Requirements for Sensor Scans
This topic explains the system and storage requirements for different scan types.
System Requirements
By default, the CS Sensor is installed with 4 scan threads. In cases of limited resources, the sensor can run on a single thread.
You need to use --limit-resource-usage parameter to limit the usage of resources for the scans. Note that using --limit-resource-usage affects the overall scan time.
Refer to the table below to know system requirements for the scans, considering the average image size of 2GB.
| Scan Type | Scan Threads* | Host CPU Cores | Host Memory** (GB) | CPU Limit | Memory Limit*** (GB) |
|---|---|---|---|---|---|
| Dynamic Only | 4 | 4 | 8 | 500m | 2 |
| Static Only | 4 | 4 | 8 | 500m | 2 |
| Dynamic + SCA | 4 | 4 | |||
| 1 | 4 | 8 | 500m | 1 | |
| Static + SCA | 4 | 500m | 4 | ||
| 1 | 4 | 8 | 1 | ||
| Dynamic + SCA + Secret | 4 | 1000m | 4 | ||
| 1 | 4 | 8 | 1000m | 1 | |
| Static + SCA + Secret | 4 | 1000m | 4 | ||
| 1 | 4 | 8 | 1000m | 1 |
*Scan Threads - Indicates the number of scan threads offered by the sensor.
Default value: 4
**Host Memory - Total memory allocated to the host
***Memory Limit - Host memory allocated to the sensor
Storage Requirements
Dynamic Scan
Applicable to Registry Sensor only.
The Registry sensor pulls the Docker image on the host for scanning. Storage required on the partition where Docker is installed is based on the size of the image. The dynamic scan is performed on the cached image.
For an average image size of 4GB, the maximum storage requirement would be 16GB:
4GB image * 4 scan threads = 16GB
Static Scan
Applicable to General (Host) Sensor, Registry Sensor and Build (CI/CD) Sensor.
Additional storage is required on persistent storage to scan the image if the image does not have a shell. The static scan is performed on the container image. The storage requirement is approximately 3 times the size of the image.
For an average image size of 4GB where 4 scan threads are performing the image scan on images with no shell, the maximum storage requirement would be 48GB:
(4GB image * 3) * 4 scan threads = 48GB
SCA Scan
Applicable to General (Host) Sensor, Registry Sensor and Build (CI/CD) Sensor.
When the CS Sensor is running with --perform-sca-scan, it requires additional storage on the host to accommodate the image tar, which is usually the size of the image plus 100MB additional disk space used to store SCA scan metadata. The storage required is the image size plus 100MB times the number of threads performing the Docker image scan.
For an average image size of 4GB where 4 scan threads are performing the image scan, the maximum storage requirement is approximately 16.4GB:
(4GB image + 100MB) * 4 scan threads = 16.4GB
Static Log4j Detection
If static detection is triggered for images having shell, then additional space is required. This needs 3 times the size of the image.
For an average image size of 4GB, the additional storage requirement would be 12GB:
4GB image * 3 = 12GB