We define an application as a single deployment unit written in PHP or Java that you would like to scan for security issues. For example, Wordpress, and some other web applications like XVWA:
When new code is added to an application slot, RIPS will lock this code base as 1 application. From now on, only modified versions of this application can be scanned. We recommend to include all security relevant components and dependencies to your application's code when scanning so that RIPS can analyze all code paths that could case security issues.
Note: Once an application slot is locked with a code base it cannot be deleted and reused with a completely different code base later.
You can find examples of typical PHP applications at: https://demo.ripstech.com
For example, WordPress is counted as 1 PHP application. Once WordPress is added to an application slot, you can then scan all subversions of WordPress (v4.6, v4.7, v4.8, etc) with this application slot. RIPS checks if the code of each rescan is similar to the previously scanned version to determine if it is still the same application. A threshold of ~20% allows even larger code changes between two scans.
If you would like to scan Joomla! as a second PHP application, its code is fundamentally different than of WordPress. Hence, you need to use a second application slot. You can rescan all patches and code changes in Joomla with this new application slot. But Joomla cannot be scanned with your WordPress application slot because the code is too different.
What about microservices?
We recommend to scan your application in a post-build status and as it is used in production. This ensures that all relevant components are included into the scan that can cause security issues independently but also when used in combination. Depending on your organization and the size of your microservices it can also make sense to use an application slot for each microservice so that security trends and reports can be tracked independently. Our sales team is happy to help to customize a license for your individual needs.
Can I combine multiple applications to one?
Scanning multiple applications with 1 application slot violates our EULA and can lead to the termination of your license. Technical issues can arise that will not be covered by our support and application slots may be irrevocably lost.