Third-party scanners overview
Invicti ASPM supports a wide range of third-party scanner integrations. These integrations allow you to connect external scanning tools to the platform, centralizing vulnerability data from multiple sources into a single view.
The following scanner categories are available. Each category contains multiple scanner integrations.
| Category | Description |
|---|---|
| SAST | Static Application Security Testing tools that analyze source code for vulnerabilities. |
| MAST | Mobile Application Security Testing tools that scan mobile applications. |
| DAST/API | Dynamic Application Security Testing tools that test running applications and APIs. |
| IAST | Interactive Application Security Testing tools that analyze applications during runtime. |
| SCA | Software Composition Analysis tools that identify vulnerabilities in open-source dependencies. |
| CSPM | Cloud Security Posture Management tools that monitor cloud infrastructure for misconfigurations. |
| CS | Container Security tools that scan container images for known vulnerabilities and misconfigurations. |
| IaC | Infrastructure as Code tools that analyze configuration files for security misconfigurations. |
| Secrets | Secrets detection tools that identify hardcoded secrets, credentials, and sensitive data in your codebase. |
| Infra | Tools that scan network infrastructure for vulnerabilities. |
| Bug Bounty | Integrations with bug bounty platforms for external vulnerability reporting. |
Scanner workflow
The scanner workflow for third-party integrations consists of three steps:
Step 1: Activate the scanner integration
Third-party scanners must be manually activated before they can be used. Navigate to Integrations > Scanners and activate the scanner you want to use.
Step 2: Add the scanner to your project
After activating the scanner, add it to specific projects.
Step 3: Configure scanner settings
Configure scanner-specific settings to match your project requirements. You can adjust settings at any time after adding a scanner to a project.
Manage scanners
In addition to the workflow above, you can manage your scanners as needed:
- Deactivate a scanner: turn individual scanners off if you no longer need them. Refer to Deactivate an integration for details.
- Update scanners: update scanners to the latest version to benefit from the most recent vulnerability definitions and detection capabilities.
Updated about 2 hours ago