Integrations hero image

We Integrate with the tools our customers need

Our cutting-edge workflow platform seamlessly integrates with your existing tools. Need an integration you don't see? Let us know and we'll build it.

Targets

Components that fetch the resources which you need to scan.

Git

Git

Clones any git repository. Can be on GitHub, BitBucket, GitLab, Azure etc.
GitHub

GitHub

Integrate with your GitHub PR and push events. Event-driven workflow executions.
Dependency

Dependency

Accepts a pURL argument belonging to one of the supported types and generates a dependency file relevant to the type.
S3 Target

S3 Target

Downloads an archive from an S3-compatible API.
Image Get

Image Get

Download a remote image from any registry.

Scanners

Components that scan your resources and produce security alerts.

Bandit

Bandit

Static application security testing for Python source code.
Checkov

Checkov

Static code analysis for infrastructure as code. Finds misconfigurations that may lead to security or compliance problems. Policy as code.
Credo

Credo

Static code analysis tool for Elixir source code.
CodeQL

CodeQL

Github CodeQL - semantic static analysis for code.
CDX Gen

CDX Gen

Generates a CycloneDX SBOM from source code then sends to Dependency track.
Trufflehog

Trufflehog

Scans code for secrets.
Sobelow

Sobelow

Static code analysis scanner for the Elixir Phoenix Framework.
Snyk Docker

Snyk Docker

Run Snyk For Docker.
OSV Scanner

OSV Scanner

Scans third party dependencies of multiple languages.
Dependency Track

Dependency Track

Uploads CycloneDX SBOMs to Dependency Track.
KICS

KICS

Static analysis for infrastructure as code.
Golang Gosec

Golang Gosec

Static analysis for Go code vulnerabilities.
ZAP

ZAP

Dynamic application security scanner that analyses web applications for security issues.
Trivy

Trivy

Scan for vulnerabilities and misconfigurations in code repositories, binary artifacts, container images and Kubernetes clusters.
Golang Nancy

Golang Nancy

Scans dependencies for Go projects.
SonarQube

SonarQube

Static analysis and Software Composition Analysis for your code. Uses SonarQube Cloud.
Semgrep

Semgrep

Static analysis for source code.
MobSF Scan

MobSF Scan

Static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Android XML, Swift and Objective C Code. Mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher. It scans code.
MobSF

MobSF

Static analysis tool that can find vulnerabilities in your Android and iOS applications. It scans packaged application files.

Enrichers

Components that enrich your security alerts with more details and turn them into actionable events.

Codeowners

Codeowners

Identifies a code owner for each finding.
DepsDev

DepsDev

Adds context from deps.dev for each third-party dependency.
Training

Training

Adds relevant training resources to findings.
Reachability

Reachability

Performs a reachability check on a supplied repository using AppThreat/atom.
Deduplication

Deduplication

Compares multiple findings, removes duplicates and categorises them into issues, locations and vulnerabilities.
Knowledgebase

Knowledgebase

Adds knowledge base information (e.g. OWASP Cheat Sheets) to findings.
Policy

Policy

Enforces security policies defined in OPA for each finding.
LLM

LLM

Adds information to findings using a language model.
Multitool Deduplication

Multitool Deduplication

Deduplicates findings from multiple tools.
Custom Annotation

Custom Annotation

Adds custom annotations to instances.
Standards

Standards

Adds security standard information to findings using OpenCRE.
Exploit Finder

Exploit Finder

Enricher component that searches Exploit-DB and Github for PoCs of exploits related to a specific CVE

Reporters

Components that consume and display your security alerts.

PDF Document

PDF Document

Generates a detailed report into a PDF and uploads it to an S3-compatible bucket.
DefectDojo

DefectDojo

Pushes findings to a DefectDojo vulnerability management instance.
stdout JSON

stdout JSON

Prints findings to stdout in JSON format.
Slack

Slack

Pushes short finding alerts to Slack.
Discord

Discord

Pushes short finding alerts to Discord.
Linear

Linear

Pushes finding details tickets to Linear.
Github PR comments

Github PR comments

Posts findings as comments on open Github Pull Requests.
Jira

Jira

Pushes finding details tickets to Jira.
Sentry

Sentry

Creates events to a Sentry project for vulnerability findings.
ElasticSearch

ElasticSearch

Pushes findings to a remote ElasticSearch.
Kafka

Kafka

Sends raw OCSF findings in proto format to a configured Kafka topic.

Need a new integration?

We’ve got the expertise to ensure you have the optimal
tools at your disposal to maximise your security workflow.

Request it and we’ll build it

Sign up to our newsletter

We send infrequent emails to announce
features, specific use cases and white papers with new research.