Understanding DeployHub Objects
Introduction
DeployHub’s core Objects are Domains, Applications, Components, Environments and Endpoints. These Objects organize, aggregate, and version independently released artifacts with their DevSecOps metadata such as deployment location, Software Bill of Materials, OpenSSF Scorecard, and known vulnerabilities. This data is the basis for analyzing your software system’s security posture and tracking vulnerabilities to where they are running in your environment.
Objects related to gathering Security Intelligence include:
- Domains - Organizes data into “solution” spaces
- Components - An independently deployed artifact such as files, APIs, Microservices, Containers
- Applications - A collection of independently deployed artifacts (Components) that serves as a complete software solution.
- Environments - The location where the Application is running.
- Endpoints - The clusters, servers, or Virtual Machines within the Environment where a Component is running.
DeployHub includes an agentless deployment engine for organizations who are looking to standardize on a deployment process. Objects related to DeployHub’s Internal Deployment engine includes:
- Release
- Credentials
- DropZone
- DropZone File
- Notifiers
Following is a description of each Object and their attributes.
Domain Object
The Domain Object represents the highest order of organization for managing Applications, Components and Environments. Domains are hierarchical and can have Subdomains. Subdomains inherit the parents properties, and access.
Your Components, are organized based on Domains and Subdomains which you define. Domains categorize Components that solve the same ‘problem sets.’ In a similar way, Applications are assigned to Domains. In addition, Environments and Endpoints are associated to Domains that are running Applications.
The highest level Domain is your Global Domain. With the SaaS version, your Global Domain name is defined based on your Company. With the on-premise installation, you will see a Domain called Global.
The following properties can be accessed on the Domain object:
| Property | Description | |
|---|---|---|
| ID | Domain id, as used in the database. | |
| Name | Domain name. | |
| fqdomain | Fully qualified Domain name. | |
| Summary | Summary text. | |
| Domain | Higher level organization to which it belongs. | |
| Subdomains | Lower level organization to which it belongs | |
| Applications | The Application objects which are contained within it. | |
| Environments | The Environment objects which are contained within it. | |
| Creator | The User or Group Object representing the user who created it. | |
| Modifier | The User or Group Object representing the user who last modified it. | |
| ctime | Date Object representing the date/time it was created. | |
| mtime | Date Object representing the date/time it was last modified. | |
| Owner | User or Group Objects that owns it. |
Component Object
DeployHub manages artifacts and other reusable objects as Components. Components are consumed by Applications. By assigning Components to Applications you track a ’logical’ view of your software solution as a whole. In cloud-native architecture, Components are loosely coupled and communicate at run-time. Defining Components to Applications supports the aggregation of security data to the Application level to produce Application security reports such as Software Bill of Materials (SBOM) reports in a decoupled architecture where hundreds of SBOMs are needed for one Application SBOM.
Components change over time. To expose changes, DeployHub takes a snapshot of the initial Component Base Version and tracks subsequent changes recorded as Component Versions. Components are associated to a Domain for organization and quick searches.
-
Component Base Version : The initial Component object that represent the artifacts being managed
-
Component Version : A child of the Component Base Version that represents changes.
A Component object has the following properties:
| Property | Description | |
|---|---|---|
| ID | A unique identifier for the Component as used in the database. | |
| Name | The name of the Component. | |
| fqdomain | Fully qualified Domain name. | |
| Summary | Description of the Component. | |
| Domain | Organization in which the Component is contained. | |
| Owner | User or UserGroup that owns the Component. | |
| Parent | The Base Component. | |
| Predecessor | The version on which this is based. | |
| Items | The items that make up this Component. | |
| Endpoint | The compute node to which this Component has been deployed. | |
| Requests | The change requests associated with this Component . | |
| Lastbuild | The last build number for this Component, 0 if never built. | |
| Creator | The User who created this Component. | |
| Modifier | The User who last modified this Component. | |
| ctime | The date/time the Component was created. | |
| mtime | The date/time the Component was last modified. | |
| Key Value Configurations | Key Value Pairs for managing associative arrays. |
Application Object
Applications are a collection of Components that are released as a single software solution. You define an Application by associating the Components it will consume. When you initially define an Application it is referenced as the Application Base Version. When an underlying Component changes, it impacts the Application creating a new Application Version. Applications are organized by a Domain.
-
Application Base Version : Defines the software product in terms of Components, Attributes, and assigned Environments.
-
Application Version : This represents any changes made in to the Base Versions.
An Application has the following properties:
| Property | Description |
|---|---|
| ID | A unique identifier for the Application in the database. |
| Name | Application name. |
| fqdomain | Fully qualified Domain name. |
| Summary | Summary of the Domain. |
| Owner | User or Group that owns it. |
| Parent | The Base Application. |
| predecessor | Predecessor Application Version. |
| Release | Defines the Application Object with more than one Application. |
| Applications | Multiple Applications used to create a Release. |
| Components | The objects that the Application consumes. |
| Approvals | Allows a control point for progressing a change within the pipeline process. |
| Requests | The Change Request objects associated with this Application. |
| creator | The User or Group who created it. |
| Modifier | The User or Group who last modified it. |
| ctime | The date/time it was created. |
| mtime | The date/time it was last modified. |
| Key Value Configurations | Key Value Pairs for managing associative arrays. |
Component and Application Relationships
There is a many-to-many relationship between Applications and Components. An Application can contain many different Components, and a Component can be used across many different Applications. Components can be easily shared between Applications. DeployHub tracks and versions the Component relationships including which Applications they impact. This is necessary for tracking vulnerabilities found at the Component level to the Application that consumes it.
Component and Application Versioning
A backend versioning datastore tracks all software configuration updates. This is done within an Application. An Application consists of one or more Components. Versioning tracks all changes in both your Application and Component attributes.
When you first define your Application, you create an Application Base Version. Over time, as you update your code and deliver new features, each change to the Application creates a new Application Version. Application Versions are a collection of all your Components in the software solution delivered to end users. Like Component Versions, there is an initial Application Base Version and subsequent Application Versions, which represent the updates over time. An Application Base Version or Component Base Version is always the first one created, and it acts as the base-line for subsequent Application or Component Versions. Otherwise they are identical types of objects.
DeployHub uses a simple versioning number schema starting at 1 and incrementing over time, for example Myapp;1, Myapp;2.
You can use your CI/CD process to include variance in your versioning number (base name, variant, version.) See CI/CD and DeployHub.
Environment Object
The Environment Object represents where an Application is published or deployed.
The following properties can be accessed for an Environment object:
| Property | Description |
|---|---|
| ID | Unique identifier as used in the database. |
| Name | Environment name. |
| fqdomain | Fully qualified Domain name. |
| Summary | Description of the Environment. |
| Domain | Domain in which it is contained. |
| Owner | User or Group Objects that owns it. |
| basedir | Base directory for deployments. |
| Endpoints | The compute node assigned to it. |
| Applications | The Applications associated to it. |
| Creator | The User or Group who created it. |
| Modifier | The User or Group who last modified it. |
| ctime | The date/time it was created. |
| mtime | The date/time it was last modified. |
| Parent | Parent Domain. |
Endpoint Object
The Endpoint object is a compute node that (Local Helm Host, container, VM/Cloud Image) represents where an Application is running. Endpoints are assigned to an Environment.
Endpoints are the containers, virtual machines, or servers where the Application has been deployed. Endpoints allow DeployHub to expose where vulnerabilities are running across your development, testing and production Environments.
Endpoints are mapped to Components and Environments. Endpoints are used to track where a Component is installed for vulnerability exposure, and referenced by the DeployHub internal deployment engine for executing deployments.
The Endpoint object has the following properties:
| Property | Description |
|---|---|
| ID | A unique identifier as used in the database. |
| Name | The Endpoint name. |
| fqdomain | Fully qualified Domain name. |
| Summary | Description of the Endpoint. |
| Domain | Domain in which it is contained. |
| Owner | User or Group that owns it. |
| Hostname | Hostname (if set) or name otherwise. |
| basedir | Base Directory for where the Application is running. |
| Credential | The logon and password used to access this Endpoint. |
| Components | The Components currently installed on it. |
| Creator | The User or Group who created it. |
| Modifier | The User or Group who last modified it. |
| ctime | The date/time it was created. |
| mtime | The date/time it was last modified. |
| Key Value Configurations | Key Value Pairs for managing associative arrays. |
Date Object
Dates track the date/time of the creation, deletion, or update of an Object.
The Date has the following properties:
| Property | Description |
|---|---|
| to_int(secs) | Returns an integer representing the date as the number of seconds since midnight on January 1st 1970 (epoch). The secs parameter is optional. If needed, the specified number of seconds is added to the date/time before the new value is returned. |
| to_char(fmt) | Formats the date into a string given by the passed fmt string. The fmt string should contain characters as specified below. |
Change Request Object
The Change Request Object represents a change request record associated with either a Component or an Application.
Data Source Objects
The Data Source object communicates with various sources of information such as databases, HTTP servers, FTP servers, etc., and can be used to connect to other DevOps tools as needed.
Group Object
The Group Object represents a collection of Users with the same Domain and security access.
The Group Object has the following properties:
| Property | Description |
|---|---|
| ID | A unique identifier as used in the database. |
| Name | Group Name. |
| Kind | Identifies whether this is a User or a Group. |
| fqdomain | Fully qualified Domain name. |
| The Group’s email address. | |
| Creator | User or Group Object representing who created this Group. |
| Modifier | User or Group Object representing who last modified this Group. |
| ctime | Date Object representing the date/time it was created. |
| mtime | Date Object representing the date/time it was last modified. |
| Owner | User or Group that owns the object. |
User Object
The User Object represents a User in DeployHub. It has the following properties:
| Property | Return Type | Description |
|---|---|---|
| ID | Integer | User id, as used in the database. |
| Name | String | User Name. |
| kind | String | Returns “user”. Used to differentiate between users and groups when retrieving an owner object. |
| fqdomain | String | Fully qualified Domain name. |
| Realname | String | The User’s full name. |
| String | The User’s email address. | |
| Phone | String | The User’s telephone number. |
| groups | Array | Array of Group Objects to which this User belongs. |
| lastlogin | Date | The date/time last logged into DeployHub. |
| Creator | User | User or Group Object representing who created this User. |
| Modifier | User | User or Group Object representing who last modified this User. |
| ctime | Date | Date Object representing the date/time the User was created. |
| mtime | Date | Date Object representing the date/time the User was last modified. |
| Owner | Object | User or Group that owns the User |
Objects Used by the Internal Deployment Engine
If your organization requires a standardized method of doing deployments, the DeployHub internal deployment engine can be configured for this use. The internal deployment engine is agentless and requires a reverse proxy. For more information on the internal deployment engine read the deployment chapter.
Release Object
A Release is only available in DeployHub. A Release is a collection of Applications that must be deployed together, sometimes referred to as a ‘Release Train.’ Releases are used as part of DeployHub’s internal deployment engine and are not required for managing Security Intelligence.
Credential Object
The Credential Object contains the logon and password needed to access EndPoints and external repositories like Git or Quay. Credentials are used by the internal deployment engine, but not required for Security Intelligence gathering.
The Credential Object has the following properties:
| Property | Description |
|---|---|
| ID | A unique identifier for the Credential as used in the database. |
| Name | The name of the Credential. |
| Summary | Description. |
| fqdomain | Fully qualified Domain name that the Credential is associated with. |
| Domain | Organization in which the Credential is associated. |
| Owner | User or Group that owns the Credential. |
| Username | Decrypted username. |
| Password | Decrypted password. |
| b64auth | A string representing the decrypted username and password together, with a : separator and then base64 encoded. Used for Basic Authorization for web-based APIs. |
| creator | The User or Group who created this Credential. |
| Modifier | The User or Group who last modified this Credential. |
| ctime | The date/time the Credential was created. |
| mtime | The date/time the Credential was last modified. |
Dropzone Object
The DropZone Object is used by the DeployHub internal deployment engine. It represents a local area where deployment artifacts are manipulated before sent to the target Endpoints. A DropZone Object is also present on the stack during Pre and Post Action processing for a Component. For example, the content of the DropZone are the files checked out from the repository for the associated Component.
A DropZone Object has the following properties:
| Property | Description |
|---|---|
| Name | DropZone name. |
| Path | The full path of where the DropZone is located. Useful for passing to external scripts that may need to manipulate files in the DropZone. |
| files | An Array of DropZone Objects, each one of which represents a file in the DropZone. The array is keyed by the full path name of the file. |
DropZone File Object
The DropZone File Object represents a file in the DropZone.
The DropZone File Object has the following properties:
| Property | Description |
|---|---|
| dzpath | The relative path of the file in the DropZone. |
| repopath | The relative path of the file as located in the repository (this path is relative to the base directory of the repository). |
| size | The size of the file in bytes. |
| ctime | The creation time of the file. |
| mtime | The modified time of the file. |
Notifier Objects
A Notifier is sent after a successful or failed deployment attempt. If these features are activated, they are also sent when deployed files have been changed, a Request Task has been used, or when an Endpoint is down, DeployHub can use SMTP (Simple Mail Transfer Protocol), Slack and HipChat for this purpose.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.