Software Vulnerability Management in Cloud

The Company

Flexera, United States

The Project

Software Vulnerability Management (SVM) is one of product offerings at Flexera to helps its enterprise customers build software with reduced security risk. It is offered as Cloud Edition and an On-Premise Edition. Using this solution companies assess, prioritize and fix vulnerabilities in their codebases before the risk starts increasing. Both Cloud and On-Premise editions of SVM are available to customers with built in modules for

  • Initial configuration to set up the account, account directories, password policies and disk - partitions.

  • Code scanning using either installable agent or remote scan using Cloud Edition.

  • Assessment of Vulnerability Priorities

  • Patching via Vendor Path Module

  • Policy Manager to configure internal Compliance Policy Rules to associate with customer account

  • Extensive Reporting with Dashboards for threat intelligence and maintenance.

Tech Stack
  • Node.js

  • Docker

  • AWS Cloud

  • Apache Solr

  • Apache Solr Cloud

  • Micro Services Design and Implementation

  • OAuth2.0

  • MySQL

  • Java/Groovy

The Goals
  • The enterprise customers should be able to use Cloud Edition of SVM product, perform the scanning and get the actionable reports.

  • To access cloud edition of SVM, there should be mechanisms in place for target hosts to be authenticated for remote scanning in an agent-less manner.

  • SVM product should be able to send requests to the internal services, get the information for the various open source software components, their digest files, versions, licenses, vulnerabilities.

  • Design and implement microservices to handle client requests from within the SVM product.

  • Achieve fast response time to code scanning queries.

The Approach
  • De-normalized the data from SQL databases and tokenized them into documents that could be searched using Apache Solr.

  • Worked on configuration, setup and generation of Solr indexes for open source software components and their metadata. This helped achieve fast search capabilities over millions of documents in the collections.

  • Developed Node.js based services for authentication and querying so they could serve as an entry point for customers to leverage Vulnerability Management Solution.

  • Achieved service discovery and registration on AWS cloud with the use of open source library Eureka from Netflix and deployed Eureka servers on AWS EC2 machines.

  • Created docker images and leveraged docker containers to run microservices on limited EC2 machines to reduce the hardware and deployment cost.

  • Implemented load balancing strategies with the use of proxy services.

  • Extensively used AWS for deployments, CodeCommit source control service to push and collaborate on code, CloudWatch for Service monitoring, Amazon S3 and EBS

  • Prototyped Solr infrastructure using SolrCloud.

  • Collaborated remotely with teams based out of San Francisco during the development and maintenance of Cloud infrastructure

The Results
  • This solution was successfully developed and deployed on Cloud.

  • The solution turned out be cost effective since multiple services could run inside docker containers on a single EC2 machine and the testing did not need dedicated EC2 instances either.

  • The company was able to offer Cloud offering of SVM product to its enterprise customers.

Team Structure

The team had 3 Engineers, 1 Engineering Manager, 1 Product Manager based out of San Francisco Bay Area