Architecture
Overview
The SCCCE system is designed to be modular and scalable, allowing for easy integration of new compliance tools and reporting mechanisms. It leverages Go's concurrency features (goroutines and wait groups) for efficient execution of multiple compliance checks simultaneously.
API
The API architecture of the system is built around several key components:
-
K8S Compliance Service:
- Handles Kubernetes compliance checks and benchmarking.
- Implements functions like
runK8SBenchmarkto execute various compliance tools. - Utilizes multiple tools such as kube-hunter, kube-bench, kube-linter, and kube-score.
-
Version Management:
- Maintains version information including git version, commit, tree state, and build date.
- Provides functionality to retrieve and print version details.
-
Scan Reporting:
- Implements scanning functions for different tools (e.g., scanKubelinter, scanKubescore).
- Generates and saves reports in specified formats (usually JSON).
-
Report Management:
- Handles listing and retrieval of offline reports.
- Utilizes MongoDB for storing and querying report data.
-
File Upload Handling:
- Manages the upload of offline reports.
- Implements file validation and secure storage.
The API is designed to be modular and extensible, allowing for easy integration of new compliance tools and reporting mechanisms. It leverages Go's concurrency features (goroutines and wait groups) for efficient execution of multiple compliance checks simultaneously.
Web
The web architecture of the system is built around several key components:
-
Frontend Framework:
- Utilizes a modern JavaScript framework (Vue.js) for building the user interface.
- Implements component-based architecture for modular and reusable UI elements.
-
State Management:
- Employs a state management solution (Pinia) to handle application-wide data and state.
- Ensures consistent data flow and reactivity across components.
-
Routing:
- Implements client-side routing for seamless navigation between different views and pages.
- Utilizes the framework's built-in router.
-
API Integration:
- Implements services or utilities for making HTTP requests to the backend API.
- Handles authentication, request/response interceptors, and error handling.
-
Responsive Design:
- Utilizes CSS frameworks or custom styling solutions to ensure responsiveness across various device sizes.
- Implements mobile-first design principles for optimal user experience on all devices.
-
Internationalization (i18n):
- Implements multi-language support using i18n libraries.
- Manages translations and locale-specific content.
-
Security:
- Implements client-side security measures such as input validation and sanitization.
- Utilizes secure authentication mechanisms (JWT tokens) for user sessions.
-
Performance Optimization:
- Implements lazy loading for components and routes to improve initial load times.
- Utilizes code splitting and bundle optimization techniques.
-
Testing:
- Implements unit tests for individual components and functions.
The web architecture is designed to be scalable, maintainable, and performant, providing a smooth user experience while efficiently interacting with the backend API.
Database
The database architecture of the system is built around several key components:
- MongoDB
MongoDB is used as the primary database for storing project data, reports, and other persistent information. The MongoDB configuration is defined in the DBConfig struct:
type DBConfig struct {
DBName string `yaml:"dbName"`
Username string `yaml:"username"`
Password string `yaml:"password"`
Host string `yaml:"host"`
Port int `yaml:"port"`
}
- Redis
Redis is used for caching, although its usage is currently limited. The Redis configuration is defined in the RedisConfig struct:
type RedisConfig struct {
Enable bool `yaml:"enable"`
Host string `yaml:"host"`
Port int `yaml:"port"`
Password string `yaml:"password"`
}
- IndexedDB
On the client-side, the application uses IndexedDB for local storage and caching. The IndexedDB setup is defined in:
The objects stored in IndexedDB are:
rulesetprojectDataprojects