Case Study: Scaling Containerized Operations at Zero Cost

How DeepBlue automated enterprise Dradis CE deployment with Docker and Kubernetes

The Client: DeepBlue

DeepBlue is a cybersecurity consulting firm specializing in security assessments for enterprise clients. Operating one container per client engagement, they needed to scale their Dradis CE operations while maintaining zero licensing costs.

With Kubernetes orchestration and a container-per-client model, DeepBlue had established a technically functional deployment. However, manual operational processes weren't scaling efficiently as concurrent client engagements increased.

Max Duijsens

CTO & Founder

DeepBlue Security & Intelligence

"The combination of Dradis CE and our Docker/Kubernetes infrastructure gives DeepBlue enterprise-level security assessment capabilities without any licensing overhead.

We can spin up isolated environments for each client engagement while maintaining operational standards. Our private registry approach means we apply security patches once and they automatically propagate to all client containers."

The Problem: Manual Operations at Scale

DeepBlue had successfully implemented Dradis CE in Docker containers, achieving enterprise-grade security assessment capabilities without any licensing costs. Their deployment was technically functional, but operational processes weren't scaling efficiently.

The team was running one container per client engagement, with each deployment manually configured and patched individually. During busy periods with multiple concurrent assessments, operational inefficiencies became apparent.

This manual approach created several challenges:

  • Manual lifecycle management. Each container required individual configuration and maintenance across multiple client engagements.
  • Inconsistent patching. Operational patches and feature configurations were applied inconsistently across environments.
  • Time-intensive troubleshooting. Log collection required accessing multiple systems without centralized diagnostic capabilities.
  • Data persistence challenges. No standardized approach for preserving engagement data across container rebuilds for long-running assessments.

Container failures required extensive manual investigation, and the engineering team was spending significant time on infrastructure management rather than core security assessment work.

"DeepBlue needed to scale their successful Docker + Dradis CE approach while maintaining both operational efficiency and their zero-licensing-cost advantage."

The Right Foundation

DeepBlue's solution began with recognizing that their containerized Dradis CE foundation was solid. The challenge wasn't the core technology—it was optimizing the operational processes around it.

Their existing infrastructure was already well-designed: Kubernetes orchestration, dedicated MySQL databases per client instance, and Nginx handling TLS termination. Rather than rebuilding from scratch, they focused on systematizing their working approach.

What Was Working:

  • Kubernetes providing reliable container orchestration
  • One-container-per-client isolation delivering security and flexibility
  • Docker + Dradis CE combination delivering enterprise capabilities at zero licensing cost
  • Clean integration with existing Nginx and MySQL infrastructure

Instead of abandoning their successful container-per-client model, they needed to standardize and automate the operational workflows.

The Operational Solution

DeepBlue developed its system by focusing on three operational improvements that would reduce manual overhead while maintaining their proven container-per-client approach.

1. Standardized Container Lifecycle

Each client engagement follows a consistent approach combining isolation and persistence:

  • Spin up isolated CE containers behind existing Nginx infrastructure
  • Deploy dedicated MySQL database per client instance for complete data isolation
  • Mount shared/ directory to Kubernetes PVCs for upgrade-safe persistence
  • Bypass CE's bundled self-signed certificates (Nginx handles TLS termination)
  • Implement standardized backup and rollback procedures

2. Consistent Customization Distribution

DeepBlue's build pipeline provides consistent customization across all client containers:

  • Source integration: Automated git pull from Dradis CE repository
  • Custom configuration: Apply operational patches for feature adjustments and workflow configurations
  • Build & test: Generate container image with integrated customizations
  • Registry distribution: Publish to private registry for team-wide consumption
  • Deployment trigger: Teams pull the latest customized image across all client containers

3. Comprehensive Logging Strategy

  • Docker json-file log driver with automatic rotation (100MB max-size, 5 file retention)
  • Kubernetes integration leveraging container runtime logs
  • Standard docker logs and kubectl logs commands for diagnostic access
  • Log accessibility even after container termination

Implementation Process

DeepBlue's systematic approach ensured each step delivered practical value while building toward the complete solution.

Phase 1: Standardized Container Images

DeepBlue began by consolidating its scattered container build processes into a single, repeatable pipeline. This eliminated the configuration drift that was creating inconsistent behavior across client containers.

Phase 2: Persistent Storage Strategy

DeepBlue implemented a consistent storage pattern using shared/ directory mounts to PVCs, ensuring all client engagements maintain data persistence with clear upgrade paths.

Phase 3: Logging Infrastructure

Docker and Kubernetes capture container stdout/stderr automatically, making logs accessible for troubleshooting even after containers terminate.

Phase 4: Air-Gapped Capability

Recognition that some clients require completely isolated environments led to dual-path distribution supporting both custom Dockerfile builds and official prebuilt images.

"The Kubernetes Integration Advantage: DeepBlue's existing Kubernetes expertise accelerated implementation. Standard objects (Deployments, Services, Secrets, PVCs) provided the operational primitives needed for reliable, scalable CE deployments without vendor lock-in."

Operational Results

After implementing these improvements, DeepBlue's operational metrics showed clear benefits:

  • Zero Licensing Costs: The Docker + Dradis CE combination continues delivering enterprise-grade security assessment capabilities without any software licensing overhead
  • Standardized Deployments: Consistent container provisioning across all client engagements reduces configuration variance
  • Automated Customization Management: Feature configurations and workflow adjustments propagate automatically through private registry workflow
  • Enhanced Supportability: Access to container logs improves incident response time

Operational Changes:

Before: Manual container management requiring engineering time that could focus on security assessments

After: Automated operational workflows that scale with business growth

"Even when containers are terminated, we have complete audit trails accessible through standard Docker tooling."

Lessons That Apply Beyond DeepBlue

DeepBlue's experience reveals patterns that other cybersecurity teams can implement immediately to achieve similar Docker + Dradis CE cost savings:

  • Persistence Strategy as Foundation: Implement clear volume mapping strategies using shared/ directory patterns for consistent upgrade behavior
  • Network Architecture Simplification: Leverage existing reverse proxies (Nginx, Traefik) for TLS termination while maintaining HTTP for intra-cluster communication
  • Logging as Operational Insurance: Implement log rotation and support bundle collection from day one
  • Registry-Driven Consistency: Establish private registry workflows for consistent, patched application distribution
  • Cost-Effective Foundation First: Start with the Docker + Dradis CE combination to establish enterprise-grade security assessment capabilities without licensing fees

The Air-Gapped Reality

The Docker + Dradis CE combination provides enterprise-grade capabilities even in restricted environments without requiring expensive licensed alternatives.

Custom Build Approach: Teams can replicate DeepBlue's git pull + patch + build workflow in air-gapped environments by maintaining local source mirrors and container registries. This preserves the zero-cost advantage while enabling complete customization.

Official Image Approach: Standard container export/import workflows enable offline distribution of prebuilt Dradis CE images to isolated environments.

Regulated industries and high-security environments can implement the same operational benefits without compromising isolation requirements.

Ready to Scale Your Operations?

Ready to improve your Dradis CE operations from manual container management to standardized enterprise deployment? DeepBlue's experience demonstrates that operational improvements are achievable while maintaining zero licensing costs.

Want to ask us a question about how Dradis CE can help scale your containerized operations?

Reach out to us on our Contact page or go ahead and request a demo.

Try Dradis Community Edition

Dradis CE provides enterprise-grade security assessment capabilities with zero licensing costs. Deploy on Docker, Kubernetes, or Docker Swarm with the flexibility to customize for your operational needs.

Get Dradis CE

Happiness Report

This is how our users have rated their support interactions with us

We are trusted the world over

Hundreds of InfoSec teams in over 59 countries use Dradis every day

ArgentinaArgentina
AustraliaAustralia
AustriaAustria
BelgiumBelgium
CanadaCanada
ChileChile
DenmarkDenmark
FinlandFinland
FranceFrance
GermanyGermany
Hong KongHong Kong
HungaryHungary
IcelandIceland
IrelandIreland
IsraelIsrael
JordanJordan
MalaysiaMalaysia
MexicoMexico
NetherlandsNetherlands
NorwayNorway
PolandPoland
PortugalPortugal
QatarQatar
United Arab EmiratesUnited Arab Emirates
Saudi ArabiaSaudi Arabia
SingaporeSingapore
SloveniaSlovenia
South AfricaSouth Africa
SpainSpain
SwedenSweden
SwitzerlandSwitzerland
TaiwanTaiwan
ThailandThailand
TurkeyTurkey
UKUK
USUS

We would be more than happy to put you in touch with any of our clients in your industry or country so that you can speak with them directly about their experience with our product. Send us a note at sales@securityroots.com and we’ll get back with you with the details right away.

Seven Strategies To Differentiate Your Cybersecurity Consultancy

You don’t need to reinvent the wheel to stand out from other cybersecurity consultancies. Often, it's about doing the simple things better, and clearly communicating what sets you apart.

  • Tell your story better
  • Improve your testimonials and case studies
  • Build strategic partnerships

Your email is kept private. We don't do the spam thing.