Architecture

ScanSuite is built on a highly scalable microservices architecture, ensuring modularity, flexibility, and efficient resource utilization. Each component operates independently within containerized environments, allowing seamless horizontal scaling based on workload demands.

Scanning tasks are distributed across a pool of worker nodes, enabling parallel execution for improved performance and fault tolerance. Each available worker dynamically retrieves a task and executes it by invoking one or more scanners running in isolated Docker containers. This architecture supports unlimited scalability in parallel scanning, optimizing execution speed and system stability.

Scan results are parsed, stored, and uploaded to DefectDojo, enabling centralized vulnerability management. Scan reports are also available for download and review as needed.

ScanSuite supports integration with external infrastructure scanners, enabling organizations to consolidate and manage all security scans from a unified ScanSuite console. This provides a single pane of glass for security teams to oversee scan operations efficiently.

Server components can be deployed in cloud, on-premises, or hybrid environments, offering flexibility to adapt to various infrastructure needs. The following diagram illustrates an example deployment of ScanSuite’s architecture:

Here both ScanSuite and Defect Dojo are deployed on the single server (Server 1), while external scanners installed on remote servers (Server 2 and Server 3 on the diagram) and reachable by the Server 1 via HTTPS.

It is generally possible to install ScanSuite and Defect Dojo on the separate servers, ensuring the latter is also reachable by ScanSuite over HTTPS.

For productive purposes it is recommended to set up a separate PostgreSQL cluster and point both ScanSuite and Defect Dojo to the respective instances, as described in Administration section.