Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/samkit511/SAW---Security-Analyst-Workspace/llms.txt

Use this file to discover all available pages before exploring further.

Running SAW in Docker gives you a self-contained deployment that works the same way on any machine or cloud environment. The included Dockerfile uses a slim Python 3.11 base image, installs dependencies, and starts Uvicorn on port 8080 — the same port Cloud Run and other managed container platforms expect by default.
1

Build the Docker image

From the project root (where the Dockerfile lives), build the image and tag it:
docker build -t saw:latest .
The build process runs these steps from the Dockerfile:
FROM python:3.11-slim

ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1

WORKDIR /app

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

COPY . .

EXPOSE 8080

CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8080"]
PYTHONDONTWRITEBYTECODE and PYTHONUNBUFFERED keep the image clean and ensure logs stream directly to your terminal without buffering.
2

Run the container

Start the container and map port 8080 from the container to your host:
docker run -p 8080:8080 \
  -e ASA_API_KEY=demo \
  -e ASA_MODE=HYBRID \
  saw:latest
Once running, the server is reachable at http://localhost:8080. The root endpoint / serves the interactive dashboard UI.
The CMD in the Dockerfile does not include --reload. Hot-reloading is disabled in the container image by design — it requires filesystem watch access that containers don’t reliably provide, and it is not appropriate for production use.
3

Pass your Gemini API key

To enable live LLM-assisted triage, pass your Google or Gemini API key as an environment variable at runtime:
docker run -p 8080:8080 \
  -e ASA_API_KEY=demo \
  -e ASA_MODE=HYBRID \
  -e GOOGLE_API_KEY=your_key_here \
  saw:latest
If you prefer to use a .env file instead of inline flags, mount it into the container:
docker run -p 8080:8080 \
  --env-file .env \
  saw:latest
Never bake API keys into the Docker image with ENV or ARG instructions. Anyone with access to the image can extract them with docker inspect or docker history. Always pass secrets at runtime using -e, --env-file, or a secrets manager.
4

Verify the deployment

Check that the server is healthy:
curl http://localhost:8080/health
Expected response:
{ "status": "ok" }
Then send a test log to confirm the triage pipeline is running:
curl -s -X POST http://localhost:8080/ingest-log \
  -H "Content-Type: application/json" \
  -H "x-api-key: demo" \
  -H "x-event-id: docker-test-1" \
  -d '{
    "ip": "192.168.1.5",
    "method": "POST",
    "path": "/login",
    "payload": "admin'\'' OR/**/1=1",
    "source": "assistant_api"
  }'

Key environment variables

These are the variables most relevant to a containerized deployment. See the full list in the environment variables reference.
VariableDefaultDescription
PORT8080Port the server listens on
ASA_API_KEYdemoAPI key required in the x-api-key header for protected endpoints
ASA_MODEHYBRIDExecution mode: HYBRID enables both deterministic and LLM-assisted pipelines
GOOGLE_API_KEY(empty)Google API key for Gemini and ADK calls
GEMINI_API_KEY(empty)Alternative Gemini credential — set either this or GOOGLE_API_KEY
ASA_ENABLE_ADK_ADVISORYtrueEnables LLM escalation for low-confidence events
ASA_MAX_INFLIGHT8Maximum concurrent requests before the server returns 503
ASA_RATE_LIMIT_MAX_REQUESTS12Maximum requests per IP per rate limit window

Next steps

Environment variables

Full reference for all configuration options including rate limits, feature flags, and model selection.

Ingesting logs

Learn how to send structured and raw log events to the /ingest-log endpoint.

Build docs developers (and LLMs) love

Get started for freeTalk to us