REST API Server architecture is designed for organizations running a very large deployment of Security Reviewer requiring maximum application uptime. High availability is achieved by adding redundancy to every node in the system. When combined with the Horizontal Scalability feature, REST API Server architecture ensures rapid, reliable code analysis reporting - even when your instance grows to global proportions hosting thousands of users and projects.

REST API Server architecture is designed to run in a clustered configuration to make it resilient to failures. It is provided by Dependency Track Server. The default configuration for the REST API Server comprises 5 servers and a Load Balancer:

  • Two application nodes responsible for handling web / REST requests from users (WebServer process) and handling analysis reports. You can add application nodes to increase REST API response and reporting capabilities.

  • Two Security Reviewer (SR) nodes that host the scanning processes.  You can add SR nodes to increase scanning capabilities.

  • A reverse proxy / load balancer to load balance traffic between the two application nodes. The installing organization must supply this hardware or software component.

  • PostgreSQL, Oracle, or MySQL database server. This software must be supplied by the installing organization.

Here is a sample diagram of the default topology:

All servers, including the database server, must be co-located (geographical redundancy is not supported) and have static IP addresses (reference via hostname is not supported). Network traffic should not be restricted between application and SR nodes.