CodeSentry: On-Premise System Requirements & Supported File Formats

Overview

CodeSentry is built as a SaaS hosted solution but can be installed locally within your own domain if required. The on-premise installation uses Replicated and consequently the operating system and hardware requirements for CodeSentry are closely related to those for Replicated as described below. 

This information is applicable to all versions of CodeSentry that are supported via our product matrix.

Platform Support

It is important to note that CodeSentry can only be installed on Linux systems.

Linux Distribution Version Disk Usage
Amazon Linux 2 *
Centos 8.4, 8 Stream *
Red Hat Enterprise Linux Server 7.5-7.9, 8.1-8.9, 9.0-9.3
/var - Kubernetes container storage
Ubuntu 18.04, 20.04, 22.04
/var

 

Hardware

Hardware requirements are specific to the workload running in the cluster but the following guidelines are recommended to support bare cluster installations.

Primary:

  • Memory - recommended: 132GB, minimum: 100GB
  • CPU - Intel Xeon® Platinum 8175M processors with Advanced Vector Extension (AVX-512) instruction set (or better).
    • Cores - recommended: 46 virtual cores, minimum: 38 virtual cores
  • Disk - High-IOPS, low latency disks are required (SSD, non-NFS) - 4.5TB

Node:

  • Memory - recommended: 96GB, minimum: 32GB
  • CPU - recommended 16 virtual cores, minimum: 8 virtual cores
  • Disk - 1.5TB

Performance

Typical performance, noted as number of targets scanned per hour, is calculated by scanning a variety of typical software packages. CodeSentry is capable of the following performance, depending upon hardware settings.

Hardware settings Performance
Minimum

up to 2500 targets per hour

Recommended

up to 4600 targets per hour

 

Installer Files

Bundle Size
Airgap Bundle 5.2GB
KOTS installer

4.1GB

CodeSentry Postgres database

85GB or 123GB - larger file will decompress more quickly

 

Ports Used

Scope Port Numbers
On primary node for HTTP communication 80
On primary node for HTTPS communication 443
Admin UI 8800
Prometheus 30900
Grafana 30902
Alertmanager 30903
Kubernetes API TCP connection 6443 (optional for worker nodes)
Weave 6783 (optional for worker nodes)
Logs 10250 (optional for worker nodes)

 

Supported File Formats

Analyzable File Type (mime type)
Typical File Extension

N-Day/

SBOM

Zero-Day N-Day Deep
Zero-Day Deep

Android Dex

.dex

Android ODex

.odex

Java Archive (application/zip)

.jar
Java Class File .class
Javascript files .js
Javascript packages .npm
Linux executable
(application/x-executable)
none
Linux executable
(application/x-pie executable)
none
Linux kernel none
Linux kernel module none
Linux shared library (application/x-sharedlib) .so

Linux Object File *
(application/x-object)

.o
MacOS executable or library
(application/x-mach-binary)
none
Python files .py
Python packages .whl, .python
Windows dynamic linked library (application/x-dosexec) .dll
Windows object file .obj
Windows executable
(application/x-dosexec)
.exe
Firmware files various

* = Zero-day analysis of a .o file will complete with scan status of "Done" but no findings will be detected.

 

Operating System and Package Detection (Windows) supports analysis of Windows registry hive and Windows UWP/AppX package manifest files.

NOTE: The registry files that operating system analyzer supports are those named SOFTWARE that appear in a System32/config directory, and NTUSER.DAT

 

Archive File Type Required File Extension
AR .a, .ar, .deb, .lib
arj .arj
bzip2 .bz2, .tbz, .tbz2
Cab .cab, .msu
Compound types .msi, .msp
Cpio .cpio
cramfs .cramfs
Docker container .tar.gz
Ext2 .ext2
Ext3 .ext3
Ext4 .ext4
FAT .fat
Gzip .gz, .gzip, ,tgz
Iso .iso
lrzip .lrz
lzip .lz
lzma .lzma
lzop .lzo
MacOS Installer .dmg (HFS/HFS+only)
MBR .mbr
Pax .pax
QNX .ima
Rar .rar
Rpm .rpm
rzip .rz
Squash FS .sqsh, .squashfs, .sfs, .sqf, .sqfs, .sqs, .squ
Tar .tar, .ova
upx .upx
VMDK .vmdk
Windows Image Format .wim, .swm
Xar .xar, .pkg
Xz .xz, .txz
ZIP .zip, .ipa, .xpi, .vsix, .whl, .apk
7z .7z

 

Supported Firmware Formats

The following formats are supported

  • File Formats
    • SREC
    • bFLT
    • base64
    • Intel HEX
    • uBoot
    • wim
  • File Systems
    • JFFS2 (.img and .jffs2)
    • romfs
    • yaffs2
    • ubifs

Other Information

The following addition information can be found in the CodeSentry datasheet

  • Software Bill of Materials (SBOM) Output
  • Vulnerabilities and Checks Performed
  • Security Attributes
Was this article helpful?
4 out of 4 found this helpful

Articles in this section

White Papers
Read our white papers to find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber-attacks.
Product Sheets
Read our datasheets and company briefs to gain quick insights into our solutions, products, and integrations, including their capabilities, benefits, and supported environments.
TalkSecure
Topics relating to DevSecOps, application security testing (AST), binary analysis, product security, software assurance and others.
X