-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
28 lines (24 loc) · 1.25 KB
/
.env.example
File metadata and controls
28 lines (24 loc) · 1.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# =============================================================================
# AppSecOne — Environment Variables
# =============================================================================
# Copy this file to .env and fill in the values for your environment.
# All variables are optional unless noted otherwise.
# --- Fortify SSC Integration ---
# Auth token for Fortify SSC API (required for sync to work).
# The variable name can be customized in appsecone.json → fortify.token_env_var
FORTIFY_SSC_TOKEN=
# --- API Security ---
# When set, all state-changing API requests (POST/PUT/DELETE) require this key
# in the X-API-Key header. GET requests and health endpoints are always public.
# Uses timing-safe HMAC comparison to prevent timing attacks.
APPSECONE_API_KEY=
# --- CORS (Cross-Origin Resource Sharing) ---
# Comma-separated list of allowed origins for cross-origin requests.
# If not set, CORS will reject all cross-origin requests.
# Example: https://dashboard.example.com,https://staging.example.com
APPSECONE_CORS_ORIGINS=
# --- Framing / Embedding ---
# Set to "true" to allow the dashboard to be embedded in iframes.
# When enabled, frame-ancestors is set to 'self' + CORS origins.
# Default: false (X-Frame-Options: DENY)
APPSECONE_ALLOW_FRAMING=false