Skip to main content

System Scope and Context

secureCodeBox is an orchestration platform managing scans with various security tools and processing the results. The aim of this project is to make automated vulnerability scanning easy and efficient. The diagrams below illustrate the external factors and the context in which secureCodeBox is used.

secureCodeBox only manages the scan execution. The scanning functionality itself is considered out of scope and relies on third-party security scanners.

Context Boundary​

The following diagram shows thesecureCodeBox as blackbox system and all other systems and actors depending on secureCodeBox or secureCodeBox depends on. The arrows in the diagram indicate the direction of the dependency: The system which "points with the arrow" to another system means that it depends on that other system and can't fully operate without this system.

Context boundary diagram

Systems​

The following table describes the systems secureCodeBox interacts with. The description is deliberately brief. The details of the used APIs are documented in the building block view.

SystemDescription
secureCodeBoxThis is the main system we discuss in this documentation.
Container RuntimesecureCodeBox depends on a container runtime (e.g. Docker, Podman etc.) to build the container images.
DockerHubsecureCodeBox depends on the public services from DockerHub to push/pull container images.
KubernetesKubernetes is the main foundation of the secureCodeBox. We heavily rely on the API and Custom Resources.
HelmsecureCodeBox uses Helm to build, publish and install the containers via charts in Kubernetes.
ArtifactHubsecureCodeBox depends on the public services from ArtifactHub to publish Helm charts.
S3secureCodeBox depends on an S3 API compliant backend to store its persistent data.
DefectDojo(optional) secureCodeBox can import findings into the DefectDojo vulnerability management system.
Scanner ToolssecureCodeBox depends on various security scanner tools.
CI/CDContinous Integration (CI) and Continous Deployment (CD) systems which may initialize a scan.

Roles​

The following table describes the roles interacting with secureCodeBox.

RoleDescription
OperatorThe role which operates the secureCodeBox installation. (Do not confuse with Kubernetes operator pattern, which we implement for the engine.)
TesterThe role which utilizes secureCodeBox to perform security tests.
DeveloperThe role which develops the secureCodeBox.