GraphNode
Docs/Getting Started

Getting Started

GraphNode is an enterprise static application security testing (SAST) platform that performs deep data flow analysis across your source code to detect vulnerabilities before they reach production.

Platform Overview

GraphNode provides comprehensive application security through two core modules: SAST (Static Application Security Testing) for source code analysis, and SCA (Software Composition Analysis) for third-party dependency vulnerability detection.

SAST Engine

Deep data flow and taint analysis across 13+ languages with 780+ built-in security rules. Tracks vulnerability propagation from source to sink.

SCA Module

Scans third-party libraries and transitive dependencies for known CVEs. Provides license compliance tracking and upgrade recommendations.

Key Capabilities

Deep data flow & taint analysis
780+ security rules across OWASP, CWE, SANS
13+ programming languages supported
On-premise deployment for data sovereignty
CI/CD pipeline integration
Role-based access control (RBAC)

Architecture

GraphNode uses a distributed architecture where the web application manages projects, users, and results, while one or more scan engines perform the actual code analysis. Engines can be deployed across multiple machines for parallel scanning.

UserHTTPSWeb ApplicationProject ManagementUser & Role ManagementAudit & ReportingAnalytics DashboardDatabaseAPIScan Engine 1SAST AnalysisData Flow TrackingScan Engine 2SAST AnalysisEngine N...IntegrationsGitHub / GitLabAzure DevOpsBitbucket / SVN───────────Jenkins / BambooJira───────────SAML SSO / AD
Note: GraphNode is deployed on-premise. All source code and scan results remain within your infrastructure. Multiple scan engines can be distributed across machines for parallel analysis.

System Requirements

GraphNode requires 2 dedicated Windows Servers. Both servers must be able to reach each other on the network without blocking or filtering.

Supported Operating Systems

Windows Server 2012 R2 (SP1)
Windows Server 2016
Windows Server 2019
Windows Server 2022

Server 1: GraphNode Enterprise Portal (UI)

OSWindows Server 2012 R2 (SP1), 2016, 2019, or 2022
CPUIntel Core i5, i7 or i9 (or benchmark equivalent)
RAM16 GB or more
Disk Space (C:)250 GB or more

Server 2: GraphNode Scan Server (Engine)

OSWindows Server 2012 R2 (SP1), 2016, 2019, or 2022
CPUIntel Core i5, i7 or i9 (or benchmark equivalent)
RAM32 GB or more
Disk Space (C:)500 GB or more

Network & Virtualization

NetworkBoth servers must be able to reach each other without blocking/filtering
Internet1 Mbps+ connection needed during installation only; can be disconnected after
VirtualizationVMware vSphere and Hyper-V virtual server solutions are supported

Software Requirements

The following software is installed by the GraphNode team during deployment:

Internet Information Services (IIS)
.NET Core Runtime Hosting Bundle
.NET Core 3.1 SDK
IIS URL Rewrite 2.1
Visual Studio 2022 Community Edition
Build Tools for Visual Studio 2022
Microsoft SQL Server Express 2022
Microsoft SQL Management Studio (SSMS)
Java JDK 8
Java JDK 10
Java JRE 10

Quick Start

Follow these steps to run your first security scan with GraphNode.

1

Log in and create a project

Navigate to your GraphNode instance and log in with your credentials. Go to Projects and click New Project.

Projects+ New Project
2

Choose your scan type

Select how you want to provide source code: upload a ZIP archive for local scanning, or connect a repository (GitHub, GitLab, Azure DevOps, Bitbucket, or SVN) for automated scanning.

Local Scan

Upload ZIP archive

Repository Scan

GitHub, GitLab, Azure DevOps, Bitbucket, SVN

3

Configure and run the scan

Set file/folder exclusions if needed, optionally configure a scan schedule, then click Start Scan. The engine will analyze your code and report results to the dashboard.

4

Review findings in the Audit module

Once the scan completes, navigate to the Audit module to review detected vulnerabilities. Use data flow visualization to understand how tainted data propagates from source to sink, and triage findings as Exploitable, False Positive, or Suppressed.

Next Steps

Set up users and assign roles Connect a repository for automated scanning Configure CI/CD and issue tracking integrations

Supported Languages

C#
.NET Core
Java
Kotlin
JavaScript
TypeScript
Python
PHP
C / C++
Swift
Objective-C
Ruby
HTML
Angular
Vue.js
React