How To Create a Web Client for a Software Scanning SDK Within a Limited Timeframe While Following Major Security Measures

This entry was posted in Cybersecurity Guest Contributor and tagged Uinno.io on by

By Dmytro Braginets, Delivery Lead at Uinno.io

You can never underestimate the security question. Cybersecurity threats are the new hot topic in the modern world where technologies are thriving. Even if your business is mostly offline, you still need to do a lot of operations via digital tools. That is more relevant when you have some software solution that needs to be presented online via some web interface. You need to be sure that all the systems are well-connected and totally secure.

This is the case that you will find out about in this article – a technology-backed strategy to make a web interface for a software scanning tool. Curious about what open source has to do with it? Find out its impact below!

A software security tool used by AirForce and SpaceForce

Security requires silence. Due to the fact that the software security tool in question is used by serious US government organizations, the project itself is under a non-disclosure agreement, however, we would really like to mention certain technical aspects so that every business could see their potential in the security sphere. 

It will allow enterprises of all sizes to understand that every digital solution can be developed under the highest standards of security even if there are different parts of it created separately. In such a situation, smooth integration of all the parts is crucial and requires a high level of expertise from software developers.

In short, there is an engineering solution that can scan various software products for a huge range of potential vulnerabilities. It allows preventing any cybersecurity threats that may jeopardize crucial data of serious organizations and enterprises. 

However, it took some time and expertise to use it properly due to the lack of a convenient interface. Therefore, it was necessary to have a web interface that will help to easily set each and every scanning process and see the final results in the most convenient way. Additionally, these two parts should have been smoothly and securely integrated with each other.

An open-source ingredient

Different independent open-source tools are at the heart of the software scanning solution. They work under the hood of a single engine. This engine invokes the related tool, or a bunch of tools to provide the vulnerability checking of the git-repository, docker image, or docker container.

Trivy and Grype are examples of tools that were leveraged here. These are famous and comprehensive open-source tools that are used all over the world. These tools are vulnerability scanners that help make the software more secure and stable.

As mentioned previously, the main problem with the initial software scanning tool was the lack of a user interface (UI) to interact with. It was possible to interact with the tool via a command-line interface (CLI), but there were a lot of tradeoffs and inconveniency in this process. So a well-designed and smooth UI looked like a necessary part to move on with.

Web interface development

As a product development agency, we were involved in web development and design implementation from the scratch. We were tied to deadlines, so to make an MVP development faster, we decided to buy the already existing design system and create a new design based on it. This decision significantly shortened the development time. 

React.js and Fastify have been chosen for the frontend and backend implementation respectively. Those are also open source solutions with a mature and friendly community. We used our internally developed Fastify-based framework for providing the unchangeability and extendability of the MVP in the further development stages. 

Node.js-based framework has been chosen due to the big number of real-time interactions that were planned for the post-MVP stages of the application. 

The main restriction for this MVP project was time – just around 1 month for the solution development and integration. Due to this fact, we’ve decided to split the web development process into as small parts as possible and provide feedback and demos to the client on a regular basis. It was very important to keep the connection with the client to receive instant feedback and provide the changes as soon as possible.

If we want to split off all the tools and processes and their roles in the project we’ll see the next:

  1. Vulnerability scanners such as Trivy and Grype are the heart of the tool;
  2. These scanners were wrapped by the Python code to provide a single interface;
  3. Each of the wrapped scanners runs in a separate Docker container;
  4. All the containers were orchestrated by the Kubernetes;
  5. The scanning results are stored in the MongoDB database;
  6. Node.js-based part of the application interacts with the Kubernetes cluster and MongoDB database to handle all the necessary data for the UI presentation;
  7. The presentation layer is the React-based web application.

All of the mentioned tools are open-source. And we haven’t even counted various development and testing tools that were used during the development process.

The overall importance of open source

Despite the fact that we have used open source tools, the overall scanning software tool has managed to become a really secure digital solution with a convenient and safely integrated web interface. The level of organizations that use the tool in their everyday practice is the strongest evidence.

Open source tools allow digital products to be understandable to a vast majority of software developers which leads to faster project development. Any tech inconsistencies can be solved easily due to a friendly and big community around each open source tool. The more progressive a tool is, the more vulnerability preventions are already developed which makes the leverage of open source software extremely secure.

Conclusions

These days data protection and security policies are of extreme importance. Especially at serious security organizations and huge enterprises. 

This is just one case that proves the possibility of creating really secure software products using the right development approaches. So if you need truly safe software free from cybersecurity flaws, especially with some digital security solution, just make the right technological web part with the right security level!

Dmytro Braginets is an experienced software engineer and a Delivery Lead at Uinno, a product development agency that solves business challenges with the best fitting technologies which result in future-ready apps, websites, and digital solutions for all domains. He believes that solid architecture should be the ground for each project’s success. He sees technologies as just tools serving a mission to help software developers create the most optimal solution for each business objective. 

Follow and connect with Dmytro on LinkedIn or contact his team directly on social media for more information on cybersecurity, AI/ML, blockchain, and other exciting technologies.

.

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.