Docker reference
Docker-specific operations for the DAST scanner: worker mode, volume mounts, networking, and environment variables.
For your first scan, see Scan from the CLI — this page assumes you already have the image pulled and have logged in.
Docker image
docker pull levoai/levoai-shadownet:latest
--shm-size=1gis required on everyscaninvocation — headless Chromium crashes without it.- Default command is
worker, sodocker run … levoai/levoai-shadownet:latestwith no command starts worker mode.
Worker mode
A long-lived container that picks up scan jobs scheduled or triggered from the Levo dashboard. Use this when you want scans initiated from the UI (or on a schedule) rather than the CLI.
Basic worker
docker run -d \
--name levoai-shadownet-worker \
--shm-size=1g \
-e LEVOAI_AUTH_KEY=<your-auth-key> \
-e LEVOAI_ORG_ID=<your-org-id> \
-e LEVOAI_BASE_URL=https://api.levo.ai \
-v $(pwd)/reports:/app/reports \
--restart unless-stopped \
levoai/levoai-shadownet:latest
Scheduled-only worker
Runs exclusively the scans marked "Scheduled" in the dashboard:
docker run -d \
--name levoai-shadownet-scheduled \
--shm-size=1g \
-e LEVOAI_AUTH_KEY=<your-auth-key> \
-e LEVOAI_ORG_ID=<your-org-id> \
-e LEVOAI_BASE_URL=https://api.levo.ai \
--restart unless-stopped \
levoai/levoai-shadownet:latest \
worker --key <your-auth-key> --organization <your-org-id> --scheduled
Volume mounts
| Mount Path | Purpose |
|---|---|
/home/levo/.config/configstore | Persists login session across container runs. |
/app/reports | Scan output directory (JSON, SARIF). |
/work/levo-dast.yml | Mount a levo-dast.yml for config-driven scans. |
Networking
Host network (Linux only)
docker run --rm -it --shm-size=1g --network host \
levoai/levoai-shadownet:latest \
scan https://internal.example.com
Shared Docker network
docker network create mynet
docker run --rm -d --network mynet --name myapp your-app:latest
docker run --rm -it --shm-size=1g --network mynet \
levoai/levoai-shadownet:latest \
scan http://myapp:8080
AI-guided crawling
Pass an LLM key to enable AI crawl mode:
docker run --rm -it --shm-size=1g \
-e ANTHROPIC_API_KEY=<key> \
levoai/levoai-shadownet:latest \
scan https://example.com --crawl-mode ai
Supported providers: ANTHROPIC_API_KEY, OPENAI_API_KEY. See LLM provider precedence if both are set.
Next
- Scan from the CLI — first-scan walkthrough.
- CLI reference — every flag.
- Configuration — environment variables and advanced settings.
- Kubernetes worker — run worker mode in a cluster.
Was this page helpful?