Sirius is an open-source vulnerability scanner with automated discovery, CVE-based detection, and a modern web UI. Clone, run four commands, start scanning.

git clone https://github.com/SiriusScan/Sirius.git
cd Sirius
docker compose -f docker-compose.installer.yaml run --rm sirius-installer
docker compose up -d

Open http://localhost:3000 and log in:

That's it. All six services start automatically. The installer generates secure secrets on first run and is safe to re-run.

By default the installer leaves IMAGE_TAG unset, so Compose pulls latest from GHCR. To pin a release (for example v1.0.0 in .env), only do so after that tag exists for all six container images; verify with bash scripts/verify-ghcr-public-access.sh v1.0.0 from a shell that is not logged in to ghcr.io.

Requirements: Docker Engine 20.10+ with Compose V2, 4 GB RAM, 10 GB disk. Works on Linux, macOS, and Windows (WSL2).

• Network Discovery -- automated host and service enumeration via Nmap
• Vulnerability Detection -- CVE-based scanning with CVSS scoring
• Risk Dashboards -- real-time scanning progress, severity trends, and remediation guidance
• Remote Agents -- distributed scanning across multiple environments via gRPC
• Interactive Terminal -- PowerShell console for advanced scripting and automation
• REST API -- integrate with existing security workflows (X-API-Key auth on port 9001)

The installer step is always the same. Only the docker compose up command changes.

docker compose -f docker-compose.installer.yaml run --rm sirius-installer --non-interactive --no-print-secrets
docker compose up -d

docker compose -f docker-compose.installer.yaml run --rm sirius-installer --force
docker compose up -d --force-recreate

docker compose ps                    # all 6 services should show "healthy" or "running"
curl http://localhost:3000            # UI responds
curl http://localhost:9001/health     # API responds

Expected services: sirius-ui (3000), sirius-api (9001), sirius-engine (5174, 50051), sirius-postgres (5432), sirius-rabbitmq (5672, 15672), sirius-valkey (6379).

graph TD
    subgraph clients [Clients]
        UI["Sirius UI (Next.js)"]
        CLI["Terminal and Agent Runtime"]
    end

    subgraph core [Core Services]
        API["Sirius API (Go/Gin)"]
        Engine["Sirius Engine"]
    end

    subgraph infra [Infrastructure]
        MQ["RabbitMQ"]
        DB["PostgreSQL"]
        Cache["Valkey"]
    end

    UI -->|"HTTP/WebSocket"| API
    CLI -->|"gRPC"| Engine
    API -->|"AMQP publish"| MQ
    MQ -->|"Queue consume"| Engine
    API -->|"SQL read/write"| DB
    Engine -->|"SQL read/write"| DB
    API -->|"Session/cache ops"| Cache
    Engine -->|"Scan state cache ops"| Cache

Dashboard	Scanner	Vulnerability Navigator

Environment	Host Details	Terminal

Sirius exposes REST endpoints on port 9001, protected by the internal service API key. Prefer the Docker secret file (SIRIUS_API_KEY_FILE, default /run/secrets/sirius_api_key); SIRIUS_API_KEY remains a supported env fallback. The installer writes ./secrets/sirius_api_key.txt (mode 0644 so non-root app UIDs can read the bind-mounted secret) and configures both.

curl http://localhost:9001/health -H "X-API-Key: $SIRIUS_API_KEY"
curl http://localhost:9001/api/v1/scan/get/all -H "X-API-Key: $SIRIUS_API_KEY"

Full API docs: REST API Reference

For production deployments:

1. Rotate secrets -- run the installer with --force to regenerate all credentials
2. Restrict ports -- only expose port 3000 (UI); keep 5432, 6379, 5672 internal
3. Use a reverse proxy -- put nginx or Traefik in front with TLS
4. Keep images updated -- docker compose pull && docker compose up -d

Quick fixes for common problems:

For detailed operational runbooks, verification procedures, and emergency recovery, see Operations & Troubleshooting.

See CONTRIBUTING.md for development setup, coding standards, and PR guidelines.

Quick links: Issues | Discussions | Discord

• Installation Guide
• Interface Tour
• Scanning Guide
• Docker Architecture
• System Architecture
• CI/CD Guide
• Operations & Troubleshooting

MIT