Linux Offline Installation

This guide provides step-by-step instructions for installing MetaDefender Software Supply Chain and its dependencies on machines with limited or no internet connectivity.

A machine with internet access is required to download the dependencies manually and transfer them to the offline machine.

Installing Binary Packages

You will need to download and install the binary packages(found in Installation details) for your respective operating system:

Debian/Ubuntu

curl, openssl, sudo, apt-utils, ca-certificates, jq, gnupg-agent, iproute2, apt-transport-https,  software-properties-common

RedHat/CentOS

curl, openssl, sudo, apt-utils, ca-certificates, jq, gnupg-agent, iproute2, apt-transport-https,  software-properties-common

Installing Docker and Docker Compose

To be able to install the dependencies offline, you need a machine connected to the internet to download the required packages. Later, the packages will be copied to the offline machine.

To download the dependencies, follow the official guide for Docker Engine and Docker Compose

The compose plugin for docker can be installed only manually when in an offline environment using the following commands (also available in the official instructions in the link above):

mkdir -p /usr/local/lib/docker/cli-plugins/

curl -SL https://github.com/docker/compose/releases/download/v2.28.0/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose

​

sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose

Installing MetaDefender Software Supply Chain package

After the prerequisites above have been set up, you can run the MetaDefender Software Supply Chain installer to setup the compose files and the mdssc command line.

Debian/Ubuntu

sudo dpkg -i <name of the file>.deb || sudo apt-get install -f

RedHat/CentOS

sudo yum install -y <name of the file>.rpm

Pulling the Docker Images

In offline environments, all required Docker images must be pulled on an internet-connected machine and transferred to the target system.

Required Images

MetaDefender Software Supply Chain requires:

• MDSSC service images
• OPSWAT platform services
• Third-party infrastructure images (database, cache, messaging)

All images are versioned per release.

Use the following placeholders:

• <MDSSC_VERSION> — e.g. 3.1.1
• <PLATFORM_VERSION> — e.g. platform-2.x

Step 1: Pull Images (Online Machine)

docker pull opswat/mdssc_api:<MDSSC_VERSION>

docker pull opswat/mdssc_frontend:<MDSSC_VERSION>

docker pull opswat/mdssc_binaries:<MDSSC_VERSION>

docker pull opswat/mdssc_sourcecode:<MDSSC_VERSION>

docker pull opswat/mdssc_containers:<MDSSC_VERSION>

docker pull opswat/mdssc_notifications:<MDSSC_VERSION>

docker pull opswat/mdssc_mongomigrations:<MDSSC_VERSION>

docker pull opswat/mdssc_pgmigrations:<MDSSC_VERSION>

​

docker pull opswat/mdcloudservices_commonservices:<PLATFORM_VERSION>

docker pull opswat/mdcloudservices_licensing:<PLATFORM_VERSION>

​

docker pull mongo:<MONGO_VERSION>

docker pull postgres:<POSTGRES_VERSION>

docker pull redis:<REDIS_VERSION>

docker pull rabbitmq:<RABBITMQ_VERSION>

Step 2: Export Images

docker save \

  opswat/mdssc_api:<MDSSC_VERSION> \

  opswat/mdssc_frontend:<MDSSC_VERSION> \

  opswat/mdssc_binaries:<MDSSC_VERSION> \

  opswat/mdssc_sourcecode:<MDSSC_VERSION> \

  opswat/mdssc_containers:<MDSSC_VERSION> \

  opswat/mdssc_notifications:<MDSSC_VERSION> \

  opswat/mdssc_mongomigrations:<MDSSC_VERSION> \

  opswat/mdssc_pgmigrations:<MDSSC_VERSION> \

  opswat/mdcloudservices_commonservices:<PLATFORM_VERSION> \

  opswat/mdcloudservices_licensing:<PLATFORM_VERSION> \

  mongo:<MONGO_VERSION> \

  postgres:<POSTGRES_VERSION> \

  redis:<REDIS_VERSION> \

  rabbitmq:<RABBITMQ_VERSION> \

  -o mdssc-images-<MDSSC_VERSION>.tar

Step 3: Load Images (Offline Machine)

docker load -i mdssc-images-<MDSSC_VERSION>.

# Check result

docker image ls

Podman Configuration

MDSSC can also run using the Podman container engine instead of the default Docker one on RHEL operating systems. Podman, podman-docker and docker-compose need to be installed and running before installing MDSSC.

After the installation is complete, MDSSC needs to be configured to skip the checks for the default Docker engine. This is done by setting SKIP_DOCKER_CHECKS=yes in the /etc/mdssc/customer.env file. The following commands can be used to install Podman and MDSSC on RHEL.

# install podman, podman-docker and docker-compose

sudo yum install podman

sudo yum install podman-docker

sudo curl -SL https://github.com/docker/compose/releases/download/v2.15.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose

​

sudo systemctl enable podman.socket

sudo systemctl start podman.socket

​

# disable SELinux temporarily

setenforce 0

# to disable selinux permanetly 'SELINUX=disabled' needs to be set in the following config file

sudo vim /etc/selinux/config

​

# install additional MDSSC dependencies

sudo subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms

sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

sudo yum install lvm2

sudo yum install wget

​

# install MDSSC

sudo rpm -i mdssc-x.x.x.noarch.rpm

​

# edit customer.env and add SKIP_DOCKER_CHECKS=yes

sudo vim /etc/mdssc/customer.env

​

# start MDSSC

sudo mdssc -c start

Starting MetaDefender Software Supply Chain

Finally, MDSSC can be started using the regular startup command:

sudo mdssc -c start

Next Steps

Once the MetaDefender Software Supply Chain services are running, a few additional steps are required before the system is fully operational:

1. Activate your license You must upload and apply a valid license to enable functionality. For details, see offline license activation section from License Page.
2. Configure a Scan Pool At least one scan instance is required to analyze source code, containers or artifacts. For details, see Scan Pools.