System Scope and Context
secureCodeBox is an orchestration platform managing scans with various security tools and processing the results. The aim of this project is to make automated vulnerability scanning easy and efficient. The diagrams below illustrate the external factors and the context in which secureCodeBox is used.
secureCodeBox only manages the scan execution. The scanning functionality itself is considered out of scope and relies on third-party security scanners.
Context Boundary
The following diagram shows thesecureCodeBox as blackbox system and all other systems and actors depending on secureCodeBox or secureCodeBox depends on. The arrows in the diagram indicate the direction of the dependency: The system which "points with the arrow" to another system means that it depends on that other system and can't fully operate without this system.
Systems
The following table describes the systems secureCodeBox interacts with. The description is deliberately brief. The details of the used APIs are documented in the building block view.
System | Description |
---|---|
secureCodeBox | This is the main system we discuss in this documentation. |
Container Runtime | secureCodeBox depends on a container runtime (e.g. Docker, Podman etc.) to build the container images. |
DockerHub | secureCodeBox depends on the public services from DockerHub to push/pull container images. |
Kubernetes | Kubernetes is the main foundation of the secureCodeBox. We heavily rely on the API and Custom Resources. |
Helm | secureCodeBox uses Helm to build, publish and install the containers via charts in Kubernetes. |
ArtifactHub | secureCodeBox depends on the public services from ArtifactHub to publish Helm charts. |
S3 | secureCodeBox depends on an S3 API compliant backend to store its persistent data. |
DefectDojo | (optional) secureCodeBox can import findings into the DefectDojo vulnerability management system. |
Scanner Tools | secureCodeBox depends on various security scanner tools. |
CI/CD | Continous Integration (CI) and Continous Deployment (CD) systems which may initialize a scan. |
Roles
The following table describes the roles interacting with secureCodeBox.
Role | Description |
---|---|
Operator | The role which operates the secureCodeBox installation. (Do not confuse with Kubernetes operator pattern, which we implement for the engine.) |
Tester | The role which utilizes secureCodeBox to perform security tests. |
Developer | The role which develops the secureCodeBox. |