CxOSA System Architecture Overview
The following System Architecture diagram illustrates the main CxOSA components:
 |
Client Components
CxOSA supports following clients (user interfaces)
Web Portal - provides an intuitive web interface for managing and analyzing scan projects for CxOSA.
API - provides the capability for developers to create unique client implementations using the available APIs.
CLI - provides a command line interface for CxOSA functionality and CI scenarios.
CI Plugins - provides integration to CxOSA compatible plugins (e.g., Jenkins) for CI/CD scenarios.
Server Components
CxOSA includes the following server components:
WS (IIS Web Service) - controls CxManager actions (i.e., initiating scans, viewing results and generating reports). Access Control manages roles and users.
CxManager - manages and integrates system components, performs all system functions utilizing the IIS Web and Result services.
Management & Orchestration (Optional) - manages security risk and orchestrates policy management, and includes remediation intelligence for unified findings, helping to drive decision across the organization based on actionable data.
ActiveMQ – manages messaging queues.
CxOSA Cloud Service - Performs scans and issues scan results.
Database - stores scan results and system settings.
File System - controls how the data is stored and retrieved.
CxOSA Scan and Results Flow
Cx Client initiates a scan
Cx Server sends a fingerprint (package manager files) and full inventory (list of all suspected open source libraries) to the OSA Cloud Service
OSA Cloud Service identifies open source components and assigns metadata
OSA Cloud Service issues the scan results to the Cx Server
CxOSA scan results are stored in the Cx Server database
Cx Server issues the scan results to the Cx Client