Skip to content
Install

Install juro-deploy

juro-deploy installs the Juro agent container into your own infrastructure. It runs a private, non-custodial scan for GDPR, DPDP, and DORA obligation markers — entirely inside your VPC or local machine. No scan data or infrastructure state leaves your environment.

One-liner install

Run in your terminal
curl -sSL https://jurocompliant.com/install.sh | sudo bash

The script downloads the juro-deploy CLI binary for your platform (Linux x64, macOS arm64, macOS x64), verifies the download, and installs it to /usr/local/bin. On Linux, Docker Engine and the Compose v2 plugin are installed automatically if not already present.

What do I need before installing juro-deploy?

After install

Next steps
  1. Run juro-deploy init — interactive setup that writes juro-deploy.yml with your AWS region, target account, and scan scope.
  2. Run juro-deploy scan — starts the agent container, runs the scan, and writes a signed artefact to ./juro-output/.
  3. The artefact is a deterministic JSON file signed with an Ed25519 key. Share it with auditors or counterparties as evidence. Verify it independently with juro verify <artefact.json>.

Frequently asked questions

What does juro-deploy install?

juro-deploy installs the juro-deploy CLI binary. The agent container image is pulled when you run juro-deploy init. The agent runs inside your own infrastructure — Docker on your EC2 instance or local machine — and performs GDPR, DPDP, and DORA scanning without sending your data or infrastructure state to external servers.

What are the prerequisites for juro-deploy?

You need Docker (Engine 24+ or Docker Desktop) and AWS credentials with a read-only IAM policy scoped to the services you want to scan. See the prerequisites checklist at jurocompliant.com/checklist.html for the exact IAM permissions required.

Does juro-deploy send data outside my infrastructure?

No infrastructure data or PII leaves your environment. The scanner runs locally inside your Docker container. The only outbound call is a SHA-256 fingerprint of the signed scan bundle sent to Juro's notary endpoint for audit verification — the fingerprint contains no infrastructure state, no scan findings, no configuration, and no credentials.

Jurocompliant — compliance scanner

Not sure where to start?

Run the free Tier 1 surface scan first — no account, no install. It scans your domain's public-facing posture against GDPR, DPDP, and DORA obligation markers and produces a finding report with specific rule citations.

Scan your domain — jurocompliant.com →