This chapter describes the main technical concepts used as solution strategy to implement secureCodeBox.
First lets narrow down the core responsibility of secureCodeBox. The whole system's responsibility is:
- to orchestrate various security scanners, and
- process and persist the findings from these scanner's results.
In version 1 we achieved this with an own application based on a business process engine. More about this topic and its drawbacks are described in the blog post Why secureCodeBox 2.0. Due to these drawbacks we decided to use Kubernetes to manage scanners as custom resources and make an own implementation for this aspect of the system obsolete. More details about this decision is described in the previously linked ADR.
The move to Kubernetes as implementation of our orchestration has the consequence that we do not have the SQL persistence available as in typical Java based application stacks. So, we [decided to use S3 and its API as our main persistence layer][ADR-16]. More details about this decision is described in the previously linked ADR.