This web application is a portal for performing static code analysis of software. The users of the

application are software developers, their managers and administrators of the web application. The

users are authenticated using a cloud based active$-$directory server which manages their identities.

The software developers can upload their code to the webserver and perform a static code analysis

$($which is run in the application server$)$ on the portal. Then the developers can view the reports from

analysis $($scan results stored in the database$)$ and prioritise the vulnerabilities to be addressed and

resolve the fixed vulnerabilities $($stored in the database$).$ The developers can also use their own IDEs

to interact with code analyser via the web services API and perform the static code analysis. Their

managers can view the vulnerabilities reported by the scan tool, view the progress made by the

development team in fixing the vulnerabilities. The administrators can manage the whole web

application.

Consider a sample transaction scenario and draw a simple DFD which includes:

$$ Highlighted entry Points

$$ Trust boundaries points

$$ External entities, data flows with directions, Data stores