Skip to content

Latest commit

 

History

History
44 lines (37 loc) · 1.82 KB

README.md

File metadata and controls

44 lines (37 loc) · 1.82 KB

Vulnerability Scanner System

Vulnerability Scanner System is the microservices system (HTTP requests and messages) that allow the user can scan and report the vulnerabilities of repositories in Github. There are four parts:

  • The API Gateway
  • The Scanner
  • The Insight
  • The Storage

Architecture

Architecture

1. The API Gateway

The API Gateway is the gateway that exposes the APIs for client. It helps protect the internal services by Authentication, Ratelimit, etc. Therefore, in this case, the Scanner & Insight do not need to care more about the security or network traffic. More details here.

2. The Scanner

The Scanner is the core service of the system. More details here.

3. The Insight

The Insight is the analytical service. More details here

4. The Storage

The Storage holds the information of vulnerabilities that are inserted by The Scanner and The Insight also uses it for analysis. More details here.

How to start the system

Just do

docker-compose up -d

and ☕ | 🍵

Notes

There are a few enhancement when I have time:

  • Multi repositories scanning feature cannot find the vulnerabilities.
  • Improve the structs in the Scanner, they are too confused. Should I rename the vulnerabilities table to repositories table for more consistency?
  • Need to inject your $GITHUB_TOKEN to the header of /scanner/v1/scan or /scan API to scan the public and private repositories. I'm still investigating what the root cause is. Reference: here.
  • Implement proto files for API facing & Swagger.
  • Implement functioncal tests and add more unit tests
  • Migrate docker-compose to Kubernetes & Helm Chart.
  • Observability for stats & logging
  • ...