Need a new integration?
We’ve got the expertise to ensure you have the optimal
tools at
your disposal to maximise your security workflow.
We Integrate with the tools our customers need
Our cutting-edge workflow platform seamlessly integrates with your existing tools. Need an integration you don't see? Let us know and we'll build it.
Targets
Components that fetch the resources which you need to scan.
GitHub
Clone a Git repository from a remote origin.
Dependency
Accepts a pURL argument belonging to one of the supported types and generates a dependency file relevant to the type.
AWS S3 Target
Downloads a remote archive from any S3 compatible URL.
Image Get
This source component lets Smithy download a remote image from any registry.
Scanners
Components that scan your resources and produce security alerts.
Checkov
Policy as code.
Credo
Static code analysis tool for Elixir.
CDX Gen
Generate a CycloneDX SBOM from source code.
Trufflehog
Secret scanner for repositories.
Snyk Docker
Run Snyk For Docker.
OSV Scanner
This scanner scans third party dependencies of multiple languages. Read more about what it does on the osv-scanner page
Bandit
SAST scanner that analyses Python source code to look for security issues.
KICS
Generate a KICS report from source code.
Golang Gosec
Analyse Go source code to look for security issues.
ZAP
DAST scanner that analyses web applications for security issues.
Trivy
Generate a Trivy report from a Docker image.
Golang Nancy
Dependency scanner for Golang projects.
SonarQube
Analyse your code with SonarQube Cloud.
CodeQL
Semantic code analysis with CodeQL.
Semgrep
Analyse source code using Semgrep to look for security issues.
MobSF Scan
MobSFscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Android XML, Swift and Objective C Code. Mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.
Enrichers
Components that enrich your security alerts with more details and turn them into actionable events.
Codeowners
Identifies a code owner for each finding.
DepsDev
Adds context from deps.dev for each third-party dependency.
Training
Adds relevant training resources to findings.
Reachability
Performs a reachability check on a supplied repository using AppThreat/atom.
Deduplication
Compares multiple inputs and removes duplicates.
Knowledgebase
Adds knowledge base information (e.g. OWASP Cheat Sheets) to findings.
Policy
Enforces security policies defined in OPA for each finding.
LLM
Adds information to findings using a language model.
Multitool Deduplication
Deduplicates findings from multiple tools.
Custom Annotation
Adds custom annotations to instances.
Standards
Adds security standard information to findings using OpenCRE.
Exploit Finder
Enricher component that searches Exploit-DB and Github for PoCs of exploits related to a specific CVE
Reporters
Components that consume and display your security alerts.
PDF Document
Pushes findings to an S3 bucket as PDFs.
DefectDojo
Pushes findings to a DefectDojo vulnerability management instance.
stdout JSON
Prints findings to stdout in JSON format.
Slack
Pushes findings to a Slack channel.
Discord
Pushes findings to a Discord channel.
Linear
Pushes findings to a Linear ticket.
Github PR comments
Opens findings as comments to the corresponding Pull Request on Github.
Jira
Pushes findings to a Jira instance.
Sentry
Pushes findings to Sentry.
ElasticSearch
Pushes findings to an Elasticsearch database.
Contact us
Have an important question or honest feedback for us?
We'll get back to you shortly.