# Architecture

ScanSuite is built on a **highly scalable microservices architecture**, ensuring modularity, flexibility, and efficient resource utilization. Each component operates independently within **containerized environments**, allowing seamless horizontal scaling based on workload demands.

Scanning tasks are distributed across a pool of **worker nodes**, enabling **parallel execution** for improved performance and fault tolerance. Each available worker dynamically retrieves a task and executes it by invoking one or more scanners running in isolated **Docker containers**. This architecture supports **unlimited scalability** in parallel scanning, optimizing execution speed and system stability.

**Scan results** are parsed, stored, and uploaded to **DefectDojo**, enabling centralized vulnerability management. Scan reports are also available for download and review as needed.

ScanSuite supports integration with **external infrastructure scanners**, enabling organizations to consolidate and manage all security scans from a unified **ScanSuite console**. This provides a **single pane of glass** for security teams to oversee scan operations efficiently.

Server components can be deployed in **cloud, on-premises, or hybrid environments**, offering flexibility to adapt to various infrastructure needs. The following diagram illustrates an example deployment of ScanSuite’s architecture:

<figure><img src="https://4294115650-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnKyTIO2cfH1PztWRwJEe%2Fuploads%2Ff3xwkt4mNrzIBEIH4T8v%2Fimage.png?alt=media&#x26;token=c11be209-337f-4f1e-8bce-98ed9218c55c" alt=""><figcaption></figcaption></figure>

Here both ScanSuite and Defect Dojo are deployed on the single server (**Server 1**), while external scanners installed on remote servers (**Server 2** and **Server 3** on the diagram) and reachable by the **Server 1** via HTTPS.

It is generally possible to install ScanSuite and Defect Dojo on the separate servers, ensuring the latter is also reachable by ScanSuite over HTTPS.

For productive purposes it is recommended to set up a separate PostgreSQL cluster and point both ScanSuite and Defect Dojo to the respective instances, as described in Administration section.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://scansuite.gitbook.io/scansuite/architecture.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.