External scanner support and requirements
This topic lists supported scanners, ingestion methods, and requirements.
Built-in scan steps
6 items
Anchore Enterprise step configuration
Scan container images with Anchore Enterprise.
Aqua Security step configuration
Scan container images with Aqua Security.
Aqua Trivy
2 items
AWS ECR step configuration
Scan container images with AWS ECR.
AWS Security Hub step configuration
Scan configurations with AWS Image scanner.
Bandit step configuration
Scan code repositories with with Bandit.
Black Duck step configuration
Scan code repositories and container images with Black Duck.
Brakeman step configuration
Scan code repositories with Brakeman.
Burp step configuration
Scan application instances with Burp.
Checkmarx step configuration
Scan code repositories with Checkmarx.
Checkov IaC scanning
Scan Infrastructure as Code repositories with Checkov. Orchestration and Ingestion modes supported.
Clair step configuration
Scan container images with Clair.
CodeQL step configuration
Scan code repositories with CodeQL.
Coverity step configuration
Scan code repositories with Coverity.
Data Theorem step configuration
Scan code repositories with Data Theorem.
Docker Content Trust (DCT) step configuration
Scan container images with Docker Content Trust.
Fortify Static Code Analyzer step configuration
Ingest Fortify scan results into your pipelines.
Fortify on Demand step configuration
Ingest Fortify on Demand scan results into your pipelines.
Fossa step configuration
Scan code repositories with Fossa.
Gitleaks step configuration
Scan code repositories with Gitleaks.
Grype
2 items
HCL AppScan step configuration
Ingest DAST scan results from HCL AppScan.
Mend step configuration
Scan code repositories and container images with Mend.
Metasploit Framework step configuration
Scan application instances with Metasploit Framework.
Nessus step configuration
Scan application instances with Nessus.
Nexus step configuration
Scan code repositories with Nexus.
Nikto step configuration
Scan application instances with Nikto.
Nmap (Network Mapper) step configuration
Scan application instances with Nmap.
OpenVAS step configuration
Scan application instances with OpenVAS.
Open Source Vulnerabilities (OSV) step configuration
Scan code repositories with OSV
OWASP Dependency-Check step configuration
Scan code repositories with OWASP Dependency Check.
Prisma Cloud (formerly Twistlock) step configuration
Scan container images with Prisma Cloud.
Prowler step configuration
Scan configurations with Prowler.
Qualys Web Application Scanning (WAS) step configuration
Scan application instances with Qualys WAS.
Qwiet AI (formerly ShiftLeft) step configuration
Scan code repositories with Qwiet AI.
Reapsaw step configuration step configuration
Scan code repositories with Reapsaw.
ScoutSuite step configuration
Scan configurations with ScoutSuite.
Semgrep
2 items
Snyk
5 items
SonarQube step configuration
Scan code repositories with SonarQube.
Sysdig step configuration
Scan container images with Sysdig.
Tenable step configuration
Scan application instances with Tenable.
Traceable step configuration
Scan application instances with Traceable.
Veracode step configuration
Scan code repositories with Veracode.
Wiz
3 items
Jfrog Xray step configuration
Scan container images with Jfrog Xray.
Zed Attack Proxy (ZAP)
2 items