Cyber · Trackr The Free Compliance Library
⌘K
§ Offline deployment
Air-gapped · self-contained

Run the whole site
with no network.

The entire Cyber Trackr application — every STIG, SCAP benchmark, CCI, NIST 800-53 catalog, and the tools — packaged as a single Docker image with all data baked in. Load it on any host with Docker and browse it completely offline.

§ I · Download

Grab the bundle.

Download cyber-trackr-2026-06.tar.gz

Compressed image archive · 2.6 GB. It’s a docker save tarball of cyber-trackr:2026-06. Large file — resume-friendly downloads recommended.

§ II · Load

Import it into Docker.

Decompress and load in a single pipe — no need to unzip to disk first: 

gunzip -c cyber-trackr-2026-06.tar.gz | docker load

Docker registers it as cyber-trackr:2026-06 (and cyber-trackr:latest). Confirm with docker images | grep cyber-trackr.

§ III · Run with Docker Compose

One file, one command.

Save the following as docker-compose.yml next to wherever you run it, then bring it up: 

# Run the air-gapped image. After `docker load`, start it with:
#   docker compose up -d
# then browse http://localhost:8080
services:
  cyber-trackr:
    image: cyber-trackr:latest
    container_name: cyber-trackr
    ports:
      - "8080:80"
    environment:
      APP_ENV: prod
      APP_DEBUG: "0"
      # Pin a stable secret to keep CSRF tokens valid across restarts.
      # If unset, the container generates a throwaway one on each start.
      # APP_SECRET: "change-me"
    # No volume needed: the app's only runtime writes are the Symfony cache,
    # logs, and CSRF/session scratch under /app/var — all ephemeral. They land
    # in the container's writable layer (var/ is created + chowned in the
    # image), and the build-time-warmed prod cache stays intact. A volume would
    # only add persistence we don't want and would mask the warmed cache.
    restart: unless-stopped
docker compose up -d

The site comes up on http://localhost:8080. Stop it with docker compose down.

§ IV · Run without Compose

Plain Docker CLI.

Prefer a single command with no extra file? This is the Compose definition’s exact equivalent: 

docker run -d \
  --name cyber-trackr \
  -p 8080:80 \
  -e APP_ENV=prod \
  -e APP_DEBUG=0 \
  --restart unless-stopped \
  cyber-trackr:2026-06

Then browse http://localhost:8080. No volumes are required — the app only writes ephemeral cache and logs inside the container. To keep CSRF tokens valid across restarts, pin a secret by adding -e APP_SECRET=your-fixed-value; otherwise a throwaway one is generated on each start.