Building Block View
This section describes the static view of building blocks for secureCodeBox. We use the common pattern in architecture to describe the building blocks starting from the context boundary diagram from section System Scope and Context. The context boundary diagram is a blackbox view of secureCodeBox. Here we go one level deeper and describe the secureCodeBox as whitebox system and describe all contained components as blackbox. If necessary we drill-down for each component for another whitebox view which describes its components as blackboxes. This proces of drill-down is done for each component and as deep as necessary.
To keep this part short and only as complicated as needed, we base our documentation on the C4 model for visualizing software architecture. This model suggest to drill down four levels.
- Context level overview, displaying the context in which the application is used.
- Containers level broadly describes the different data streams.
- Components level describing the different components and the interactions between them.
- Code level which will consist of class and/or database diagrams.
The first context level as suggested by C4 is covered by the previous section System Scope and Context.
Whitebox Overall System
This part describes all components contained in the secureCodeBox on the container level of the C4 model. In this context container does not necessarily mean container in the manner of OS-level virtualization, such as Docker or Podman. This term is used more open as Simon Brown describes in his talk about this model.
Overview Diagram
Contained Building Blocks
| Name | Description |
|---|---|
| Engine | The main component for scheduling scans. |
| Hooks | A mechanism to hook into the processing of findings. |
| Hook SDK | Software development kit to help with writing custom hooks. |
| ScanType | Custom resources to declare all available scans (e.g. Nmap, Nikto, Nuclei, Zap, etc.). |
| Parser SDK | Software development kit to help with writing custom parsers. |
| Lurker | Sidecar container to collect the raw findings of a scanner tool. |
Important Interfaces
| Name | Description |
|---|---|
| Kubernetes API | secureCodeBox is highly integrated with the Kubernetes API. |
| S3 API | secureCodeBox uses the Amazon S3 API to persist all data. |
Engine Blackbox View
Purpose/Responsibility
note
Not documented yet.
Interface(s)
note
Not documented yet.
Hooks Blackbox View
note
Not documented yet.
Interface(s)
note
Not documented yet.
Hook Blackbox View
note
Not documented yet.
Interface(s)
note
Not documented yet.
ScanType Blackbox View
note
Not documented yet.
Interface(s)
note
Not documented yet.
Parser SDK Blackbox View
note
Not documented yet.
Interface(s)
note
Not documented yet.
Lurker Blackbox View
note
Not documented yet.
Interface(s)
note
Not documented yet.
Kubernetes API
note
Not documented yet.
Interface(s)
note
Not documented yet.
S3 API
note
Not documented yet.
Interface(s)
note
Not documented yet.