Architecture

ScanSuite stack follows the microservices architecture. Each component runs independently and is dockerised, which enables to scale any element as required by the workload.

Scanning tasks are distributed by the Web server to the Worker nodes via MQ. The free worker takes the task and executes it by invoking one or several scanners from the separate docker containers.

Once the scan is finished, the worker takes the results and uploads them to DefectDojo, which is also deployed on the set of docker containers, running independently from the ScanSuite docker network group, as depicted below:

The source code archive, uploaded by the user, is saved by the web server in the database for the duration of the scan. The worker takes source code from there and passes it to the scanner container.

After the scan is completed, the worker deletes the source code from all locations, ensuring that it is stored no longer than required for the duration of the scans. The scan results are saved in the database and available for the user to download as needed.

Along with embedded scanners, ScanSuite also supports external infrastructure scanners, allowing to manage all scans from the single ScanSuite console. Here is an example of how these components could be deployed:

Here both ScanSuite and Defect Dojo are deployed on the single server (Server 1), while external scanners installed on remote servers (Server 2 and Server 3 on the diagram) and reachable by the Server 1 via HTTPS.

It is generally possible to install ScanSuite and Defect Dojo on the separate servers, ensuring the latter is also reachable by ScanSuite over HTTPS.

For productive purposes it is recommended to set up a separate PostgreSQL cluster and point both ScanSuite and Defect Dojo to the respective instances, as described in Administration section.