Introduction

ScanSuite is a security scanning orchestration software which automates the process of static code analysis, dynamic website and infrastructure scanning. It takes the user supplied input, such as an archive with the source code, repository or website URLs, hosts IPs, domain, image names etc. and invokes the original fine tuned scanners with optimal parameters.

ScanSuite implements connectors to various vulnerability scanners and invokes them with optimal parameters.

After the scan is finished, ScanSuite auto uploads the results to the vulnerability management system DefectDojo, where these can be visualized and processed. Additionally, original reports and parsed results are available as files to download.

A high-level diagram, describing the components, is given below. Here, the tasks are accepted via web interface, command line or CI/CD management console.