Overview
CodeSentry is built as a SaaS hosted solution but can be installed locally within your own domain if required. The on-premise installation uses Replicated and consequently the operating system and hardware requirements for CodeSentry are closely related to those for Replicated as described below.
This information is applicable to CodeSentry version 4.2 and above.
Platform Support
It is important to note that CodeSentry can only be installed on Linux systems.
| Linux Distribution | Version |
| Amazon Linux | 2 |
| Centos | 7.2, 7.9, 8.0-8.4 |
| Debian | 9, 10 |
| openSuse | 12-SP2 to 12-SP5 |
| Red Hat Enterprise | 7.4-7.9, 8.0-8.4 |
| Suse Enterprise | 12-SP2 to 12-SP5 |
| Ubuntu | 18.04, 20.04 |
Hardware
Hardware requirements are specific to the workload running in the cluster but the following guidelines are recommended to support bare cluster installations.
Primary:
- Memory - recommended: 132GB, minimum: 100GB
- CPU - Intel Xeon® Platinum 8175M processors with Advanced Vector Extension (AVX-512) instruction set (or better).
- Cores - recommended: 46 virtual cores, minimum: 38 virtual cores
- Disk - High-IOPS, low latency disks are required (SSD, non-NFS) - 4.5TB
Node:
- Memory - recommended: 96GB, minimum: 32GB
- CPU - recommended 16 virtual cores, minimum: 8 virtual cores
- Disk - 1.5TB
Performance
Typical performance, noted as number of targets scanned per hour, is calculated by scanning a variety of typical software packages. CodeSentry is capable of the following performance, depending upon hardware settings.
| Hardware settings | Performance |
| Minimum |
up to 2500 targets per hour |
| Recommended |
up to 4600 targets per hour |
Supported File Formats
| Analyzable File Type (mime type) |
Typical File Extension |
N-Day Shallow |
Zero-Day Shallow | N-Day Deep |
Zero-Day Deep |
|
Android Dex |
.dex | ||||
|
Android ODex |
.odex | ||||
|
Java Archive (application/zip) |
.jar | ||||
| Java Class File | .class | ||||
| Javascript files | .js | ||||
| Javascript packages | .npm | ||||
| Linux executable (application/x-executable) |
none | ||||
| Linux executable (application/x-pie executable) |
none | ||||
| Linux kernel | none | ||||
| Linux kernel module | none | ||||
| Linux shared library (application/x-sharedlib) | .so | ||||
|
Linux Object File |
.o | ||||
| MacOS executable or library (application/x-mach-binary) |
none | ||||
| Python files | .py | ||||
| Python packages | .whl, .python | ||||
| Windows dynamic linked library (application/x-dosexec) | .dll | ||||
| Windows object file | .obj | ||||
| Windows executable (application/x-dosexec) |
.exe | ||||
| Firmware files | various |
* = Shallow zero-day analysis of a .o file will complete with scan status of "Done" but no findings will be detected.
| Archive File Type | Required File Extension |
| AR | .a, .ar, .deb, .lib |
| arj | .arj |
| bzip2 | .bz2, .tbz, .tbz2 |
| Cab | .cab, .msu |
| Compound types | .msi, .msp |
| Cpio | .cpio |
| cramfs | .cramfs |
| Docker container | .tar.gz |
| Ext2 | .ext2 |
| Ext3 | .ext3 |
| Ext4 | .ext4 |
| FAT | .fat |
| Gzip | .gz, .gzip, ,tgz |
| Iso | .iso |
| lrzip | .lrz |
| lzip | .lz |
| lzma | .lzma |
| lzop | .lzo |
| MacOS Installer | .dmg (HFS/HFS+only) |
| MBR | .mbr |
| Pax | .pax |
| QNX | .ima |
| Rar | .rar |
| Rpm | .rpm |
| rzip | .rz |
| Squash FS | .sqsh |
| Tar | .tar, .ova |
| upx | .upx |
| VMDK | .vmdk |
| Xar | .xar, .pkg |
| Xz | .xz, .txz |
| ZIP | .zip, .ipa, .xpi, .vsix, .whl, .apk |
| 7z | .7z |
Supported Firmware Formats
The following formats are supported
- File Formats
- SREC
- bFLT
- base64
- Intel HEX
- uBoot
- wim
- File Systems
- JFFS2 (.img and .jffs2)
- romfs
- yaffs2
- ubifs
Other Information
The following addition information can be found in the CodeSentry datasheet
- Software Bill of Materials (SBOM) Output
- Vulnerabilities and Checks Performed
- Security Attributes
