Supported Tool Connectors

Tool Connectors allow Software Risk Manager to pull results directly from external tools, without the manual work of exporting the results from those tools and uploading the results into Software Risk Manager. Users with the manage role can configure a connection to their tools one time and have Software Risk Manager take care of the rest.

Software Risk Manager currently provides connectors for the following tools:

  • 42Crunch
  • Aqua Enterprise
  • APIsec
  • AWS Security Hub
  • Black Duck
  • Black Duck Binary Analysis
  • Burp Enterprise
  • Check Point CloudGuard
  • Checkmarx
  • Checkmarx One
  • Checkmarx-IAST
  • Checkmarx OSA
  • CodeSonar
  • Contrast
  • Coverity Connect
  • Coverity on Polaris
  • Data Theorem Mobile Secure
  • DefenseCode ThunderScan
  • Dependency-Track
  • Dynatrace
  • Faraday
  • Fortify Software Security Center
  • GitHub Advanced Security
    Note: The GitHub Advanced Security tool connector requires the user associated with the access token to have permission to access the repositories, scopes public_repo for Dependabot and/or scopes security_events for Code Scanning.
  • Hacker One
  • HCL AppScan Enterprise
  • HCL AppScan on Cloud (ASoC)
  • Imperva
  • Invicti Enterprise (formerly Netsparker Enterprise)
  • IriusRisk
  • JFrog Xray
    Note: The JFrog Xray tool connector requires the user associated with the access token to have the "Manage Reports" role.
  • Mend
  • Microsoft Defender For Cloud
  • NeuVector
  • NowSecure
  • Orca Security
    Note: The Orca Security connector requires an API token with the following permissions:
    • Authorization - Integration API tokens Read
    • Shift Left - CLI (All)
    • Shift Left - Scan Logs (All)
    • Shift Left - Projects Read
  • Prisma Cloud (Redlock)
  • Prisma Cloud Compute (Twistlock)
  • Polaris
  • Q-MAST
  • Qualys VM (InfraSec add-on)
  • Qualys VMDR
  • Qualys WAS
  • Rapid7 InsightAppSec
    Note: The Rapid7 InsightAppSec tool connector requires the user associated with the access token to have the "InsightAppSec Admin" role.
  • Rapid7 InsightVM
  • SD Elements
  • Seeker
    Note: The Seeker tool connector requires an API key with "Manage Projects," "View Reports," and "View Vulnerabilities" permissions.
  • Semgrep
  • Snyk
  • SonarQube/SonarCloud
  • Sonatype Nexus
  • Synopsys Managed Services Platform
  • Tenable.io
  • Tenable.sc
  • Tenable.io Web App Scanning
  • Tinfoil API
  • Tinfoil Web
  • Trustwave App Scanner
  • Veracode
  • WhiteHat
  • Wiz