# Global Lineaje Open Source Intelligence (GLOSI) Deployment Guide
*© 2026 Lineaje, Inc. All rights reserved. Proprietary and Confidential.* **Objective**: This guide helps you deploy GLOSI in your environment using Docker Compose. ### What Is GLOSI? GLOSI is an intelligence data platform from Lineaje for open source components and vulnerabilities. It enables customers to look up open source intelligence (Package Attestation, Source Attestation, Vulnerability Info, Security Posture, Code Quality, Embedded Secrets, Mitre HipCheck, Source Code Metrics, Dependency Decomposition, EOL, Lineaje Reputation, and Geo Provenance) within their own environment. GLOSI supports a variety of environments, from cloud to on-premises. It publishes updated intelligence data regularly to keep pace with the latest changes. ### How Is GLOSI Deployed On-Premises? GLOSI ships as a container image (tarball) and deploys using Docker Compose. ### What Does GLOSI Contain? The GLOSI image bundles open source component data, vulnerability data, and a set of services with a user interface. It includes the following: * **Frontend UI** — React/Next.js application for querying open source components and vulnerabilities * **Data service** — FastAPI API layer providing access to the data * **Orchestration service** — FastAPI application that manages the database * **Elasticsearch 7.17.0 database** — stores the open source component data ### How Can I Get Access to GLOSI? The GLOSI image is hosted in the Lineaje registry. Contact Lineaje support at to request access. ### GLOSI Setup #### System Configuration You can deploy all containers on a single VM (Ubuntu or Alpine) or in a distributed configuration. For a single-VM deployment, the following minimum specifications are recommended. | **Deployment Type** | **Services** | **RAM** | **vCPU** | **Disk Size** | | ------------------- | ------------ | ------- | -------- | ------------- | | Single Node | data-service | 32 GB | 8 | 300 GB | #### Prerequisites 1. Obtain the installation tarball, which contains the installation guide, API documentation, and a Resources folder with the docker-compose.yaml file. 2. Obtain access to the Lineaje Amazon Elastic Container Registry (ECR) that hosts the GLOSI Docker image. If you do not have access, contact Lineaje Support at with your AWS Account ID. Once Lineaje grants ECR access to your account, proceed to Step 3. 3. Install Docker on the host VM. 4. Install the AWS CLI on the host VM. 5. For automated installation, allowlist the gold.lineaje.com domain on the host VM. ### Deployment {% stepper %} {% step %} ### Add AWS config Add the following profile to `~/.aws/config` ```ini [profile LineajeGlosiRole] role_arn = arn:aws:iam:::role/lineajeGlosiPullRole credential_source = Ec2InstanceMetadata ``` {% endstep %} {% step %} ### Login to AWS ECR Login to AWS ECR using the following command. You can find the GLOSI repository ID in the docker-compose.yaml file under the Resources folder of the tarball. ```bash aws ecr get-login-password --region us-east-1 --profile LineajeGlosiRole | sudo docker login --username AWS --password-stdin .dkr.ecr.us-east-1.amazonaws.com ``` {% endstep %} {% step %} ### Pull the image Pull the GLOSI image to your host VM: ```bash docker pull .dkr.ecr.us-east-1.amazonaws.com/glosi:latest ``` {% endstep %} {% step %} ### Deploy services Deploy all services using the docker-compose.yaml file. This starts all services on the host VM. ```bash sudo docker compose -f up -d ``` {% endstep %} {% endstepper %} ### Custom Deployment The deployment can be customized using the following configuration files. #### Elasticsearch Configuration To deploy Elasticsearch on a separate VM, expose port 9200 to make it accessible from the data service. The following configuration runs Elasticsearch at the recommended port 9200, which you can change as needed: ```yaml elasticsearch: image: .dkr.ecr.us-east-1.amazonaws.com/glosi:latest container_name: elasticsearch command: ["/bin/sh", "-c", "/usr/share/elasticsearch/bin/elasticsearch"] user: "1001:1001" # Run as UID/GID defined in Dockerfile environment: - discovery.type=single-node - ES_JAVA_OPTS=-Xms512m -Xmx512m volumes: - elasticsearch_data:/usr/share/elasticsearch/data ports: - "9200:9200" restart: no healthcheck: test: ["CMD-SHELL", "curl --silent --fail http://elasticsearch:9200/_cluster/health || exit 1"] interval: 5s retries: 10 timeout: 3s ``` #### Data Service Configuration The data service is a FastAPI application that connects to Elasticsearch and converts client requests into Elasticsearch queries. It runs on port 8000 by default. The Swagger UI is available at: `http://:/docs` ```yaml data-service: image: .dkr.ecr.us-east-1.amazonaws.com/glosi:latest container_name: data-service working_dir: /app/data-service command: ["gunicorn", "main:app", "-w", "4", "-k", "uvicorn.workers.UvicornWorker", "-b", "0.0.0.0:8000", "--timeout", "2", "--graceful-timeout", "15", "--keep-alive", "10"] environment: - PATH=/app/data-service/venv/bin:$PATH - ELASTIC_AUTH_METHOD=NO_AUTH - OPENSEARCH_HOST=elasticsearch - OPENSEARCH_PORT=9200 - USER_SSL=False - VERIFY_CERT=False depends_on: elasticsearch: condition: service_healthy ports: - "8000:8000" restart: always ``` #### Frontend The frontend is a React/Next.js application that calls backend APIs and displays data in the browser. It runs on port 3000 ([`http://localhost:3000`](http://localhost:3000/)) by default. ```yaml risklensui: image: .dkr.ecr.us-east-1.amazonaws.com/glosi:latest container_name: risklensui working_dir: /app/risklensui command: ["npm", "run", "start"] ports: - "3000:3000" restart: always ``` #### GLOSI Orchestration Service The orchestration service handles workflows, connects UI actions with the data service, and adds logic, routing, and validation. It runs on port 8500 by default. The Swagger UI is available at: `http://:/docs` ```yaml orchestration-service: image: .dkr.ecr.us-east-1.amazonaws.com/glosi:latest container_name: orchestration-service working_dir: /app/glosi-orchestration-service command: ["gunicorn", "main:app", "-w", "4", "-k", "uvicorn.workers.UvicornWorker", "-b", "0.0.0.0:8500", "--timeout", "2", "--graceful-timeout", "15", "--keep-alive", "10"] environment: - PATH=/app/glosi-orchestration-service/venv/bin:$PATH - DATA_SERVICE_HOST=data-service - DATA_SERVICE_PORT=8000 - ELASTIC_AUTH_METHOD=NO_AUTH - OPENSEARCH_HOST=elasticsearch - OPENSEARCH_PORT=9200 - USER_SSL=False - VERIFY_CERT=False - OSS_TENANT_ID=vdna_994mgmr65tculnfy depends_on: - data-service ports: - "8500:8500" restart: always ``` #### Data Persistence, Networking, and Volumes * **Volumes** Volumes ensure data inside containers persists when containers restart or rebuild. For example, the elasticsearch\_data volume stores all Elasticsearch index data. elasticsearch\_data — stores data generated by Elasticsearch after package and vulnerability index synchronization * **Networking** Docker Compose automatically creates an internal bridge network. Containers communicate using service names, which avoids hardcoding IP addresses and makes scaling or relocating services straightforward. * **Health checks** Health checks ensure each service is only marked healthy once it responds correctly, improving deployment reliability. #### Service Interaction The following describes how the GLOSI services communicate with each other: 1. **Frontend** — The user opens the UI at [http://localhost:3000](http://localhost:3000/). The browser sends API requests (such as search queries) to the orchestration service at [http://localhost:8500](http://localhost:8500/). 2. **Orchestration service** — Validates the request and forwards it to the appropriate backend service (typically the data service). 3. **Data service** — Receives requests from the orchestration service, transforms them into Elasticsearch-compatible queries, and sends them to Elasticsearch. 4. **Elasticsearch** — Performs search and indexing operations and returns results to the data service. 5. **Response propagation** — The data service formats the Elasticsearch results and returns them to the orchestration service for any additional processing. 6. **Frontend rendering** — The UI receives the final result and displays it to the user. The architecture follows this request loop: `UI ➝ Orchestration ➝ Data service ➝ Elasticsearch ➝ Data service ➝ Orchestration ➝ UI` Docker Compose starts services in dependency order, ensuring each service waits for its required dependencies to become healthy before starting. ### Access URLs | **Service** | **URL** | | ---------------------------------- | ----------------------------------------------- | | Frontend | [http://localhost:3000](http://localhost:3000/) | | Data service — Swagger UI | | | Orchestration service — Swagger UI | | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veedna.com/gold-open-source-gos/gold-catalog/container-images/global-lineaje-open-source-intelligence-glosi-deployment-guide.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.