Git Clone
Source component that shallow clones a repository for scanning
Image Get
Source component that downloads a remote (OCI) container image for scanning
S3 Target
SaaS-Only Target component that downloads a zip or tar archive from a remote S3 compatible target for unpacking and ingesting
Trufflehog
Scanner that runs the open source secrets scanner `trufflehog`.
ZAP
Scanner that runs the Open Source DAST ZAP.
Bandit
SAST scanner that analyses Python source code to look for security issues.
OSV Scanner
Third Party Dependency Scanner for multiple languages
CDXGen
Scanner component that generates a CycloneDX SBOM from source code.
CodeQL
Scanner that runs Github CodeQL SAST.
Gosec
Scanner that runs the Gosec SAST for Go.
Nancy
Dependency Scanner for Go.
Semgrep
Scanner that analyses source code with Semgrep to look for security issues.
Trivy
Scanner that runs Aquasec's Trivy against a container image.
Snyk
Scanner component that scans Repositories and Containers with Snyk.
ElasticSearch
Reporter that pushes findings to an ElasticSearch instance.
Slack
Reporter that pushes findings to a Slack channel.
Custom Annotation
Enricher component that adds a custom annotation to findings. Mainly used for testing.
Exploit Finder
SaaS-Only Enricher component that adds an annotation and a filter if it can find an exploit for the given CVE
JSON Logger
Reporter component that prints findings to stdout in JSON format.
Reachability
Enricher component that adds a `reachable` annotation to every finding.
Jira
Jira reporter that opens formatted issues for every non-filtered finding.
PDF document
Reporter that prints findings into a templated PDF document.
Defect Dojo
Reporter that pushes findings to a DefectDojo instance.
MobSF Scan
SAST Scanner for mobile applications.