Need a new integration?
We’ve got the expertise to ensure you have the optimal
tools at
your disposal to maximise your security workflow.
We Integrate with the tools our customers need
Our cutting-edge workflow platform seamlessly integrates with your existing tools. Need an integration you don't see? Let us know and we'll build it.
Targets
Components that fetch the resources which you need to scan.
Git
Clones any git repository. Can be on GitHub, BitBucket, GitLab, Azure etc.
GitHub
Integrate with your GitHub PR and push events. Event-driven workflow executions.
Dependency
Accepts a pURL argument belonging to one of the supported types and generates a dependency file relevant to the type.
S3 Target
Downloads an archive from an S3-compatible API.
Image Get
Download a remote image from any registry.
Scanners
Components that scan your resources and produce security alerts.
Bandit
Static application security testing for Python source code.
Checkov
Static code analysis for infrastructure as code. Finds misconfigurations that may lead to security or compliance problems. Policy as code.
Credo
Static code analysis tool for Elixir source code.
CodeQL
Github CodeQL - semantic static analysis for code.
CDX Gen
Generates a CycloneDX SBOM from source code then sends to Dependency track.
Trufflehog
Scans code for secrets.
Sobelow
Static code analysis scanner for the Elixir Phoenix Framework.
Snyk Docker
Run Snyk For Docker.
OSV Scanner
Scans third party dependencies of multiple languages.
Dependency Track
Uploads CycloneDX SBOMs to Dependency Track.
KICS
Static analysis for infrastructure as code.
Golang Gosec
Static analysis for Go code vulnerabilities.
ZAP
Dynamic application security scanner that analyses web applications for security issues.
Trivy
Scan for vulnerabilities and misconfigurations in code repositories, binary artifacts, container images and Kubernetes clusters.
Golang Nancy
Scans dependencies for Go projects.
SonarQube
Static analysis and Software Composition Analysis for your code. Uses SonarQube Cloud.
Semgrep
Static analysis for source code.
MobSF Scan
Static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Android XML, Swift and Objective C Code. Mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher. It scans code.
MobSF
Static analysis tool that can find vulnerabilities in your Android and iOS applications. It scans packaged application files.
Enrichers
Components that enrich your security alerts with more details and turn them into actionable events.
Codeowners
Identifies a code owner for each finding.
DepsDev
Adds context from deps.dev for each third-party dependency.
Training
Adds relevant training resources to findings.
Reachability
Performs a reachability check on a supplied repository using AppThreat/atom.
Deduplication
Compares multiple findings, removes duplicates and categorises them into issues, locations and vulnerabilities.
Knowledgebase
Adds knowledge base information (e.g. OWASP Cheat Sheets) to findings.
Policy
Enforces security policies defined in OPA for each finding.
LLM
Adds information to findings using a language model.
Multitool Deduplication
Deduplicates findings from multiple tools.
Custom Annotation
Adds custom annotations to instances.
Standards
Adds security standard information to findings using OpenCRE.
Exploit Finder
Enricher component that searches Exploit-DB and Github for PoCs of exploits related to a specific CVE
Reporters
Components that consume and display your security alerts.
PDF Document
Generates a detailed report into a PDF and uploads it to an S3-compatible bucket.
DefectDojo
Pushes findings to a DefectDojo vulnerability management instance.
stdout JSON
Prints findings to stdout in JSON format.
Slack
Pushes short finding alerts to Slack.
Discord
Pushes short finding alerts to Discord.
Linear
Pushes finding details tickets to Linear.
Github PR comments
Posts findings as comments on open Github Pull Requests.
Jira
Pushes finding details tickets to Jira.
Sentry
Creates events to a Sentry project for vulnerability findings.
ElasticSearch
Pushes findings to a remote ElasticSearch.
Kafka
Sends raw OCSF findings in proto format to a configured Kafka topic.
Contact us
Have an important question or honest feedback for us?
We'll get back to you shortly.