Cross Domain Transfer

Cross Domain Transfer is a feature that allows users to securely transfer data from a Low Side environment to a High Side environment using MetaDefender Software Supply-Chain and optionally, Data Diodes.

This feature is designed for environments where strict separation between networks is required while still allowing controlled data flow into a secure zone.

This feature is currently only accessible in the V2 Beta UI only.

Low Side Configuration

The Low Side environment is where the source code or data resides before being scanned and transferred to the High Side (secure zone).

This is typically the development or less restricted environment.

Low Side Setup

  • In your Low Side MDSSC Instance -> Open Settings.
  • Navigate to the Cross Domain Transfer tab.
  • Select "Low Side" to configure this as a Low Side environment.
  • Enable transfers using the toggle switch.
  • Enter the Data Diode address.
  • Configuring an API Key from the High Side V1 UI
  • Enter the API key from the High Side as the authorization token.
  • Click on the "Save" button.

Once the Cross Domain Transfer settings are configured on both sides, cross-domain transfers must also be enabled at the workflow level on the Low Side instance.

This is done through the V1 interface, in the workflow creation or update screen.

Setup:

  • Navigate to Workflow in the left sidebar and open or create a workflow.
  • Enable the Cross-domain transfer after scan toggle.
  • Set the Max Allowed Severity — files exceeding this threshold will be blocked from transfer.
  • If needed, enable Block transfer if secrets are found to prevent transfers when sensitive data is detected.
  • Click Continue to finalize the workflow.

High Side Configuration

The High Side environment is the secure destination where scanned source code or data is transferred after passing inspection.

This is typically the production or more restricted environment.

High Side Setup

  • In your High Side MDSSC Instance -> Open Settings.
  • Navigate to the Cross Domain Transfer tab.
  • Select "High Side" to configure this as a High Side environment.
  • Accept incoming transfers using the toggle switch.
  • Configure your Push Behavior — either via pull request or direct push.
  • Click on the "Save" button.

To push code to the High Side, ensure your API tokens have write permissions. You may need to regenerate them if they were created with read-only access.

  1. Add A GitHub Service
  2. Add A GitLab Service

Operating

Once both MDSSC instances are individually set up, you will need to link the connections for which you want cross-domain transfers.

Mapping the Transfer

  1. On the Low Side, navigate to Cross Domain Transfer and add a new connection.
  2. After adding the connection, head to the High Side and map it to a local connection via the Add Mapping panel. Transfers from the Low Side will be routed to that connection.

Triggering & Monitoring

Once the feature is configured:

  1. Initiate a scan in V1 with the previously configured workflow.
  2. Use the live logs on both the Low Side and High Side to monitor the transfer in real time.
  3. If the transfer completes successfully, your code will now be available on the High Side.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Mail Notifications
On This Page
Cross Domain TransferLow Side ConfigurationLow Side SetupHigh Side ConfigurationHigh Side SetupOperatingMapping the TransferTriggering & Monitoring