System Configuration

System must meet specific hardware and software specification to install and use SCA360. Review the requirements before installing SCA360.

Hardware

Component
Requirements

Processors

Intel x86_64 architecture-based processor

  • Minimum: 2 vCPU

  • Recommended: 4 vCPU

Memory

Minimum: 2 GB RAM

Recommended: 4 GB RAM

Disk space

Output Directory – Minimum 100 GB

“/tmp” Directory – Minimum 40 GB

“/home” Directory – Minimum 1 GB

Operating System

Ubuntu 22.04 LTS

Red Hat Enterprise Linux 8

Note: CLI cannot be run on 32bit platform

Additional Software requirement

CLI requires the following software to be available on the system

  • Git Client

For language decomposition, please refer Toolset Configuration.

Following software can also be installed to help in troubleshooting

  • unzip

  • strace

  • screen/tmux

  • gdb

  • wget / curl

  • vim

  • tcpdump

  • jq

Security and Firewall requirements

Port
Usage

TCP/443

SCA360 will use this port to connect to the SBOM360 backend

SCA360 will use this port to fetch data from public repositories

Privileges configuration

Privilege type
Usage

Regular User

SCA360 can be executed by a regular user. There is no need to provide root or sudo privileges to the user that will run SCA360. This regular user should have a proper home directory

Network access

SCA360 requires access to connect to external networks on the ports mentioned in the “Firewall requirements” table

Depending on the configuration, SCA360 will also require access to connect to internal source and package repositories

Execution access

SCA360 will execute the following,

• Third party tools that SCA360 ships internally inside the “third_party” folder • “git” client to clone source code

Domains to which access is required

This access is required to be configured only if the Firewall does not allow outgoing HTTPS connection by default.

Services accessed

Lineaje Backend Services

https://*.v2.prod.veedna.com

Maven and Gradle Package Repository

https://repo.maven.apache.org

https://repo1.maven.org

https://repo.spring.io

https://oss.sonatype.org

https://maven.google.com https://dl.google.com

NPM and JavaScript Package Repository

https://registry.npmjs.org

Python Package Repository

https://pypi.org

Rust Package Repository

https://crates.io

Ruby Package Repository

https://rubygems.org

Dotnet Package Repository

https://api.nuget.org

Go Package Repository

https://sum.golang.org https://proxy.golang.org https://golang.org https://google.golang.org https://pkg.go.dev

Source Repository

https://github.com

https://bitbucket.org

https://gitlab.com

Vulnerability Lookup

https://*.anchore.io

https://toolbox-data.anchore.io/

Lineaje AWS S3 location

https://us-east-1-commercialprod-veedna-opa.s3.amazonaws.com/*

Ubuntu Container

https://*.ubuntu.com

Debian Container

https://*.debian.org

Red Hat Container

https://*.redhat.com

Alpine Container

https://*.alpinelinux.org

Amazon Linux Container

https://*.amazonlinux.com

PreviousSCA360: Secure Deployment for Restricted EnvironmentsNextToolset Configuration

Last updated