Skip to main content

Building Block View

This section describes the static view of building blocks for secureCodeBox. We use the common pattern in architecture to describe the building blocks starting from the context boundary diagram from section System Scope and Context. The context boundary diagram is a blackbox view of secureCodeBox. Here we go one level deeper and describe the secureCodeBox as whitebox system and describe all contained components as blackbox. If necessary we drill-down for each component for another whitebox view which describes its components as blackboxes. This proces of drill-down is done for each component and as deep as necessary.

To keep this part short and only as complicated as needed, we base our documentation on the C4 model for visualizing software architecture. This model suggest to drill down four levels.

  1. Context level overview, displaying the context in which the application is used.
  2. Containers level broadly describes the different data streams.
  3. Components level describing the different components and the interactions between them.
  4. Code level which will consist of class and/or database diagrams.

The first context level as suggested by C4 is covered by the previous section System Scope and Context.

Whitebox Overall System

This part describes all components contained in the secureCodeBox on the container level of the C4 model. In this context container does not necessarily mean container in the manner of OS-level virtualization, such as Docker or Podman. This term is used more open as Simon Brown describes in his talk about this model.

Overview Diagram

building blocks whitebox level one

Contained Building Blocks

note

TODO: Document the naming issue of engine vs operator.

NameDescription
EngineThe main component for scheduling scans.
Hook SDKSoftware development kit to help with writing custom hooks.
HookA mechanism to hook into the processing of findings.
LurkerSidecar container to collect the raw findings of a scanner tool.
Parser SDKSoftware development kit to help with writing custom parsers.
ParserDefinitionK8s Custom Resource to makes a parser available in k8s.
ParserComponent to parse the results of a scanner. Each scanner has a parser as companion.
ScanCompletionHookK8s Custom Resource to makes a hook available in k8s.
ScanTypeK8s Custom Resources to makes a scanner available in k8s.
ScanTODO
ScannerComponent which wraps and run a concrete security scan tool.

Important Interfaces

NameDescription
Kubernetes APIsecureCodeBox is highly integrated with the Kubernetes API.
S3 APIsecureCodeBox uses the Amazon S3 API to persist all data.

Component Blackbox Views

Engine

Purpose/Responsibility
note

Not documented yet.

Interface(s)
note

Not documented yet.

TODO: Mention operator framework here.

Hook

Purpose/Responsibility
note

Not documented yet.

Interface(s)
note

Not documented yet.

Hook SDK

Purpose/Responsibility
note

Not documented yet.

Interface(s)
note

Not documented yet.

Lurker

Purpose/Responsibility
note

Not documented yet.

Interface(s)
note

Not documented yet.

Parser

Purpose/Responsibility
note

Not documented yet.

Interface(s)
note

Not documented yet.

Parser SDK

Purpose/Responsibility
note

Not documented yet.

Interface(s)
note

Not documented yet.

ParserDefinition

Purpose/Responsibility
note

Not documented yet.

Interface(s)
note

Not documented yet.

Scan

Purpose/Responsibility
note

Not documented yet.

Interface(s)
note

Not documented yet.

ScanCompletionHook

Purpose/Responsibility
note

Not documented yet.

Interface(s)
note

Not documented yet.

ScanType

Purpose/Responsibility
note

Not documented yet.

Interface(s)
note

Not documented yet.

Scanner

Purpose/Responsibility
note

Not documented yet.

Interface(s)
note

Not documented yet.

Important Interfaces Blackbox Views

Kubernetes API

Purpose/Responsibility
note

Not documented yet.

Interface(s)
note

Not documented yet.

S3 API

Purpose/Responsibility
note

Not documented yet.

Interface(s)
note

Not documented yet.