search

OWASP / threat-dragon

An open source threat modeling tool from OWASP
https://owasp.org/www-project-threat-dragon/
Apache License 2.0
902 stars 244 forks source link

Error upon startup attempt using Docker #311

Closed aaronhmiller closed 2 years ago

aaronhmiller commented 2 years ago

Describe the bug

Running docker run --rm -it -p 3000:3000 -v $(pwd)/td.env:/app/.env threatdragon/owasp-threat-dragon

Receive error: 

ENCRYPTION_JWT_SIGNING_KEY is a required property.  Threat Dragon server cannot start without it.  Please see setup-env.md for more information
OWASP Threat Dragon failed to start
ENCRYPTION_JWT_SIGNING_KEY is a required property.  Threat Dragon server cannot start without it.  Please see setup-env.md for more information

However, the setup-env.md file contains no reference of that setting.

Expected behavior Expected Threat Dragon to start running.

Environment

To Reproduce

  1. Following the guide in example.env, update those values accordingly (in this case, into a file td.env).
  2. Run docker run --rm -it -p 3000:3000 -v $(pwd)/td.env:/app/.env threatdragon/owasp-threat-dragon

receive the above mentioned error re: ENCRYPTION_JWT_SIGNING_KEY

Any additional context, screenshots, etc n/a

lreading commented 2 years ago

Hi @aaronhmiller! That error is something that should only exist on the v2 branch, which is still in development. From your STR, it doesn't look like you're using a specific tag. The latest stable version is 1.5.8. Could you try it again using docker run --rm -it -p 3000:3000 -v $(pwd)/td.env:/app/.env threatdragon/owasp-threat-dragon:v1.5.8?

If this is the issue, I think our readme and setup-env.md files should be updated to indicate that a specific release version should be specified as well, since the default latest tag could be a development build.

aaronhmiller commented 2 years ago

Thank you for the fast reply and helpful answer @lreading ! Yes, w/ the v1.5.8, my dragon is happy now. Express server listening on port 3000

Agreed readme and setup-env w/ version specifiers would have avoided this. Thank you again. Closing given this is resolved.

lreading commented 2 years ago

Glad it resolved the issue, and my apologizes for the unclear documentation! I've opened #313 to ensure we get those updated soon.

Thanks again for opening the issue!