Architecture

ScanSuite stack follows the microservices architecture. Each component runs independently and is dockerised, which enables to scale any element as required by the workload.

Scanning tasks are distributed by the Web server to the Worker nodes via MQ. Free worker takes the task and executes it by invoking one or several scanners from the separate docker containers. This allows to scale parallel scanning as much as needed.

Once the scan is finished, worker parses, saves and uploads the results to DefectDojo, as depicted below:

The source code archive, uploaded by the user, is saved by the web server in the database only for the duration of the scan. Worker takes source code from there and passes it to the scanner container.

After the scan is completed, worker deletes the source code from all locations, ensuring that it is stored no longer than required for the duration of the scans. The scan results are saved in the database and available for the user to download as needed.

ScanSuite also supports external infrastructure scanners, allowing to manage all scans from the single ScanSuite console. Here is an example of how these components could be deployed:

Here both ScanSuite and Defect Dojo are deployed on the single server (Server 1), while external scanners installed on remote servers (Server 2 and Server 3 on the diagram) and reachable by the Server 1 via HTTPS.

It is generally possible to install ScanSuite and Defect Dojo on the separate servers, ensuring the latter is also reachable by ScanSuite over HTTPS.

For productive purposes it is recommended to set up a separate PostgreSQL cluster and point both ScanSuite and Defect Dojo to the respective instances, as described in Administration section.

PreviousIntroduction NextInstallation

Last updated 3 months ago