dpndncY

Server configuration reference

Every setting the dpndncY server reads, with defaults. Configure via environment variables (12-factor) or the on-prem .env file. Sensible defaults mean a single-container install needs almost none of these.

Core

VariableDefaultPurpose
APP_URL / NEXT_PUBLIC_APP_ORIGINhttp://localhost:3000Public console origin.
PORT / WEB_PORT3001 / 3000API and web ports.
APP_SECRETSession/crypto secret. Required in production.
DPNDNCY_DATA_DIR/dataDatabase (SQLite), scan artifacts, key archive, attestation history.
TZUTCServer timezone.

Database

VariablePurpose
DATABASE_URLSet to a postgres://… URL to use PostgreSQL 16. Unset = embedded SQLite (default).
POSTGRES_DB / POSTGRES_USER / POSTGRES_PASSWORDUsed by the bundled Postgres in the on-prem compose / Helm chart.
One dialect, two backends
The app writes one SQL dialect; an adapter translates to SQLite or Postgres. Migrations run automatically on boot for both — switching is just DATABASE_URL.

Signing

VariablePurpose
DPNDNCY_SIGNING_KEY_AUTOGENGenerate a signing key on first boot (dev only).
DPNDNCY_SIGNING_KEY_PATHPath to a BYOK private key (production).

SSO

VariablePurpose
OIDC_ISSUER_URL, OIDC_CLIENT_ID, OIDC_CLIENT_SECRET, OIDC_SCOPESOIDC single sign-on.
SAML_IDP_SSO_URL, SAML_IDP_CERT, SAML_SP_ENTITY_IDSAML 2.0 single sign-on.

Operations

VariablePurpose
SUPERADMIN_EMAIL / SUPERADMIN_PASSWORD / SUPERADMIN_NAMEFirst admin, seeded on first boot.
NVD_API_KEYOptional NVD API key for faster advisory refresh.
DPNDNCY_AIRGAPPEDDisable all outbound calls; load advisory data from offline bundles.
COOKIE_SECURE / TRUST_PROXYSet behind TLS / a reverse proxy.
SMTP_*SMTP relay for email notifications.
SESSION_TTL_SECONDSSession lifetime.
MAX_ZIP_UPLOAD_MBUpload size cap for archive scans.
No telemetry
dpndncY has no telemetry. There is no phone-home; the platform does not see your usage, code, or results.

Example

.env (production)
APP_URL=https://dpndncy.example.com
APP_SECRET=<32-byte-random>
DATABASE_URL=postgres://dpndncy:****@db:5432/dpndncy
DPNDNCY_SIGNING_KEY_PATH=/data/keys/signing.key
OIDC_ISSUER_URL=https://login.example.com
COOKIE_SECURE=true
TRUST_PROXY=true

See also