Building Block View
This section describes the static view of building blocks for secureCodeBox. We use the common pattern in architecture to describe the building blocks starting from the context boundary diagram from section System Scope and Context. The context boundary diagram is a blackbox view of secureCodeBox. Here we go one level deeper and describe the secureCodeBox as whitebox system and describe all contained components as blackbox. If necessary we drill-down for each component for another whitebox view which describes its components as blackboxes. This proces of drill-down is done for each component and as deep as necessary.
To keep this part short and only as complicated as needed, we base our documentation on the C4 model for visualizing software architecture. This model suggest to drill down four levels.
- Context level overview, displaying the context in which the application is used.
- Containers level broadly describes the different data streams.
- Components level describing the different components and the interactions between them.
- Code level which will consist of class and/or database diagrams.
The first context level as suggested by C4 is covered by the previous section System Scope and Context.
Whitebox Overall System
This part describes all components contained in the secureCodeBox on the container level of the C4 model. In this context container does not necessarily mean container in the manner of OS-level virtualization, such as Docker or Podman. This term is used more open as Simon Brown describes in his talk about this model.
Overview Diagram
Contained Building Blocks
TODO: Document the naming issue of engine vs operator.
| Name | Description |
|---|---|
| Engine | The main component for scheduling scans. |
| Hook SDK | Software development kit to help with writing custom hooks. |
| Hook | A mechanism to hook into the processing of findings. |
| Lurker | Sidecar container to collect the raw findings of a scanner tool. |
| Parser SDK | Software development kit to help with writing custom parsers. |
| ParserDefinition | K8s Custom Resource to makes a parser available in k8s. |
| Parser | Component to parse the results of a scanner. Each scanner has a parser as companion. |
| ScanCompletionHook | K8s Custom Resource to makes a hook available in k8s. |
| ScanType | K8s Custom Resources to makes a scanner available in k8s. |
| Scan | TODO |
| Scanner | Component which wraps and run a concrete security scan tool. |
Important Interfaces
| Name | Description |
|---|---|
| Kubernetes API | secureCodeBox is highly integrated with the Kubernetes API. |
| S3 API | secureCodeBox uses the Amazon S3 API to persist all data. |
Component Blackbox Views
Engine
Purpose/Responsibility
Not documented yet.
Interface(s)
Not documented yet.
TODO: Mention operator framework here.
Hook
Purpose/Responsibility
Not documented yet.
Interface(s)
Not documented yet.
Hook SDK
Purpose/Responsibility
Not documented yet.
Interface(s)
Not documented yet.
Lurker
Purpose/Responsibility
Not documented yet.
Interface(s)
Not documented yet.
Parser
Purpose/Responsibility
Not documented yet.
Interface(s)
Not documented yet.
Parser SDK
Purpose/Responsibility
Not documented yet.
Interface(s)
Not documented yet.
ParserDefinition
Purpose/Responsibility
Not documented yet.
Interface(s)
Not documented yet.
Scan
Purpose/Responsibility
Not documented yet.
Interface(s)
Not documented yet.
ScanCompletionHook
Purpose/Responsibility
Not documented yet.
Interface(s)
Not documented yet.
ScanType
Purpose/Responsibility
Not documented yet.
Interface(s)
Not documented yet.
Scanner
Purpose/Responsibility
Not documented yet.
Interface(s)
Not documented yet.
Important Interfaces Blackbox Views
Kubernetes API
Purpose/Responsibility
Not documented yet.
Interface(s)
Not documented yet.
S3 API
Purpose/Responsibility
Not documented yet.
Interface(s)
Not documented yet.