-vault	/path/to/mount/point	nfs	defaults,user	0	0

Be sure to create the mount point as root via mkdir -p before attempting to mount the NFS share.

Once the automated installation is complete, proceed with the following instructions:

• Create an endpoint to associate the vault with a web portal. Using the default settings (IP Address = 0.0.0.0, Port = 8000) if default settings were selected, or otherwise using the custom values for IP Address and Port, enter the following in a terminal:

cd /srv/cmri/bin
cmri shell
vault config set analytics.endpoint 'http://<IP Address>:<Port>/analytics/v1'
exit

• Run a script to ensure the database is up-to-date, enter the following in a terminal:

cd /srv/cmri/bin
cmri-server-initContinuous Integration (CI). In this case, the vault will be shared over NFS for use by processors. Before beginning
  this process, you will need to ensure that your machine has NFS version 4 (NFSv4). This has been in the Linux kernel
  since 2.6, so any reasonably modern Linux distribution should have access to NFSv4.

* Type 'skip' to cancel server setup altogether. This machine will not be set up as a server. Use this if you are not
  interested in running the web-based application, or if this is a shared environment and you are setting up a worker
  machine.
  
Please enter an installation type.
shared

Type shared and press Enter.

Step 4: Provide User Information

You will need a user to own the centralized vault. The default is user is "codemri" with a group of "codemri", but you may elect to use an existing user account. 
If you elect the default choice, the user/group combination will be created. Would you like to use the defaults (y/n)?

If you have already set up a designated CodeMRI® user on your server machine, you may elect to run the server as that user. Otherwise, you can accept the defaults and the wizard will create a codemri user along with a corresponding group. The codemri user has no home directory and is created as nologin for security purposes.

Step 5: Confirm Network Information

Port and Binding Address

The CodeMRI® Web server requires 2 ports:

• One for the web site itself.

• A second for the administrative interface.

The setup wizard will prompt you with the defaults:

With default settings the server will bind to 0.0.0.0:8000, meaning port 8000 all interfaces. 
A remote administration interface will also be provided on 0.0.0.0:9201 with a default username/password combination of admin/silverthread. 
Would like like to change any of these values? (y/n)

You may need to customize the default values if you are running any other services on the machine.

LAN IP Address

In order to reach the server, other machines connecting to the vault will read an IP address or hostname from the vault:

We have automatically detected your machine's LAN IP address as 192.168.50.54. Is this address not reachable from other machines or would you like to provide a different address or hostname (y/n)?

Other machines connecting to the centralized vault will need to know how to reach the machine the server is running on. Ensure the automatically detected value is correct. If not, type y, press Enter, and provide the correct IP or hostname.

Step 6: Provide Vault Information

Vault Information

Please provide a path to either an exisiting vault, or a new vault to create. 
Be sure to choose a disk with at least 20GB of space per codebase to scan. 
If the vault directory does not exist, it will be created.

Enter the path to the vault (e.g. /usr/share/vault). Be sure to choose a location with plenty of space, see the Capacity Planning section above for details.

If a vault is not present, the wizard will walk you through the process of creating the vault. Be sure to answer y to the following prompt:

Would you like to create a vault here? (y/n)

Enter your contact information as prompted, then the vault will be created and set up.

Step 7: Share Setup

Finally, the wizard will prompt you about network share information:

We need to set up NFS in order to share the centralized vault to other hosts. This comes with a set of defaults optimized for a trusted network that will work on most setups by default:

* Export vault directory to any IP address.
* all_squash,anonuid=1000,anongid=1000; meaning that any user accessing the share will be mapped to the owner of the vault. This removes the need to handle UID/GID synchronization.
* rw, anyone will have both read and write access to the share.

If you want to use the default NFS settings, type "auto".
If you want to use a different sharing technology (e.g. Samba for sharing with Windows machines) or customize the NFS setup, type "manual". Note that electing this means that you will need to manually set up the share.

If the default settings are acceptable, type auto.
If you need to set up another network sharing technology, or if your organization has stricter security requirements you will need to set up the share manually. Type manual, and proceed to manually set up your network share.

If you have selected auto, the wizard will give you a line to paste into the /etc/fstab of machines you would like to have access to the vault:

192.168.50.54:/usr/share/cmri-vault	/path/to/mount/point	nfs	defaults,user	0	0

Be sure to create the mount point as root via mkdir -p before attempting to mount the NFS share.

• For the web-platform, it is HIGHLY recommended to perform the following (if not done in the previous platform setup):

To allow the ALL users to run the "cmri" command outside of /srv/cmri/bin:
  - create the file /etc/profile.d/99-codemri-platform.sh with the following content: export PATH=/srv/cmri/bin:/srv/cmri/server:$PATH

Please proceed to the Running and Administration section for further instructions.

...

To start the server, run cmri-start-server-start.sh. This command will setuid to the provided server user before running the server, so if you run this command as root, it will not run the server as root. The server is run in the background as a daemon; it will not exit after you exit the shell. navigate to http://server-ip-here:8000 to access the server. Default is 0.0.0.0:8000

To stop the server, run cmri-stop-server-stop.sh.

Administrative Interface

...

$ cd /srv/vault
$ cmri account login

Enter your http://CodeMRI.com login credentials to authenticate your vault.

...

If you have already been using CodeMRI CodeMRI® to generate Excel reports or access data via command line, you have probably been running the following command to generate data in the Data Vault and generate Excel:

...

Like with any computer software, things on occasion don’t always do what you want them to do. Here are some common issues you may face and solutions to these problems:

$ sudo -i
# firewall-cmd --permanent --add-port=8000/tcp
# firewall-cmd --permanent --add-port=9201/tcp
# firewall-cmd --reload