Setup Overview

CBOM consists of three components to deploy: the API (central service), one or more Sensors (discovery agents), and the UI (management interface). MongoDB is the backing database.

Prerequisites

Component	Requirement
Java	17+ (for API and Sensor)
Node.js	20+ (for UI development only)
MongoDB	6.0+
OS	Linux, Windows, or macOS

Quick Start (Development)

1. Start MongoDB

# Docker
docker run -d --name cbom-mongo -p 27017:27017 mongo:7

# Or use an existing MongoDB instance

2. Start the API

cd cbom/api
cp .env.template .env
# Edit .env with your settings

mvn spring-boot:run
# API starts on port 9090

3. Start the UI

cd cbom/ui
npm install
npm start
# UI starts on port 4200, proxies API calls to 9090

4. Create a user

Navigate to http://localhost:4200 and sign in. The first user created becomes admin.

5. Run a sensor scan

cd cbom/sensor
mvn package -DskipTests

# Run with a config file
java -jar target/cbom-sensor-*.jar --config=configs/examples/https-endpoint-scanner.yml

Production Deployment (Single JAR)

In production, the API serves the Angular UI as embedded static resources — a single JAR handles everything.

# Build the full production artifact
cd cbom
mvn package -Pprod -DskipTests

# Run
java -jar api/target/cbom-api-*.jar --spring.profiles.active=prod

The production profile enables:

Embedded UI serving (no separate web server needed)
Response compression
Static resource caching
CORS disabled (same-origin)

Component Guides

API Deployment — Configuration, environment variables, profiles
Sensor Deployment — Scanner configuration and deployment patterns
UI Deployment — Development setup and production build

Architecture Reference

See Architecture for how the components communicate and the data flow from sensor to dashboard.