Database Schema
Entity relationship diagram and table reference for Scanopy's PostgreSQL database.
Scanopy uses PostgreSQL to store all network discovery data. This page provides an overview of the database schema and entity relationships.
Entity Relationship Diagram
Core Tables
Organizations & Users
| Table | Purpose |
|---|---|
organizations | Top-level tenant containing users, networks, and billing info |
users | User accounts with authentication (password or OIDC) and permissions |
user_network_access | Junction table granting users access to specific networks |
invites | Pending invitations to join an organization |
Network Infrastructure
| Table | Purpose |
|---|---|
networks | Logical network container for all discovered entities |
hosts | Discovered devices (servers, containers, IoT devices) |
subnets | Network segments (VLANs, Docker bridges, VPNs) |
interfaces | Network interfaces with IP and MAC addresses |
ports | Open TCP/UDP ports on hosts |
services | Identified services running on hosts |
bindings | Links services to interfaces and ports |
Discovery & Daemons
| Table | Purpose |
|---|---|
daemons | Registered daemon instances with capabilities and status |
discovery | Discovery session records (scheduled and manual) |
api_keys | Daemon API keys for authentication |
Visualization
| Table | Purpose |
|---|---|
groups | Logical service groupings for topology diagrams |
group_bindings | Links bindings to groups with ordering |
topologies | Saved topology configurations with layout data |
shares | Public/protected sharing of topology views |
Metadata
| Table | Purpose |
|---|---|
tags | Organization-wide tags for categorization |
entity_tags | Polymorphic junction table applying tags to any entity |
user_api_keys | User API keys for programmatic access |
user_api_key_network_access | Network access grants for user API keys |
Key Relationships
Host → Services → Bindings
The discovery pipeline creates this hierarchy:
- Host — A discovered device
- Interface — Network interface on the host (IP + MAC)
- Port — Open port on the host
- Service — Identified service (e.g., PostgreSQL, Nginx)
- Binding — Links a service to an interface and/or port
This structure allows a single service to be accessible on multiple interfaces (e.g., a database listening on both LAN and Docker bridge networks).
Network Isolation
All discovery data is scoped to a network:
- Hosts, subnets, services, interfaces, ports, and bindings all have a
network_idforeign key - Networks belong to organizations
- Users are granted access to specific networks via
user_network_access
Cascade Deletes
Most foreign keys use ON DELETE CASCADE:
- Deleting an organization removes all its networks, users, and tags
- Deleting a network removes all hosts, services, subnets, and discovery data
- Deleting a host removes all its interfaces, ports, and services
Full Schema Reference
For the complete schema with all columns and types, see the detailed ER diagram below. Use the zoom controls or fullscreen mode to explore.