GraphNode
Docs/Getting Started

Getting Started

GraphNode is an enterprise static application security testing (SAST) platform that performs deep data flow analysis across your source code to detect vulnerabilities before they reach production.

Platform Overview

GraphNode provides comprehensive application security through two core modules: SAST (Static Application Security Testing) for source code analysis, and SCA (Software Composition Analysis) for third-party dependency vulnerability detection.

SAST Engine

Deep data flow and taint analysis across 13+ languages with 780+ built-in security rules. Tracks vulnerability propagation from source to sink.

SCA Module

Scans third-party libraries and transitive dependencies for known CVEs. Provides license compliance tracking and upgrade recommendations.

Key Capabilities

Deep data flow & taint analysis
780+ security rules across OWASP, CWE, SANS
13+ programming languages supported
On-premise deployment for data sovereignty
CI/CD pipeline integration
Role-based access control (RBAC)

Architecture

GraphNode uses a distributed architecture where the web application manages projects, users, and results, while one or more scan engines perform the actual code analysis. Engines can be deployed across multiple machines for parallel scanning.

UserHTTPSWeb ApplicationProject ManagementUser & Role ManagementAudit & ReportingAnalytics DashboardDatabaseAPIScan Engine 1SAST AnalysisData Flow TrackingScan Engine 2SAST AnalysisEngine N...IntegrationsGitHub / GitLabAzure DevOpsBitbucket / SVN───────────Jenkins / BambooJira───────────SAML SSO / AD
Note: GraphNode is deployed on-premise. All source code and scan results remain within your infrastructure. Multiple scan engines can be distributed across machines for parallel analysis.

System Requirements

Web Application Server

OSWindows Server 2016+, Ubuntu 18.04+, RHEL 7+
CPU4+ cores recommended
RAM8 GB minimum, 16 GB recommended
Storage50 GB+ (depends on project count and scan history)
DatabaseSQL Server 2016+ or PostgreSQL 12+

Scan Engine Server

OSWindows Server 2016+, Ubuntu 18.04+, RHEL 7+
CPU8+ cores recommended (analysis is CPU-intensive)
RAM16 GB minimum, 32 GB for large codebases
NetworkAccess to web application server via configured port

Quick Start

Follow these steps to run your first security scan with GraphNode.

1

Log in and create a project

Navigate to your GraphNode instance and log in with your credentials. Go to Projects and click New Project.

Projects+ New Project
2

Choose your scan type

Select how you want to provide source code: upload a ZIP archive for local scanning, or connect a repository (GitHub, GitLab, Azure DevOps, Bitbucket, or SVN) for automated scanning.

Local Scan

Upload ZIP archive

Repository Scan

GitHub, GitLab, Azure DevOps, Bitbucket, SVN

3

Configure and run the scan

Set file/folder exclusions if needed, optionally configure a scan schedule, then click Start Scan. The engine will analyze your code and report results to the dashboard.

4

Review findings in the Audit module

Once the scan completes, navigate to the Audit module to review detected vulnerabilities. Use data flow visualization to understand how tainted data propagates from source to sink, and triage findings as Exploitable, False Positive, or Suppressed.

Next Steps

Set up users and assign roles Connect a repository for automated scanning Configure CI/CD and issue tracking integrations

Supported Languages

C#
.NET Core
Java
Kotlin
JavaScript
TypeScript
Python
PHP
C / C++
Swift
Objective-C
Ruby
HTML
Angular
Vue.js
React