Links
🔬

Scanners

The AppSec Portal uses a variety of importers to integrate with popular scanners
To configure the scanner, please refer to the scanner settings section.
Here are the details of each importer supported by AppSec Portal:
  • Trufflehog3: imports scan results from Trufflehog3 Scanner, which is a tool for finding secrets and sensitive information in code repositories. Trufflehog3Importer converts the scan results into a format that can be easily understood by AppSec Portal.
  • Gitleaks: imports scan results from Gitleaks Scanner and GitLab Gitleaks Scanner, which is a tool for finding secrets and sensitive information in Git repositories. It helps identify hard-coded secrets in Git repositories that are accidentally committed by developers.
  • Trivy: imports scan results from Trivy Scanner, which is a tool for finding security issues in Docker images. It checks Docker images for vulnerabilities in OS packages and application dependencies.
  • Bandit: imports scan results from Bandit Scanner and GitLab Bandit scanner, which is a tool for finding security issues in Python code. It checks Python code for common security issues such as hardcoded passwords, SQL injections, and more.
  • Terrascan: imports scan results from Terrascan Scanner, which is a tool for finding security issues in Terraform code. It helps identify potential security vulnerabilities in infrastructure as code.
  • Checkov: imports scan results from Checkov Scanner, which is a tool for finding security issues in Infrastructure As Code. It provides static analysis of Terraform, CloudFormation, and Kubernetes code to identify misconfigurations and potential security issues.
  • ESLint: imports scan results from ESLint Scanner and GitLab ESLint, which is a tool for finding security issues in JavaScript code. It checks JavaScript code for common security issues such as cross-site scripting (XSS), SQL injection, and more.
  • Gosec: imports scan results from Gosec Scanner, which is a tool for finding security issues in Go code. It helps identify potential security vulnerabilities in Go code.
  • Semgrep: imports scan results from Semgrep scanner and GitLab Semgrep scanner, which is a tool for finding security issues in code. It provides static analysis of code in various languages and helps identify potential security vulnerabilities.
  • Nuclei: imports scan results from Nuclei Scanner, which is a tool for finding security issues in web applications.
  • CodeQL: imports scan results from CodeQL Scanner, which is a tool for analyzing source code to find security vulnerabilities such as SQL injection, cross-site scripting (XSS), buffer overflows, and more.
  • Burpsuit: imports scan results from BurpSuit Enterprise scanner, which is a tool for automated web application security testing and vulnerability scanning.
  • Arachni: imports scan results from Arachni Scanner, which is a tool for scanning modern web applications for a variety of vulnerabilities including SQL injection, cross-site scripting, file inclusion, and more.
  • AWSSecurity: imports scan results from AWS Security Hub Scan, which is a powerful tool designed to analyze and identify potential security vulnerabilities in AWS environments. With this importer, you can seamlessly integrate AWS Security Hub scan results into the AppSec Portal, allowing for centralized management and comprehensive visibility of your security posture within the AWS ecosystem.
  • Gemnasium : imports scan results from GitLab Gemnasium Scanner, which is a tool that identifies vulnerabilities and security issues within project dependencies.
  • KICS: imports scan results from GitLab KICS Scanner (Keeping Infrastructure as Code Secure), wich is designed to detect security vulnerabilities and policy violations in infrastructure-as-code (IaC) files.
  • OWASP Zap: is responsible for importing scan results from GitLab OWASP Zap Scanner, wich is a security testing tool focused on web application vulnerabilities, including SQL injection, cross-site scripting (XSS), and more.
  • Prowler: is responsible for importing scan results from the Prowler Scanner. Prowler is a security scanning tool specifically designed to assess the security of Amazon Web Services (AWS) environments.