Checkov
Parse SARIF reports into OCSF
MobSF
SAST Scanner for mobile applications.
Bandit
SAST scanner that analyses Python source code to look for security issues.
Battlecard Printer
A reporter that prints a summary of items found during the scan
CDXGen
Scanner component that generates a CycloneDX SBOM from source code.
CodeQL
Scanner that runs Github CodeQL SAST.
Credo
Elixir static code analysis with Credo.
Custom Annotation
Enricher component that adds a custom annotation to findings. Mainly used for testing.
Data Enricher
Enricher component that adds details and deduplicates issues.
Defect Dojo
Reporter that pushes findings to a DefectDojo instance.
Dependency Track
Reporter that pushes SBOMs to Dependency Track.
Discord
Discord reporter that sends messages to Discord.
ElasticSearch
Reporter that pushes findings to an ElasticSearch instance.
Exploit Finder
SaaS-Only Enricher component that adds an annotation and a filter if it can find an exploit for the given CVE
Git Clone
Source component that shallow clones a repository for scanning
Git Intelligence Enricher
Enricher component adds Git Intelligence Enrichments to findings, so they can be better deduplicated.
GitHub PR Commenter
Reporter that comments on GitHub PRs with findings in changed lines.
Gosec
Scanner that runs the Gosec SAST for Go.
Image Get
Source component that downloads a remote (OCI) container image for scanning
Jira
Jira reporter that opens formatted issues for every non-filtered finding.
JSON Logger
Reporter component that prints findings to stdout in JSON format.
Kafka
Kafka reporter that publishes OCSF findings in protobuf format to a configured Kafka topic or uploads them to S3 and notifies via Kafka.
Kics
Scanner for Infrastructure as code.
Linear
Linear reporter that opens issues on Linear based on the given findings.
MobSF Scan
SAST Scanner for mobile applications.
Nancy
Dependency Scanner for Go.
OSV Scanner
Scanner that runs the OSV Scanner on your dependencies.
PDF document
Reporter that prints findings into a templated PDF document.
Reachability
Enricher component that adds a `reachable` annotation to every finding.
S3 Target
SaaS-Only Target component that downloads a zip or tar archive from a remote S3 compatible target for unpacking and ingesting
Semgrep
Scanner that analyses source code with Semgrep to look for security issues.
Sentry
Sentry reporter that pushes findings to Sentry.
Slack
Reporter that pushes findings to a Slack channel.
Snyk
Scanner component that scans Repositories and Containers with Snyk.
Sobelow
Elixir security analysis with Sobelow.
SonarQube
SonarQube scanner that uses SonarQube Cloud Edition to generate findings
Source Code Artifact
Target component that downloads and extracts archived source code from various sources.
Trivy
Scanner that runs Aquasec's Trivy against a container image.
Trufflehog
Scanner that runs the open source secrets scanner `trufflehog`.
ZAP
Scanner that runs the Open Source DAST ZAP.