Glossary
API: An Application Programming Interface (API) is a computing interface which defines interactions between multiple software intermediaries.
Charts: Template files for Helm to configure the deployment on [Kubernetes][k82].
Container: Concept for OS-level virtualization.
CRD: Acronym for Custom Ressource Definition.
Custom Resource Definition (CRD): This is a concept from Kubernetes to define custom resource types additionally to the provided ones from Kubernetes.
GUID: Acronym for Globally Unique Identifier.
Hook: A hook is a concept in secureCodeBox to give the opportunity to react on detected findings. Hooks are invoked after parsing and storing the Findings. There are two kinds of Hooks: ReadHooks and ReadWriteHooks. See the hooks documentation for more details.
Job: A Job creates one or more Pods and will continue to retry execution of the Pods until a specified number of them successfully terminate. (see official Kubernetes documentation.)
Engine: This is the central component of the secureCodeBox which controls the business logic. It implements the operator pattern.
Finding: This is one single possible security issue found by a scanner which is stored as well-defined format.
K8S: Acronym for Kubernetes.
Lurker: This sidecar is a generic component responsible to "lurk" the results spit out by scanners and stores it into the storage for further processing by the parser.
Operator: The operator pattern is a common pattern in Kubernetes to extend Kubernetes.
Parser: This job is a scanner specific component which reads the raw stored findings from the lurker and transforms them into the well defined format for secureCodeBox findings. Each scanner needs its own parser implementation.
Raw finding: In contrast to findings these are the raw results from the scanner before they were converted into the well-defined format for findings.
SCB: Acronym for secureCodeBox (This Project).
Scanner: This is the main component to actually perform a scan. This is simply a container which encapsulates a scanner tool (e.g. nmap, nuclei etc.) and invokes it, parameterized by the custom resource definition for this scan type.
Scanner tool: These are the command line tools we integrate into secureCodeBox to perform the actual scan (e.g. Nmpa, Nuclei, Nikto, ZAP etc.).
Scan type: Own custom resource definition for the secureCodeBox scanners.
Sidecar : This is a common DevOps pattern for Kubernetes. It is a container with one responsibility which extends a container. We use this pattern for the lurker.
Security Operations Center (SOC): A unit, team or department responsible for monitoring and handle security issues and vulnerabilities in an organisation.
Storage: The component we use to store raw and parsed findings.