# Whitespots Wiki ## Whitespots Wiki - [Whitespots Wiki](https://docs.whitespots.io/whitespots-wiki.md): Welcome to the Whitespots Wiki! - [AppSec Portal](https://docs.whitespots.io/appsec-portal.md) - [Deployment](https://docs.whitespots.io/appsec-portal/deployment.md): Welcome to the installation guide for AppSec Portal! - [License obtaining](https://docs.whitespots.io/appsec-portal/deployment/license-obtaining.md): Before you can use our platform, you'll need to obtain a license - [Installation](https://docs.whitespots.io/appsec-portal/deployment/installation.md): AppSec Portal deployment step-by-step guide - [Get started with the AppSec Portal](https://docs.whitespots.io/appsec-portal/deployment/get-started-with-the-appsec-portal.md) - [Configuration options](https://docs.whitespots.io/appsec-portal/deployment/get-started-with-the-appsec-portal/configuration-options.md) - [Update](https://docs.whitespots.io/appsec-portal/deployment/update.md): How to update AppSec Portal - [Accessing the AppSec Portal API Endpoints](https://docs.whitespots.io/appsec-portal/deployment/accessing-the-appsec-portal-api-endpoints.md): The AppSec Portal provides a comprehensive set of API endpoints that can be used to programmatically interact with the platform. - [Database transfer guide](https://docs.whitespots.io/appsec-portal/deployment/database-transfer-guide.md): By following the steps outlined in this guide, you can safely and effectively transfer the AppSec Portal's database to a new host - [FAQ: typical errors in deployment process](https://docs.whitespots.io/appsec-portal/deployment/faq-typical-errors-in-deployment-process.md) - [Post install Configuration](https://docs.whitespots.io/appsec-portal/post-install-configuration.md) - [Features](https://docs.whitespots.io/appsec-portal/features.md) - [Auto Validator](https://docs.whitespots.io/appsec-portal/features/auto-validator.md): Triage vulnerabilities faster than ever! - [Rule creation](https://docs.whitespots.io/appsec-portal/features/auto-validator/rule-creation.md) - [Rules view](https://docs.whitespots.io/appsec-portal/features/auto-validator/rules-view.md) - [Deduplicator](https://docs.whitespots.io/appsec-portal/features/deduplicator.md): Deduplicator can help streamline the vulnerability management process and save time by identifying and removing duplicate findings - [Basic deduplicator rules](https://docs.whitespots.io/appsec-portal/features/deduplicator/basic-deduplicator-rules.md) - [Advance Deduplicator rules](https://docs.whitespots.io/appsec-portal/features/deduplicator/advance-deduplicator-rules.md): To set up a rule for Deduplicator, follow the steps below - [Vulnerability discovery](https://docs.whitespots.io/appsec-portal/features/vulnerability-discovery.md) - [Audits](https://docs.whitespots.io/appsec-portal/features/vulnerability-discovery/audits.md) - [Auditor settings](https://docs.whitespots.io/appsec-portal/features/vulnerability-discovery/auditor-settings.md) - [Auditor config](https://docs.whitespots.io/appsec-portal/features/vulnerability-discovery/auditor-settings/auditor-config.md) - [Sequences](https://docs.whitespots.io/appsec-portal/features/vulnerability-discovery/auditor-settings/sequences.md): Include the scanners you want in your Pipeline - [Sequences creating](https://docs.whitespots.io/appsec-portal/features/vulnerability-discovery/auditor-settings/sequences/sequences-creating.md) - [Sequences setting](https://docs.whitespots.io/appsec-portal/features/vulnerability-discovery/auditor-settings/sequences/sequences-setting.md) - [Run audit](https://docs.whitespots.io/appsec-portal/features/vulnerability-discovery/run-audit.md) - [Run Audit Manually](https://docs.whitespots.io/appsec-portal/features/vulnerability-discovery/run-audit/run-audit-manually.md) - [Scheduled Audit Run](https://docs.whitespots.io/appsec-portal/features/vulnerability-discovery/run-audit/scheduled-audit-run.md): Setting up the Auditor's schedule and getting audit results at your desired time - [Recommendations](https://docs.whitespots.io/appsec-portal/features/recommendations.md) - [Security Metrics](https://docs.whitespots.io/appsec-portal/features/security-metrics.md): By using SLA and WRT, it is possible to achieve faster validation, prioritisation and remediation of vulnerabilities. - [Severity Statistics Dashboard](https://docs.whitespots.io/appsec-portal/features/security-metrics/severity-statistics-dashboard.md) - [WRT (Weighted Risk Trend)](https://docs.whitespots.io/appsec-portal/features/security-metrics/wrt-weighted-risk-trend.md) - [How to work with WRT (for team leads)](https://docs.whitespots.io/appsec-portal/features/security-metrics/how-to-work-with-wrt-for-team-leads.md) - [Metrics settings](https://docs.whitespots.io/appsec-portal/features/security-metrics/metrics-settings.md) - [SLA](https://docs.whitespots.io/appsec-portal/features/security-metrics/metrics-settings/sla.md) - [CVSS](https://docs.whitespots.io/appsec-portal/features/security-metrics/cvss.md): Common Vulnerability Scoring System a standardised method for assessing vulnerabilities in computer systems and networks. - [CVSS Rule](https://docs.whitespots.io/appsec-portal/features/security-metrics/cvss/cvss-rule.md) - [Custom Reports](https://docs.whitespots.io/appsec-portal/features/custom-reports.md): Get an easy-to-use report to analyse and share with others - [Active tasks](https://docs.whitespots.io/appsec-portal/features/active-tasks.md): Understand what's going on with Active Tasks tab on the /global-settings/active-tasks page - [Asset management](https://docs.whitespots.io/appsec-portal/features/asset-management.md) - [How to import repositories from version control](https://docs.whitespots.io/appsec-portal/features/asset-management/how-to-import-repositories-from-version-control.md) - [Default product](https://docs.whitespots.io/appsec-portal/features/asset-management/default-product.md) - [Adding a product asset](https://docs.whitespots.io/appsec-portal/features/asset-management/adding-a-product-asset.md) - [Asset Transfer Between Products](https://docs.whitespots.io/appsec-portal/features/asset-management/asset-transfer-between-products.md) - [Findings view](https://docs.whitespots.io/appsec-portal/features/findings-view.md) - [All findings view](https://docs.whitespots.io/appsec-portal/features/findings-view/all-findings-view.md) - [Grouped findings as a result of](https://docs.whitespots.io/appsec-portal/features/findings-view/grouped-findings-as-a-result-of.md) - [Grouping of findings into groups](https://docs.whitespots.io/appsec-portal/features/findings-view/grouping-of-findings-into-groups.md) - [Available bulk actions](https://docs.whitespots.io/appsec-portal/features/findings-view/available-bulk-actions.md) - [Viewing specific findings](https://docs.whitespots.io/appsec-portal/features/findings-view/viewing-specific-findings.md) - [Usable filters and easy sorting](https://docs.whitespots.io/appsec-portal/features/findings-view/usable-filters-and-easy-sorting.md) - [Jira](https://docs.whitespots.io/appsec-portal/features/jira.md) - [Jira integration configuration](https://docs.whitespots.io/appsec-portal/features/jira/jira-integration-configuration.md): This guide will walk you through the process of integration configuration - [Setting up Jira webhook](https://docs.whitespots.io/appsec-portal/features/jira/setting-up-jira-webhook.md): This guide will walk you through the process of creating a webhook to synchronize Jira spaces with AppSec Portal. - [Move from DefectDojo](https://docs.whitespots.io/appsec-portal/features/move-from-defectdojo.md) - [Scanners](https://docs.whitespots.io/appsec-portal/features/scanners.md): The AppSec Portal uses a variety of importers to integrate with popular scanners - [Importing reports from scanners to AppSec Portal](https://docs.whitespots.io/appsec-portal/features/scanners/importing-reports-from-scanners-to-appsec-portal.md) - [Manual Import using Report File](https://docs.whitespots.io/appsec-portal/features/scanners/importing-reports-from-scanners-to-appsec-portal/manual-import-using-report-file.md) - [Importing reports via Terminal using a Report File](https://docs.whitespots.io/appsec-portal/features/scanners/importing-reports-from-scanners-to-appsec-portal/importing-reports-via-terminal-using-a-report-file.md) - [Importing reports via Lambda Function using a Report File](https://docs.whitespots.io/appsec-portal/features/scanners/importing-reports-from-scanners-to-appsec-portal/importing-reports-via-lambda-function-using-a-report-file.md): To send scanning data to AppSec Portal - [Scanner description](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description.md): This section describes each scanner used by the AppSec Portal - [Code Scanners](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/code-scanners.md) - [Bandit](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/code-scanners/bandit.md): Bandit is a popular open-source tool that scans Python code for security vulnerabilities. - [Brakeman](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/code-scanners/brakeman.md) - [Checkov](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/code-scanners/checkov.md): Checkov Scan is an open-source static analysis tool that scans infrastructure-as-code (IaC) files to identify potential security risks and compliance violations. - [CodeQL](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/code-scanners/codeql.md): CodeQL is a powerful static analysis tool for analyzing and finding security vulnerabilities in code. - [ESLint](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/code-scanners/eslint.md): ESLint is a popular open-source static analysis tool that is used to find and fix problems in JavaScript code. - [Gemnasium](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/code-scanners/gemnasium.md): Dependency Scanning analyzer that uses the GitLab Advisory Database - [Gosec](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/code-scanners/gosec.md): Gosec is a security scanner for Go programming language code. - [Hadolint](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/code-scanners/hadolint.md): Dockerfile linter, validate inline bash, written in Haskell - [KICS](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/code-scanners/kics.md): GitLab Analyzer for Infrastructure as Code (IaC) projects - [PHPCodeSniffer](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/code-scanners/phpcodesniffer.md) - [Retire.js](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/code-scanners/retire.js.md): scanner detecting the use of JavaScript libraries with known vulnerabilities - [Semgrep](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/code-scanners/semgrep.md): Semgrep is a fast, open-source tool that scans source code to find programming errors, security vulnerabilities, and policy violations. - [SpotBugs](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/code-scanners/spotbugs.md) - [Terrascan](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/code-scanners/terrascan.md): Terrascan is an open-source tool that is used to detect compliance and security violations across Infrastructure as Code (IaC) frameworks. - [Secret Scanners](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/secret-scanners.md) - [Gitleaks](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/secret-scanners/gitleaks.md): Gitleaks is a powerful open-source tool that helps you find and eliminate sensitive information leaks in your Git repositories. - [Trufflehog3](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/secret-scanners/trufflehog3.md): Trufflehog3 is a popular open-source tool for detecting secrets and credentials in source code repositories. - [Image and code dependency Scanners](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/image-and-code-dependency-scanners.md) - [Trivy](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/image-and-code-dependency-scanners/trivy.md): Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more - [Trivy vulners.com plugin](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/image-and-code-dependency-scanners/trivy-vulners.com-plugin.md): Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more - [Snyk](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/image-and-code-dependency-scanners/snyk.md) - [Web Scanners](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/web-scanners.md) - [Arachni Scan](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/web-scanners/arachni-scan.md): Arachni Scan is a security scanner designed to identify vulnerabilities and security issues in web applications. - [Acunetix](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/web-scanners/acunetix.md): Quickly find and fix the vulnerabilities that put your web applications at risk of attack. - [Burp Enterprise Scan](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/web-scanners/burp-enterprise-scan.md): BurpSuite Enterprise is a web vulnerability scanner that is designed for enterprise-level web application security testing. - [OWASP Zap](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/web-scanners/owasp-zap.md): This helps you discover vulnerabilities in web applications - [Infrastructure Scanners](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/infrastructure-scanners.md) - [AWS Security Hub Scan](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/infrastructure-scanners/aws-security-hub-scan.md): AWS Security Hub Scan is a robust security scanning tool designed to analyze and assess the security posture of your AWS environments. - [Importing reports via AWS Lambda Function within AWS Security Hub](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/infrastructure-scanners/aws-security-hub-scan/importing-reports-via-aws-lambda-function-within-aws-security-hub.md): To send scanning data to AWS Security Hub on AppSec Portal - [Prowler](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/infrastructure-scanners/prowler.md): Open Source security tool to perform AWS, GCP and Azure security - [Subfinder](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/infrastructure-scanners/subfinder.md): Fast passive subdomain enumeration tool - [Nessus](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/infrastructure-scanners/nessus.md) - [Nuclei](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/infrastructure-scanners/nuclei.md): Nuclei is an open-source project that enables automated detection and exploitation of vulnerabilities in web applications. - [Mobile Security Scanners](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/mobile-security-scanners.md) - [MobSFScan](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/mobile-security-scanners/mobsfscan.md) - [Other Scanners](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/other-scanners.md) - [Dependency-Track](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/other-scanners/dependency-track.md) - [Whitespots Portal](https://docs.whitespots.io/appsec-portal/features/scanners/scanner-description/other-scanners/whitespots-portal.md) - [Working with products](https://docs.whitespots.io/appsec-portal/features/working-with-products.md): Get a better understanding of what's really at risk, product by product, with the informative Products tab - [Product Creation](https://docs.whitespots.io/appsec-portal/features/working-with-products/product-creation.md) - [Product options](https://docs.whitespots.io/appsec-portal/features/working-with-products/product-options.md) - [Finding groups](https://docs.whitespots.io/appsec-portal/features/working-with-products/finding-groups.md) - [Risk assessment](https://docs.whitespots.io/appsec-portal/features/working-with-products/risk-assessment.md) - [Product Asset](https://docs.whitespots.io/appsec-portal/features/working-with-products/product-asset.md) - [Quality Gate](https://docs.whitespots.io/appsec-portal/features/quality-gate.md) - [Bring your own scanner](https://docs.whitespots.io/appsec-portal/features/bring-your-own-scanner.md) - [General Portal settings](https://docs.whitespots.io/appsec-portal/general-portal-settings.md): General AppSec Portal settings description - [Version Control Integration](https://docs.whitespots.io/appsec-portal/general-portal-settings/version-control-integration.md) - [Profile](https://docs.whitespots.io/appsec-portal/general-portal-settings/profile.md) - [Managing user roles and access control](https://docs.whitespots.io/appsec-portal/general-portal-settings/managing-user-roles-and-access-control.md) - [User management](https://docs.whitespots.io/appsec-portal/general-portal-settings/managing-user-roles-and-access-control/user-management.md): User management in the AppSec Portal allows superusers to effectively manage user accounts, roles, and access control within the platform. - [Creating and editing roles](https://docs.whitespots.io/appsec-portal/general-portal-settings/managing-user-roles-and-access-control/creating-and-editing-roles.md): Roles in the AppSec Portal define the access permissions and privileges granted to users within the platform. - [SSO settings](https://docs.whitespots.io/appsec-portal/general-portal-settings/sso-settings.md): Setting Up Single Sign-On (SSO) in AppSec Portal - [GitLab SSO](https://docs.whitespots.io/appsec-portal/general-portal-settings/sso-settings/gitlab-sso.md) - [Microsoft SSO](https://docs.whitespots.io/appsec-portal/general-portal-settings/sso-settings/microsoft-sso.md) - [Okta SSO](https://docs.whitespots.io/appsec-portal/general-portal-settings/sso-settings/okta-sso.md) - [Scanner settings](https://docs.whitespots.io/appsec-portal/general-portal-settings/scanner-settings.md): Scanner settings in AppSec Portal allow you to customize settings for the supported scanners. - [Auto Closer](https://docs.whitespots.io/appsec-portal/general-portal-settings/scanner-settings/auto-closer.md) - [Group findings by](https://docs.whitespots.io/appsec-portal/general-portal-settings/scanner-settings/group-findings-by.md) - [Custom Jira description](https://docs.whitespots.io/appsec-portal/general-portal-settings/scanner-settings/custom-jira-description.md) - [Custom severity mapping](https://docs.whitespots.io/appsec-portal/general-portal-settings/scanner-settings/custom-severity-mapping.md) - [Auditor Job Config](https://docs.whitespots.io/appsec-portal/general-portal-settings/scanner-settings/auditor-job-config.md) - [Notification settings](https://docs.whitespots.io/appsec-portal/general-portal-settings/notification-settings.md) - [Integration](https://docs.whitespots.io/appsec-portal/general-portal-settings/notification-settings/integration.md) - [Criteria & Schedule](https://docs.whitespots.io/appsec-portal/general-portal-settings/notification-settings/criteria-and-schedule.md) - [Status change notification](https://docs.whitespots.io/appsec-portal/general-portal-settings/notification-settings/status-change-notification.md) - [Manage notification schedule](https://docs.whitespots.io/appsec-portal/general-portal-settings/notification-settings/manage-notification-schedule.md) - [Repository Link Configs](https://docs.whitespots.io/appsec-portal/general-portal-settings/repository-link-configs.md) - [CWE list](https://docs.whitespots.io/appsec-portal/general-portal-settings/cwe-list.md) - [Tag screen](https://docs.whitespots.io/appsec-portal/general-portal-settings/tag-screen.md) - [Release notes](https://docs.whitespots.io/appsec-portal/release-notes.md) - [Auditor](https://docs.whitespots.io/auditor.md) - [Deployment](https://docs.whitespots.io/auditor/deployment.md): Auditor step-by-step deployment guide - [Features](https://docs.whitespots.io/auditor/features.md) - [Run Audit](https://docs.whitespots.io/auditor/features/run-audit.md) - [AppSec Portal cooperation](https://docs.whitespots.io/auditor/features/run-audit/appsec-portal-cooperation.md) - [Direct use of Auditor](https://docs.whitespots.io/auditor/features/run-audit/direct-use-of-auditor.md) - [Settings](https://docs.whitespots.io/auditor/features/settings.md) - [AppSec Portal cooperation](https://docs.whitespots.io/auditor/features/settings/appsec-portal-cooperation.md) - [Direct use of the Auditor](https://docs.whitespots.io/auditor/features/settings/direct-use-of-the-auditor.md) - [Cleaner](https://docs.whitespots.io/auditor/features/settings/direct-use-of-the-auditor/cleaner.md) - [Docker Credentials](https://docs.whitespots.io/auditor/features/settings/direct-use-of-the-auditor/docker-credentials.md) - [Workers](https://docs.whitespots.io/auditor/features/settings/direct-use-of-the-auditor/workers.md) - [Personalization](https://docs.whitespots.io/auditor/features/settings/direct-use-of-the-auditor/personalization.md) - [Jobs](https://docs.whitespots.io/auditor/features/settings/jobs.md) - [Technical Jobs](https://docs.whitespots.io/auditor/features/settings/jobs/technical-jobs.md) - [Scanner Jobs](https://docs.whitespots.io/auditor/features/settings/jobs/scanner-jobs.md) - [Job configuration](https://docs.whitespots.io/auditor/features/settings/jobs/job-configuration.md) - [Release notes](https://docs.whitespots.io/auditor/release-notes.md) - [Maintenance](https://docs.whitespots.io/auditor/maintenance.md) - [Documentation backlog](https://docs.whitespots.io/to-be-described/documentation-backlog.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://docs.whitespots.io/whitespots-wiki.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.