SBOM Analyzer - Complete Deployment Guide

Flexible deployment options for enterprise security, compliance, and operational requirements

Deployment Options Overview

SBOM Analyzer offers flexible deployment options to meet enterprise security, compliance, and operational requirements.

Option 1: Cloud Deployment (Quickest - 15 minutes)

Vercel (Recommended)

Pros:

  • Fastest deployment (2-3 minutes)
  • Global CDN included
  • Automatic SSL
  • Git integration
  • Free tier: 100GB bandwidth/month

Steps:

# 1. Install Vercel CLI
npm i -g vercel

# 2. Deploy to production
vercel --prod

# 3. Follow prompts to complete deployment

Environment Variables:

VITE_SENTRY_DSN=your-sentry-dsn
VITE_SENTRY_ENVIRONMENT=production

Cost: Free tier → $20/month for production traffic

Netlify

Pros:

  • One-click deployment
  • Forms and functions support
  • Edge functions
  • Free tier: 100GB bandwidth/month

Steps:

# 1. Install Netlify CLI
npm i -g netlify-cli

# 2. Build application
npm run build

# 3. Deploy to production
netlify deploy --prod --dir=dist

Cost: Free tier → $19/month for team features

AWS S3 + CloudFront

Pros:

  • Enterprise-grade infrastructure
  • Pay-as-you-scale
  • Integrate with AWS services
  • Custom domain support

Steps:

# 1. Build application
npm run build

# 2. Upload to S3
aws s3 sync dist/ s3://your-bucket-name --delete

# 3. Configure CloudFront distribution
# 4. Point custom domain to CloudFront

Cost: ~$50-200/month depending on traffic

Azure Static Web Apps

Pros:

  • Native Azure integration
  • GitHub Actions deployment
  • Custom authentication
  • Free tier: 100GB storage

Steps:

# 1. Create Azure Static Web App
az staticwebapp create --name sbom-analyzer --resource-group rg-sbom

# 2. Deploy via Git
git push origin main

Cost: Free tier → $9/month for custom domains

Option 2: On-Premises Deployment (2-4 hours)

Requirements

Hardware:

  • Server with 4GB+ RAM
  • 50GB+ disk space
  • Modern web server (nginx 1.18+ or Apache 2.4+)

Software:

  • Node.js 18+ (for build process)
  • SSL certificate (Let's Encrypt recommended)
  • DNS access

Network:

  • HTTPS access required
  • Outbound access to OSV.dev API

nginx Setup

1. Build Application

npm install
npm run build

2. Configure nginx

Create /etc/nginx/sites-available/sbom-analyzer:

server {
    listen 443 ssl http2;
    server_name sbom.yourdomain.com;
    
    # SSL Configuration
    ssl_certificate /path/to/fullchain.pem;
    ssl_certificate_key /path/to/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    
    # Root directory
    root /var/www/sbom-analyzer/dist;
    index index.html;
    
    # Security Headers
    add_header X-Frame-Options "DENY" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    
    # Content Security Policy
    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https://api.osv.dev;" always;
    
    # Application routes
    location / {
        try_files $uri $uri/ /index.html;
    }
    
    # Static assets caching
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }
    
    # API proxy (optional - if needed for your use case)
    location /api/ {
        proxy_pass https://api.osv.dev/v1/;
        proxy_set_header Host api.osv.dev;
        proxy_ssl_verify on;
    }
}

3. Enable Site

sudo ln -s /etc/nginx/sites-available/sbom-analyzer /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

4. Deploy Files

sudo cp -r dist/* /var/www/sbom-analyzer/dist/
sudo chown -R www-data:www-data /var/www/sbom-analyzer

Apache Setup

Virtual Host Configuration:


    ServerName sbom.yourdomain.com
    DocumentRoot /var/www/sbom-analyzer/dist
    
    # SSL Configuration
    SSLEngine on
    SSLCertificateFile /path/to/cert.pem
    SSLCertificateKeyFile /path/to/key.pem
    
    # Security Headers
    Header always set X-Frame-Options "DENY"
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-XSS-Protection "1; mode=block"
    
    # React Router Support
    
        Options -Indexes
        AllowOverride All
        Require all granted
    
    
    # Rewrite Rules
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.html$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.html [L]

Option 3: Docker Deployment (30 minutes)

Dockerfile

# Build stage
FROM node:18-alpine AS builder

WORKDIR /app

# Copy package files
COPY package*.json ./

# Install dependencies
RUN npm ci

# Copy source
COPY . .

# Build application
RUN npm run build

# Production stage
FROM nginx:alpine

# Copy built application
COPY --from=builder /app/dist /usr/share/nginx/html

# Copy nginx configuration
COPY nginx.conf /etc/nginx/nginx.conf

# Expose port
EXPOSE 80

# Health check
HEALTHCHECK --interval=30s --timeout=3s \
  CMD wget --no-verbose --tries=1 --spider http://localhost/health.json || exit 1

# Start nginx
CMD ["nginx", "-g", "daemon off;"]

nginx Configuration

nginx.conf:

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    
    server {
        listen 80;
        server_name localhost;
        root /usr/share/nginx/html;
        index index.html;
        
        location / {
            try_files $uri $uri/ /index.html;
        }
        
        location /health.json {
            access_log off;
        }
    }
}

Build & Run

# Build Docker image
docker build -t sbom-analyzer:latest .

# Run container
docker run -d -p 8080:80 \
  --name sbom-analyzer \
  --restart unless-stopped \
  sbom-analyzer:latest

# Test
curl http://localhost:8080/health.json

Docker Compose

docker-compose.yml:

version: '3.8'

services:
  sbom-analyzer:
    build: .
    ports:
      - "8080:80"
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost/health.json"]
      interval: 30s
      timeout: 3s
      retries: 3

Option 4: Air-Gapped Deployment

For Secure/Isolated Environments

Requirements:

  • No internet connectivity required
  • Vulnerabilities pre-downloaded
  • Internal documentation portal

Setup:

  1. Prepare self-contained bundle
  2. Import vulnerability database snapshot
  3. Disable real-time OSV.dev queries
  4. Provide offline analysis capabilities

Contact: enterprise@ermits.com for air-gapped deployment support

Post-Deployment Verification

1. Health Check

curl https://your-domain.com/health.json

Expected Response:

{
  "status": "healthy",
  "version": "1.0.0",
  "timestamp": "2025-01-XX..."
}

2. Functional Testing

Test these features:

  • Upload CycloneDX SBOM
  • Upload SPDX SBOM
  • Real-time vulnerability analysis
  • Generate PDF report
  • Export to JSON/CSV
  • Compliance dashboard loads
  • Executive dashboard displays

3. Performance Testing

# Test large SBOM handling
curl -X POST https://your-domain.com/analyze \
  -F "file=@large-sbom.json" \
  -w "@curl-format.txt" \
  -o /dev/null

Maintenance & Updates

Automatic Updates (Cloud)

Vercel/Netlify: Automatic via Git push

Manual Updates (On-Prem)

# 1. Pull latest changes
git pull origin main

# 2. Rebuild application
npm ci
npm run build

# 3. Deploy
sudo cp -r dist/* /var/www/sbom-analyzer/dist/

# 4. Reload web server
sudo systemctl reload nginx

Docker Updates

# Pull latest changes
git pull origin main

# Rebuild and restart
docker-compose down
docker-compose up -d --build

Support