Data Organization

CVEScan Web organizes data using a hierarchical structure to ensure clear segregation and sharing of information. The following diagram provides a visual representation of this structure:

graph TD
    subgraph System["System"]
        Vault["Vault"]
        Project["Project"]
        Component["Component"]

        subgraph Component
            direction LR
            Scan1["Scan 1"] --> Scan2["Scan 2"] -..-> ScanN["Scan n"]
        end


        Vault --> Project
        Project --> Component
    end

System

The system is the central framework that underpins the entire CVEScan Web platform. It provides the foundational infrastructure required to manage and organize all other entities, such as vaults, projects, and components.

Vaults

A vault represents the highest level of data segregation within the system, ensuring that the data it contains is completely isolated and secure. This means that information stored in one vault is entirely separate and cannot be accessed, shared, or interacted with by other vaults, providing a robust boundary for data protection. Within a vault, users can organize their work into multiple projects, allowing for structured management of related tasks or initiatives. Each project, in turn, can be further divided into multiple components, enabling finer granularity and better organization of specific elements or functionalities. This hierarchical structure ensures flexibility while maintaining strict data isolation at the vault level.

Projects

A project serves as a logical grouping of components, offering a flexible framework for organizing and managing related elements within the system. Its scope can be tailored to fit various contexts, making it adaptable to different organizational needs. For instance, a project might represent a specific team working on a shared initiative, a product under development, or even an entire department overseeing multiple components. This flexibility allows users to define the boundaries and purpose of a project based on their unique requirements, ensuring that it aligns with their operational or business objectives. By grouping components logically, projects help streamline workflows, improve collaboration, and provide a clear structure for managing tasks and resources effectively.

Projects enable the sharing of annotations across multiple components. By defining projects thoughtfully, you can establish an optimal structure that minimizes maintenance efforts while maximizing the efficiency of shared annotations.

Each project is associated with a specific vault.

Components

Components are distinct software units analyzed for vulnerabilities, such as a Yocto layer, a service, or any other software artifact. They are the core entity for CVEScan Web's vulnerability analysis process. Each component is associated with specific projects.

A component serves as a repository for scans, which are mainly reports generated by the CVEScan CLI. These scans are processed to extract vulnerabilities, match them with existing annotations, and track the security posture of the component over time. For more details, refer to the Vulnerability Management documentation.

Components can include an optional metadata field called transversal, which is a string value used to tag them. This tagging mechanism allows vulnerability analysis to be shared across multiple components within the same vault that share the same transversal value, regardless of their associated projects. For example, in the context of a hardware architecture, components using x86 processors may share vulnerabilities or security considerations. By assigning the same transversal value to these components, users can ensure that annotations related to common vulnerabilities are uniformly shared across all relevant components.