CodeSentry: On-Premise System Requirements & Supported File Formats

Overview

CodeSentry on-site installation uses Gravity; consequently the operating system and hardware requirements for CodeSentry are closely related to those for Gravity as described below.

Platform Support

It is important to note that CodeSentry can only be installed on Linux systems.

Linux Distribution Version
Amazon 2
Centos 7.2, 7.9, 8.0-8.4
Debian 9, 10
openSuse 12-SP2 to 12-SP5
Red Hat Enterprise 7.4-7.9, 8.0-8.4
Suse Enterprise 12-SP2 to 12-SP5
Ubuntu 16.04, 18.04, 20.04
Ubuntu-Core version 16.04

 

Hardware

Hardware requirements are specific to the workload running in the cluster but the following guidelines are recommended to support bare cluster installations.

Role Memory CPU Disk
master 56GB

Intel Xeon® Platinum 8175M processors with Advanced Vector Extension (AVX-512) instruction set (or better)

25 virtual cores

High-IOPS, low latency disks are recommended.

1.1TB
node 18GB 7 virtual cores 600GB

 

Installation Types

There are three installation types available.

  • Out of the box IP access

  • Local Domain with TLS

  • Local Load Balancer (needs spare IP) with TLS : Recommended For Production

Browsers

The CodeSentry user interface is provided as a web application that you can access with a desktop web browser from one of the following desktop browsers.

  • Chromium (e.g. Chrome, Edge)
  • Firefox
  • WebKit (e.g. Safari)

Languages

There are three supported languages:

  • C
  • C++
  • Objective-C

Requirements for Scanned Files

Each new scan is carried out on a single uploaded file artifact: either a binary, or an archive.

  • Maximum file sizes are as follows.
    • Uploaded artifact: 7GB
    • Archive: 7GB
    • Analysis target: 1GB
  • Archive files may contain any combination of uploadable archive file types and analyzable binary file types
Analyzable Binary File Type File Extension

N-Day Deep/Shallow

0-Day Deep

0-Day Shallow
Linux executable
(application/x-executable)
none Screen_Shot_2022-01-24_at_12.09.50_PM.png Screen_Shot_2022-01-24_at_12.09.50_PM.png
Linux executable
(application/x-pie-executable)
none Screen_Shot_2022-01-24_at_12.09.50_PM.png Screen_Shot_2022-01-24_at_12.09.50_PM.png
Linux shared library
(application/x-sharedlib)
.so Screen_Shot_2022-01-24_at_12.09.50_PM.png Screen_Shot_2022-01-24_at_12.09.50_PM.png
MacOS executable or library
(application/x-mach-binary)
none Screen_Shot_2022-01-24_at_12.09.50_PM.png Screen_Shot_2022-01-24_at_12.10.04_PM.png
Object File
(application/x-object)
.o Screen_Shot_2022-01-24_at_12.09.50_PM.png Screen_Shot_2022-01-24_at_12.09.50_PM.png
Windows dynamic linked library
(application/x-dosexec)
.dll Screen_Shot_2022-01-24_at_12.09.50_PM.png Screen_Shot_2022-01-24_at_12.09.50_PM.png
Windows executable
(application/x-dosexec)
.exe Screen_Shot_2022-01-24_at_12.09.50_PM.png Screen_Shot_2022-01-24_at_12.09.50_PM.png

 

Archive File Type Required File Extension
AR .a, .ar, .deb, .lib
bzip2 bz2, bzip2, .tbz, .tbz2
Cab .cab, .msu
Compound types .msi, .msp
Cpio .cpio
Dmg .dmg (HFS/HFS+ only)
Gzip .gz, .gzip, .tgz, .tpz
Pax .pax
Rar .rar
Rpm .rpm
Tar .tar, .ova
Xar .xar, .pkg
Xz .xz, .txz
ZIP .zip, .jar, .ipa, .xpi, .vsix
7z .7z

 

Software Bill of Materials (SBOM) Output

There are four types of output:

  • CycloneDX
  • CSV
  • PDF
  • JSON

Vulnerabilities and Checks Performed

  • N-Day Vulnerabilities (CVE)
  • Zero-Day Vulnerabilities (CWE)
  • Security Attributes (Stack Cookies, etc. etc.)

 

 

Was this article helpful?
3 out of 3 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section

GrammaTech Resource Library
Welcome to GrammaTech's resource library. Here you will find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber attacks.
Shift Left Academy
Shift Left Academy is an educational resource to help implement a security first approach. Shift Left focuses on finding and preventing defects and security vulnerabilities early in the software development process
Blog
Posts by topic including static analysis, software assurance, and binary analysis