Fails to start, 2 issues (with fixes)

[hesa]

Installation instructions over at https://vulnerablecode.readthedocs.io/en/stable/installation.html says:

git clone https://github.com/aboutcode-org/vulnerablecode.git && cd vulnerablecode
make envfile
docker compose build
... snip
docker compose up

I did that and ended up with two problems:

Problem 1 - make envfile hangs

make envfile hangs. This is caused by the following line in Makefile:

GET_SECRET_KEY=`base64 /dev/urandom | head -c50`

Solution

GET_SECRET_KEY=`head /dev/urandom | base64 | head -c50`

Guessing that /dev/urandom has changed behavior a bit. Perhaps in Ubuntu 25.10.

Problem 2 - Django and SECRET_KEY

When doing docker compose up I get

.... snip
vulnerablecode-1                |   File "/usr/local/lib/python3.12/site-packages/environ/environ.py", line 213, in str
vulnerablecode-1                |     value = self.get_value(var, cast=str, default=default)
vulnerablecode-1                |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
vulnerablecode-1                |   File "/usr/local/lib/python3.12/site-packages/environ/environ.py", line 392, in get_value
vulnerablecode-1                |     raise ImproperlyConfigured(error_msg) from exc
vulnerablecode-1                | django.core.exceptions.ImproperlyConfigured: Set the SECRET_KEY environment variable

Solution

I got it to work by appending the content of .env to docker.env and then run docker compose up. E.g. something like:

$ echo >> docker.env
$ cat .env  >> docker.env

I do not know docker or vulnerablecode enough to propose a nice solution, but the above brute fix worked for me and should give a hint.

Environment

OS: Ubuntu 25.10
vulnerablecode: git latest

[ziadhany]

Yes, the problem only occurs on Ubuntu 25.10. docker compose up works on my Ubuntu machine without any problem (Ubuntu 24.04.4 LTS).

See:

$ docker run --rm ubuntu:25.10 bash -c "base64 /dev/urandom | head -c50; echo"

$ docker run --rm ubuntu bash -c "base64 /dev/urandom | head -c50; echo"
ybvQv1jIz+iH7/sWvjovke8itcVjawoY1IpXBUccyA6j07zsck

[Hritik14]

make envfile hangs

This hangs with base64 (uutils coreutils) 0.2.2 but works on GNU's base64.

root@ubuntu:~# base64 /dev/urandom | head -c50
6lTI5uj0MlHGFKBFzKPyqb1xIgL6eqwtCluargnSPza8boL7WZr

root@ubuntu:~# coreutils base64 /dev/urandom | head -c50
^C

You probably have the coreutils (rust) version of base64 that does not implement SIGPIPE. Related: rust-lang/rust#62569 and uutils/coreutils#8919
There's a fix available in the latest coreutils available at https://github.com/uutils/coreutils/releases/tag/0.8.0

root@ubuntu:~/coreutils-0.8.0-x86_64-unknown-linux-gnu# ./coreutils base64 --version
base64 (uutils coreutils) 0.8.0

root@ubuntu:~/coreutils-0.8.0-x86_64-unknown-linux-gnu# ./coreutils base64 /dev/urandom | head -c50
mvhbQTO/uFcyDdKyPy5Q/yyjM1MAs2pF+CWeweKO0Ypw5+Tpap

Ubuntu 25.10 should probably upgrade rust coreutils. Given Ubuntu 25.10 has already had EOL in July, they might not fix this. You're better off upgrading to an LTS version (26.04)

It should work fine in Ubuntu 26.04 LTS as it ships with 0.8.0 uutils coreutils.

Problem 2 - Django and SECRET_KEY

This is because you don't have .env in your docker image. If you created a fresh .env after docker compose build, you'd have to rebuild the image with
docker compose up --build