1.1 Overview
1.1.1 System Architecture
SCCVIP consists of two parts:
- Vulnerability Repository (hosted on cloud) scans public vulnerability databases periodically and builds Supported Open-Source Projects from source to generate Vulnerability Sources (see 5-vulnerability-repo for details)
- SCCVIP SourceGuard (API and web pages deployed on prem) deployed to scan binaries in Assets for vulnerabilities using Vulnerability Sources
1.1.2 System Components
Web Frontend includes this pages:
- Project Listing
- Project Creation/Management
- External Vulnerability Scanner Management
- Asset Dashboard
- Vulnerability Viewer
- Workflow Task Creation
- Workflow Task Details
Vulnerability Sources is the local copy of Vulnerability Sources from Vulnerability Repository. This can be customized according to license or the environment of the customer.
Project Management module will login the Assets using the credentials provided by the User during project creation and use Asset Agent to scan for supported binaries in the Assets with the corresponding VulSource.
Workflow provides API to manage Tasks and User comments. It also trigger Notification to the Users.