Overview
CodeSentry on-site installation uses Gravity; consequently the operating system and hardware requirements for CodeSentry are closely related to those for Gravity as described below.
Platform Support
It is important to note that CodeSentry can only be installed on Linux systems.
| Linux Distribution | Version |
| Amazon | 2 |
| Centos | 7.2, 7.9, 8.0-8.4 |
| Debian | 9, 10 |
| openSuse | 12-SP2 to 12-SP5 |
| Red Hat Enterprise | 7.4-7.9, 8.0-8.4 |
| Suse Enterprise | 12-SP2 to 12-SP5 |
| Ubuntu | 16.04, 18.04, 20.04 |
| Ubuntu-Core version | 16.04 |
Hardware
Hardware requirements are specific to the workload running in the cluster but the following guidelines are recommended to support bare cluster installations.
| Role | Memory | CPU | Disk |
| master | 56GB |
Intel Xeon® Platinum 8175M processors with Advanced Vector Extension (AVX-512) instruction set (or better) 25 virtual cores |
High-IOPS, low latency disks are recommended. 1.1TB |
| node | 18GB | 7 virtual cores | 600GB |
Installation Types
There are three installation types available.
-
Out of the box IP access
-
Local Domain with TLS
-
Local Load Balancer (needs spare IP) with TLS : Recommended For Production.
Browsers
The CodeSentry user interface is provided as a web application that you can access with a desktop web browser from one of the following desktop browsers.
- Chromium (e.g. Chrome, Edge)
- Firefox
- WebKit (e.g. Safari)
Languages
There are three supported languages:
- C
- C++
- Objective-C
Requirements for Scanned Files
Each new scan is carried out on a single uploaded file artifact: either a binary, or an archive.
- Maximum file sizes are as follows.
- Uploaded artifact: 7GB
- Archive: 7GB
- Analysis target: 1GB
- Archive files may contain any combination of uploadable archive file types and analyzable binary file types
| Analyzable Binary File Type | File Extension |
N-Day Deep/Shallow 0-Day Deep |
0-Day Shallow |
| Linux executable (application/x-executable) |
none |  |
|
| Linux executable (application/x-pie-executable) |
none | |
|
| Linux shared library (application/x-sharedlib) |
.so | |
|
| MacOS executable or library (application/x-mach-binary) |
none | |
 |
| Object File (application/x-object) |
.o | |
|
| Windows dynamic linked library (application/x-dosexec) |
.dll | |
|
| Windows executable (application/x-dosexec) |
.exe | |
|
| Archive File Type | Required File Extension |
| AR | .a, .ar, .deb, .lib |
| bzip2 | bz2, bzip2, .tbz, .tbz2 |
| Cab | .cab, .msu |
| Compound types | .msi, .msp |
| Cpio | .cpio |
| Dmg | .dmg (HFS/HFS+ only) |
| Gzip | .gz, .gzip, .tgz, .tpz |
| Pax | .pax |
| Rar | .rar |
| Rpm | .rpm |
| Tar | .tar, .ova |
| Xar | .xar, .pkg |
| Xz | .xz, .txz |
| ZIP | .zip, .jar, .ipa, .xpi, .vsix |
| 7z | .7z |
Software Bill of Materials (SBOM) Output
There are four types of output:
- CycloneDX
- CSV
- JSON
Vulnerabilities and Checks Performed
- N-Day Vulnerabilities (CVE)
- Zero-Day Vulnerabilities (CWE)
- Security Attributes (Stack Cookies, etc. etc.)
Comments
Article is closed for comments.