Web Browser

SimpleRisk is a web-based application.  That means that a user's primary interaction with it will be through a web browser.  We primarily use Chrome to test the functionality with SimpleRisk, but we expect that it should work with the current versions of all major browsers (Chrome, Safari, Firefox, and Internet Explorer).

Apache/MySQL/PHP Server

The requirements for SimpleRisk are going to depend on the number of users who will be simultaneously using it.  For a small number of users, the minimum requirements are just those needed to run MySQL and PHP.  Typically, 1 CPU, 1 GB of RAM, and about 20 GB of HDD should be a good place to start.  You may need more HDD if you are attaching a lot of files to your risks and mitigations.  Additionally, if you have a lot of simultaneous users, you may want to increase the system specifications to 2 CPU and 2 GB of RAM.  For optimal performance, we also recommend splitting the database out onto its own server and running multiple Apache/PHP application servers in a load-balanced configuration.

Please note that we only support versions of PHP, Apache, and MySQL that are currently supported by their respective vendors and will stop supporting a version once the vendor no longer supports it.

Current Version Requirements:
Apache >= 2.4
PHP >= 8.1
MySQL >= 8.0

Operating System

Because SimpleRisk is a PHP application utilizing a MySQL database, it should be possible to get it to function on just about any operating system.  The easiest way to install SimpleRisk, by far, is to use our setup script with the command:

curl -sL https://raw.githubusercontent.com/simplerisk/setup-scripts/master/simplerisk-setup.sh | bash -

This script works on most versions of Ubuntu, CentOS, SLES and RHEL.  If you'd like to run through the setup process manually, currently, we offer installation instructions for the following operating systems:

We highly recommend that you run SimpleRisk on Ubuntu 18.04. The CentOS 7 instructions should similarly work for both RedHat and Oracle Enterprise Linux.


SimpleRisk requires connectivity to the following domains over HTTP (port 443):

The first four are connectivity for things like licensing and updates.  The last one is for the ability to do CVE lookups in the External Reference ID field.  The IPs for the ones we control are AWS Elastic IPs so we would not anticipate them changing anytime in the foreseeable future.

Other Operating Systems

If you do not see your desired operating system listed above, then chances are that our support team will have minimal ability to assist you with installation, configuration, or troubleshooting issues that may arise.  Because of that, we do not recommend straying from the above list of supported operating systems. 

Other Databases

We know of one, very brave, user who got SimpleRisk working on Microsoft SQL Server, but we can't support that at all and you'd likely be limiting your ability to upgrade to future releases due to the customization that was involved.  We do not recommend trying to run SimpleRisk on any database other than MySQL.