CxSAST System Architecture Overview (v9.3.0)
The CxSAST system consists of the following components:
CxClient
CxSAST supports the following clients (user interfaces):
- Web Portal - provides an intuitive web interface to create, manage and analyze code scan projects in CxSAST.
- CxAudit - provides the capability to create or customize analysis queries for use in CxSAST.
- API - provides the capability for developers to create unique client implementations using the available APIs.
- CLI - provides a command line interface for the CxSAST functionality and CI scenarios.
- IDE Plugins - provide scanning and integrated scan result navigation directly from the IDE development environment.
- CI Plugins - provide integration to CxSAST compatible plugins (e.g. Jenkins) for CI/CD scenarios.
CxServer
CxSAST includes the following server components:
- WS (IIS Web Service) - controls CxManager actions (i.e. initiating scans, viewing results and generating reports). Access Control manages roles and users.
- CxManager - manages and integrates system components, performs all system functions utilizing the IIS Web and Result services.
- Management & Orchestration (Optional) - manages security risk and orchestrates policy management, and includes remediation intelligence for unified findings, helping to drive decision across the organization based on actionable data.
- ActiveMQ – manages messaging queues.
- CxEngine - performs the code scans.
- Database - stores scan results and system settings.
- File System - controls how the data is stored and retrieved.
Architecture Types
CxSAST supports the following:
- Centralized Architecture - all server components are installed on the same host.
- Distributed Architecture - some or all the server components are installed on dedicated hosts.
- High Availability Architecture - more than one manager is available to control the system management, ensuring that when one manager fails, the system continues to be fully operational.
The communication between CxClient and CxManager and between CxManager and the CxEngine is maintained via HTTP by default, but can be configured to be maintained via HTTPS instead.