Skip to main content

DerScanner architecture

DerScanner architecture ensures system performance and fault-tolerance. User interaction, task distribution, and code analysis are performed by different modules. Depending on user needs, you can also enable/disable certain modules to analyze applications in different programming languages.

Figure 10.64: DerScanner Architecture
Figure 10.64: DerScanner Architecture

DerScanner has the following modules:

  • Web-application:
    • UI
    • API
    • Backend
    • DB
  • Message broker
  • Daemon
  • Analysis modules:
    • Java, Scala, Kotlin, Android
    • ABAP, Apex, C#, COBOL, Dart, Delphi, GO, Groovy, HTML, JavaScript, LotusScript, Pascal, PHP, PL/SQL, Python, Perl, Ruby, Rust, Solidity, Swift, T-SQL, TypeScript, VB.NET, VBA, VBScript, Visual Basic, Vyper
    • C, C++, Objective-C
    • Executable .dll, .exe and .ipa files
    • Dynamic analysis module
    • Software Composition Analysis module
  • Integration modules:
    • CI/CD: Azure DevOps (TFS), Jenkins, TeamCity
    • CLI: CLT
    • IDE: Eclipse, IntelliJ IDEA, Visual Studio
    • Jira bug tracker
    • SonarQube code quality assurance system
  • Builder module.

Web-application. This module is a web-application deployed on the Apache Tomcat server. Web-application is responsible for interaction with other modules. It consists of 2 components: UI and Backend.

  • UI a web-application component interacting with Backend.
  • Backend a web-application component responsible for all complex/long operations:
    • DB update upon the start of scanning
    • Interaction with Message broker module:
      • requests scan status
      • uploads scan results
      • adds task to the queue
    • Uploading results to DB
    • Creating vulnerability lists and reports

DB. PostgreSQL databases store information.

Message broker. Establishes a prioritized task queue is an intermediate module between Backend and Daemon.

Daemon. Accesses Message broker to receive tasks, starts relevant analysis modules, monitors their operation, and sends status updates and scan results to Message broker.

Analysis modules. Started by Daemon via CLI, these modules analyze code and return scan status and results.

  • Java, Scala, Kotlin, Android source and binary code analysis.
  • ABAP, Apex, C#, COBOL, Dart, Delphi, GO, Groovy, HTML, JavaScript, LotusScript, Pascal, PHP, PL/SQL, Python, Perl, Ruby, Rust, Solidity, Swift, T-SQL, TypeScript, VB.NET, VBA, VBScript, Visual Basic, Vyper, and 1C source code analysis.
  • C, C++, Objective-C source code analysis.
  • Executable .dll, .exe and .ipa files analysis.
  • Dynamic analysis of web resources.
  • Software Composition analysis of open source libraries and packages used in the app code.

CLI. Command Line Interface interacts with the Backend module via network and enables access to DerScanner functionality through CLI.

Builder. This module is represented by one or more agents, and operates custom building for Java, Scala, Kotlin projects. It delivers the source code alongside artifact build commands to a prepared server, initiates the build, and sends the build artifact to the SAST module for scanning.