Deploy DevGuard with Docker Compose
Run DevGuard using Docker Compose — suitable for evaluation, self-hosted setups, or production when Kubernetes is not available.
Prerequisites
- Docker and Docker Compose installed
Deployment Steps
Download the Compose file
Start the containers
On first start, a devguard-setup service runs automatically to:
- generate a random AES-256 encryption key
- download the Kratos identity config
- download the database init script
All files are stored in Docker named volumes — no manual file setup required.
Access DevGuard
Open http://localhost:3000 in your browser.
Important Notes
Email verification: No SMTP server is configured by default. During registration, skip email verification by clicking "Back".
To enable email delivery, append COURIER_SMTP_CONNECTION_URI to the kratos service in the Compose file:
Vulnerability database: The API downloads the latest vulnerability database on first start. This may take several minutes. Vulnerability data and scan results won't be complete until the download finishes.
Hardening for Production
The docker-compose-try-it.yaml file contains inline [PRODUCTION] comments on every value that must change before going live. The key items are:
| What | Where | Action |
|---|---|---|
| DevGuard DB password | postgresql, devguard-api, devguard-migrate | Set a strong random POSTGRES_PASSWORD |
| Kratos DB password | kratos, kratos-migrate DSN | Set a separate strong password for the kratos DB user |
| Kratos config | kratos, kratos-migrate volumes | Replace the auto-downloaded config with a bind-mounted, customised kratos.yml (configure SMTP, disable --dev, set OIDC providers) |
| Public URLs | devguard-api, devguard-web | Set INSTANCE_DOMAIN, FRONTEND_URL, and ORY_SDK_PUBLIC_URL to your https:// domains |
| TLS | devguard-api, devguard-web ports | Place a TLS-terminating reverse proxy (nginx, Caddy, Traefik) in front — do not expose ports 8080/3000 directly |
| Log level | kratos, devguard-api | Change LOG_LEVEL from debug to info or warn |
Next Steps
- Run your first scan: Getting Started Guide
- Configure monitoring
- Set up backups