Overview
CodeSentry is built as a SaaS hosted solution but can be installed locally within your own domain if required. The on-premise installation uses Replicated and consequently the operating system and hardware requirements for CodeSentry are closely related to those for Replicated as described below.
This information is applicable to all versions of CodeSentry that are supported via our product matrix.
Platform Support
It is important to note that CodeSentry can only be installed on Linux systems.
| Linux Distribution | Version | Disk Usage |
| Amazon Linux | 2 | * |
| Centos | 8.4, 8 Stream | * |
| Red Hat Enterprise Linux Server | 7.5-7.9, 8.1-8.9, 9.0-9.3 |
/var - Kubernetes container storage |
| Ubuntu | 18.04, 20.04, 22.04 |
/var |
Hardware
Hardware requirements are specific to the workload running in the cluster but the following guidelines are recommended to support bare cluster installations.
Primary:
- Memory - recommended: 192GB, minimum: 128GB
-
CPU - Intel Xeon® Platinum 8175M processors with Advanced Vector Extension (AVX-512) instruction set (or better).
- Cores - recommended: 46 virtual cores, minimum: 38 virtual cores
- Disk - High-IOPS, low latency disks are required (SSD, non-NFS) - 4.5TB
Node:
- Memory - recommended: 96GB, minimum: 32GB
- CPU - recommended 16 virtual cores, minimum: 8 virtual cores
- Disk - 1.5TB
Performance
Typical performance, noted as number of targets scanned per hour, is calculated by scanning a variety of typical software packages. CodeSentry is capable of the following performance, depending upon hardware settings.
| Hardware settings | Performance |
| Minimum |
up to 2500 targets per hour |
| Recommended |
up to 4600 targets per hour |
Installer Files
| Bundle | Size |
| Airgap Bundle | 5.2GB |
| KOTS installer |
4.1GB |
| CodeSentry Postgres database |
85GB or 123GB - larger file will decompress more quickly |
Ports Used
| Scope | Port Numbers |
| On primary node for HTTP communication | 80 |
| On primary node for HTTPS communication | 443 |
| Admin UI | 8800 |
| Prometheus | 30900 |
| Grafana | 30902 |
| Alertmanager | 30903 |
| Kubernetes API TCP connection | 6443 (optional for worker nodes) |
| Weave | 6783 (optional for worker nodes) |
| Logs | 10250 (optional for worker nodes) |
Supported File Formats
| Analyzable File Type (mime type) |
Typical File Extension |
N-Day/ SBOM |
Zero-Day | N-Day Deep |
Zero-Day Deep |
|
Android Dex |
.dex | ✔ | ✔ | ✔ | ✔ |
|
Android ODex |
.odex | ✔ | ✖ | ✖ | ✖ |
|
Java Archive (application/zip) |
.jar | ✔ | ✖ | ✖ | ✖ |
| Java Class File | .class | ✔ | ✖ | ✖ | ✖ |
| Javascript files | .js | ✔ | ✖ | ✖ | ✖ |
| Javascript packages | .npm | ✔ | ✖ | ✖ | ✖ |
| Linux executable (application/x-executable) |
none | ✔ | ✔ | ✔ | ✔ |
| Linux executable (application/x-pie executable) |
none | ✔ | ✔ | ✔ | ✔ |
| Linux kernel | none | ✔ | ✖ | ✖ | ✖ |
| Linux kernel module | none | ✔ | ✖ | ✖ | ✖ |
| Linux shared library (application/x-sharedlib) | .so | ✔ | ✔ | ✔ | ✔ |
|
Linux Object File |
.o | ✔ | ✖ | ✔ | ✔ |
| MacOS executable or library (application/x-mach-binary) |
none | ✔ | ✖ | ✖ | ✔ |
| Python files | .py | ✔ | ✖ | ✖ | ✖ |
| Python packages | .whl, .python | ✔ | ✖ | ✖ | ✖ |
| Windows dynamic linked library (application/x-dosexec) | .dll | ✔ | ✔ | ✔ | ✔ |
| Windows object file | .obj | ✔ | ✖ | ✖ | ✔ |
| Windows executable (application/x-dosexec) |
.exe | ✔ | ✔ | ✔ | ✔ |
| Firmware files | various | ✔ | ✖ | ✖ | ✖ |
* = Zero-day analysis of a .o file will complete with scan status of "Done" but no findings will be detected.
Operating System and Package Detection (Windows) supports analysis of Windows registry hive and Windows UWP/AppX package manifest files.
NOTE: The registry files that operating system analyzer supports are those named SOFTWARE that appear in a System32/config directory, and NTUSER.DAT
| Archive File Type | Required File Extension |
| AR | .a, .ar, .deb, .lib |
| arj | .arj |
| bzip2 | .bz2, .tbz, .tbz2 |
| Cab | .cab, .msu |
| Compound types | .msi, .msp |
| Cpio | .cpio |
| cramfs | .cramfs |
| Docker container | .tar.gz |
| Ext2 | .ext2 |
| Ext3 | .ext3 |
| Ext4 | .ext4 |
| FAT | .fat |
| Gzip | .gz, .gzip, ,tgz |
| Iso | .iso |
| lrzip | .lrz |
| lzip | .lz |
| lzma | .lzma |
| lzop | .lzo |
| MacOS Installer | .dmg (HFS/HFS+only) |
| MBR | .mbr |
| Pax | .pax |
| QNX | .ima |
| Rar | .rar |
| Rpm | .rpm |
| rzip | .rz |
| Squash FS | .sqsh, .squashfs, .sfs, .sqf, .sqfs, .sqs, .squ |
| Tar | .tar, .ova |
| upx | .upx |
| VMDK | .vmdk |
| Windows Image Format | .wim, .swm |
| Xar | .xar, .pkg |
| Xz | .xz, .txz |
| ZIP | .zip, .ipa, .xpi, .vsix, .whl, .apk |
| 7z | .7z |
Supported Firmware Formats
The following formats are supported
- File Formats
- SREC
- bFLT
- base64
- Intel HEX
- uBoot
- wim
- File Systems
- JFFS2 (.img and .jffs2)
- romfs
- yaffs2
- ubifs
Other Information
The following addition information can be found in the CodeSentry datasheet
- Software Bill of Materials (SBOM) Output
- Vulnerabilities and Checks Performed
- Security Attributes