Scanners
The AppSec Portal uses a variety of importers to integrate with popular scanners
Last updated
Was this helpful?
The AppSec Portal uses a variety of importers to integrate with popular scanners
Last updated
Was this helpful?
To configure the scanner, please refer to the section.
Here are the details of each importer supported by AppSec Portal
Bandit: imports scan results from , which is a tool for finding security issues in Python code. It checks Python code for common security issues such as hardcoded passwords, SQL injections, and more.
Checkov: imports scan results from , which is a tool for finding security issues in Infrastructure As Code. It provides static analysis of Terraform, CloudFormation, and Kubernetes code to identify misconfigurations and potential security issues.
CodeQL: imports scan results from , which is a tool for analyzing source code to find security vulnerabilities such as SQL injection, cross-site scripting (XSS), buffer overflows, and more.
ESLint: imports scan results from , which is a tool for finding security issues in JavaScript code. It checks JavaScript code for common security issues such as cross-site scripting (XSS), SQL injection, and more.
Gemnasium : imports scan results from , which is a tool that identifies vulnerabilities and security issues within project dependencies.
Gosec: imports scan results from , which is a tool for finding security issues in Go code. It helps identify potential security vulnerabilities in Go code.
Hadolint: imports scan results from , a Dockerfile linter that helps ensure Dockerfile syntax correctness, adherence to best practices, and identification of potential issues related to Docker image creation. It focuses on code quality and conformity to Dockerfile standards, aiding in the creation of secure and well-structured Docker images.
KICS: imports scan results from (Keeping Infrastructure as Code Secure), wich is designed to detect security vulnerabilities and policy violations in infrastructure-as-code (IaC) files.
PHPCodeSniffer: mports scan results from , wich is tokenizes PHP files and detects violations of a defined set of coding standards.
Retire.js: imports scan results from , a tool designed to analyze JavaScript code for deprecated and vulnerable libraries and dependencies. It focuses on identifying outdated or known vulnerable components within JavaScript code, contributing to the enhancement of web application security.
Semgrep: imports scan results from , which is a tool for finding security issues in code. It provides static analysis of code in various languages and helps identify potential security vulnerabilities.
SpotBugs: imports scan results from which analyses Java source code for potential security, efficiency, and programming style issues.
Terrascan: imports scan results from , which is a tool for finding security issues in Terraform code. It helps identify potential security vulnerabilities in infrastructure as code.
Image and code dependency scanners:
Mobile Scanners:
Infrastructure scanners:
Nessus: is a leading vulnerability scanning tool developed by Tenable. It is used to identify and assess potential vulnerabilities in systems and networks, helping organisations strengthen their cyber security.
Applications, Libraries, Frameworks, Operating systems, Containers, Firmware, Files, Hardware, Services
Gitleaks: imports scan results from , which is a tool for finding secrets and sensitive information in Git repositories. It helps identify hard-coded secrets in Git repositories that are accidentally committed by developers.
Trufflehog3: imports scan results from , which is a tool for finding secrets and sensitive information in code repositories. Trufflehog3Importer converts the scan results into a format that can be easily understood by AppSec Portal.
Trivy: imports scan results from , which is a tool for finding security issues in Docker images and code repositories.
Vulners Trivy: imports scan results from plugin.
Arachni: imports scan results from , which is a tool for scanning modern web applications for a variety of vulnerabilities including SQL injection, cross-site scripting, file inclusion, and more.
Acunetix : imports scan results from , a scanner designed to detect vulnerabilities in web applications.
Burpsuit: imports scan results from , which is a tool for automated web application security testing and vulnerability scanning.
OWASP Zap: is responsible for importing scan results from , wich is a security testing tool focused on web application vulnerabilities, including SQL injection, cross-site scripting (XSS), and more.
Mobsfscan: is a security testing tool focused on mobile application vulnerabilities. is based on Semgrep with custom rules from MobSF group
AWSSecurity: imports scan results from , which is a powerful tool designed to analyze and identify potential security vulnerabilities in AWS environments. With this importer, you can seamlessly integrate AWS Security Hub scan results into the AppSec Portal, allowing for centralized management and comprehensive visibility of your security posture within the AWS ecosystem.
Nuclei: imports scan results from , which is a tool for finding security issues in web applications.
Prowler: is responsible for importing scan results from the . Prowler is a security scanning tool specifically designed to assess the security of Amazon Web Services (AWS) environments.
Subfinder: imports scan results from . Subfinder is a subdomain discovery tool used to identify subdomains associated with a target domain or web application. It assists in gathering critical information during enumeration phases of security assessments and penetration testing.
Dependency-Track: imports result from platform. Component support for:
Snyk: imports result from tool. Snyk is a platform that allows you to scan, prioritize, and fix security vulnerabilities in your code, open-source dependencies, container images, and infrastructure as code configurations.
Whitespots Portal : imports results with parser. Processes the data that the user has specified in the scanner report.