You can ingest scan results from the following tools into Scribe Hub.
| AuditJS | Identifies security vulnerabilities in JavaScript libraries and dependencies. |
| Synopsys Blackduck Binary Analysis | Analyzes open source components for security risks and license compliance. |
| Bundler-Audit | Scans Ruby Gem dependencies for known vulnerabilities. |
| Checkmarx OSA | Identifies vulnerabilities and license risks in open source libraries and third-party components. |
| CycloneDX | A standard for creating SBOMs to manage security risks in open source dependencies. |
| Dependency Check | Detects publicly disclosed vulnerabilities in project dependencies. |
| Dependency Track | Monitors and manages the use of components with known vulnerabilities. |
| Fortify | Analyzes open source components for security vulnerabilities and compliance risks. |
| GitLab Dependency Scan | Scans project dependencies for known vulnerabilities. |
| Govulncheck | Identifies known vulnerabilities in Go projects. |
| JFrog Xray | Scans artifacts for vulnerabilities and license compliance issues. |
| Kiuwan | Analyzes code for security vulnerabilities and compliance risks. |
| Mend.io | Provides real-time alerts and remediation for vulnerabilities in open source components. |
| NPM Audit | Scans project dependencies for known vulnerabilities in npm packages. |
| OssIndex | Provides security reports for open source projects and components. |
| PHP Symfony Security Check | Checks for vulnerabilities in Symfony project dependencies. |
| pip-audit | Audits Python environments and dependencies for known vulnerabilities. |
| Retire.js | Scans JavaScript projects for known security vulnerabilities. |
| Sonatype Application Scan | Analyzes application components for security and compliance issues. |
| Veracode SourceClear | Scans open source libraries and dependencies for security vulnerabilities. |
| Yarn Audit | Checks project dependencies for known security issues in Yarn packages. |
| Bandit | Analyzes Python code for security issues. |
| Brakeman | Static analysis tool for Ruby on Rails applications. |
| Checkmarx | Identifies security vulnerabilities in proprietary code. |
| Codechecker | Static analysis infrastructure to detect bugs in C/C++/Objective-C code. |
| Contrast | Integrates with applications to detect vulnerabilities during runtime. |
| Microsoft Cred Scan | Scans for credentials in code. |
| Dawnner | Static analysis security scanner for Ruby applications. |
| Detect-secrets | Tool to prevent secrets from being committed into code repositories. |
| ESLint | Finds and fixes problems in JavaScript code. |
| Ggshield | Detects secrets and sensitive information in your codebase. |
| Github Vulnerability Scan | Analyzes code for security vulnerabilities within GitHub repositories. |
| GitLab SAST | Provides static application security testing for GitLab projects. |
| GitLab Secret Detection | Detects secrets in your GitLab projects. |
| Gitleaks | Scans for secrets in git repositories. |
| Gosec Scanner | Inspects Go source code for security issues. |
| Horusec | Open source tool for performing static code analysis on various languages. |
| Hydra | OAuth2 and OpenID Connect server for application security. |
| Meterian | Analyzes and fixes security vulnerabilities in open source dependencies. |
| Mozilla Observatory | Helps developers configure their sites securely. |
| Node Security | Scans for vulnerabilities in Node.js packages. |
| Openscap Vulnerability | Assesses the security compliance of IT systems. |
| PHP Security Audit v2 | Scans PHP code for security vulnerabilities. |
| PMD | Identifies flaws in Java source code. |
| PWN | Python-based tool for security testing. |
| Rubocop | Linter and formatter for Ruby code. |
| Rusty Hog | Scans for secrets in your codebase. |
| Semgrep | Static analysis tool for finding bugs and enforcing code standards. |
| Snyk | Finds and fixes vulnerabilities in your open source dependencies and container images. |
| SonarQube | Continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities. |
| SpotBugs | Static analysis tool for Java to find bugs in Java programs. |
| Talisman | Detects and prevents secrets from getting checked into source code repositories. |
| Trufflehog | Searches through git repositories for high entropy strings and secrets. |
| VCG | Vulnerability Code Graphs (VCG) tool to analyze source code for vulnerabilities. |
| Wapiti | Performs "black-box" scans of web applications to discover vulnerabilities. |
| Whispers | Detects secrets and sensitive information in your codebase. |
| Xanitizer | Static analysis tool to detect security vulnerabilities in Java code. |
| Acunetix | Automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, XSS, and more. |
| AppSpider (Rapid7) | Dynamic Application Security Testing (DAST) solution that scans web applications for vulnerabilities. |
| Burp | Integrated platform for performing security testing of web applications. |
| Cobalt.io | Offers pentest as a service platform to find and fix vulnerabilities in web applications. |
| Crashtest Security | Provides automated security testing for web applications. |
| Edge | Full-stack vulnerability management solution combining automated scanning with manual verification. |
| GitLab DAST | Dynamic application security testing tool built into GitLab. |
| IBM AppScan | Provides automated dynamic application security testing. |
| Immuniweb | AI-powered web application security testing platform. |
| Microfocus Webinspect | Automated dynamic application security testing solution. |
| MobSF | Mobile Security Framework for dynamic and static analysis of mobile apps. |
| Netsparker | Web application security scanner that identifies vulnerabilities. |
| Nikto | Web server scanner that performs comprehensive tests against web servers. |
| Nuclei | Fast and customizable vulnerability scanner based on simple YAML-based templates. |
| Qualys | Cloud-based platform for continuous security and compliance. |
| Scantist | Application security platform for identifying vulnerabilities. |
| Solar Appscreener | Comprehensive source code analysis tool. |
| StackHawk | Dynamic application security testing built for developers. |
| Tenable | Comprehensive vulnerability management solution. |
| Trustwave | Offers managed security testing services. |
| Veracode | Comprehensive application security testing platform. |
| WFuzz | Tool for web application security assessment by brute forcing web applications. |
| WhiteHat Sentinel | Dynamic application security testing solution. |
| Wpscan | Security scanner for WordPress. |
| ZAP | Open-source web application security scanner. |
| AWS Prowler | Open-source security tool to perform AWS security best practices assessments. |
| AWS Scout2 | Tool that audits the configuration of AWS environments to find security gaps. |
| AWS Security Hub | Provides a comprehensive view of high-priority security alerts and compliance status across AWS accounts. |
| Azure Security Center Recommendations | Provides recommendations to secure Azure resources and services. |
| Synopsys Blackduck | Analyzes open-source components for security risks and license compliance. |
| Burp | Integrated platform for performing security testing of web applications. |
| CargoAudit | Audit Cargo.lock files for vulnerabilities. |
| Checkov | Static code analysis tool for infrastructure as code. |
| Clair | Static analysis tool for discovering vulnerabilities in application containers (e.g., docker). |
| Clair Klar | Wrapper to analyze images stored in a private Docker registry. |
| Cloudsploit | Tool for security and configuration scanning of cloud accounts. |
| docker-bench-security | Script that checks for dozens of common best practices around deploying Docker containers in production. |
| Dockle | Container image linter for security, helping to ensure best practices and reduce vulnerabilities. |
| GitLab Container Scan | Scans container images for vulnerabilities in GitLab projects. |
| Hadolint Dockerfile check | Dockerfile linter to detect issues and ensure best practices. |
| Harbor Vulnerability | Open-source container image registry that secures images with role-based access control and integrates with vulnerability scanners. |
| KICS | Open-source tool for static analysis of IaC files to detect potential security vulnerabilities, compliance issues, and coding best practices. |
| kube-bench | Checks whether Kubernetes is deployed securely according to the CIS Kubernetes Benchmark. |
| kube-hunter | Open-source tool to hunt for security weaknesses in Kubernetes clusters. |
| NeuVector (compliance) | Provides container security with run-time protection, network visibility, and vulnerability management. |
| Nexpose | Vulnerability management solution that dynamically collects data and analyzes risk. |
| Nmap | Open-source network scanner for network discovery and security auditing. |
| OpenVAS | Full-featured vulnerability scanner that can detect security issues in systems and applications. |
| Popeye | Utility that scans live Kubernetes clusters and reports potential issues. |
| Qualys Infrastructure Scan | Cloud-based platform for continuous security and compliance of IT infrastructure. |
| Red Hat Satellite | System management tool designed to help manage Red Hat deployments and scale IT automation, optimizing system performance. |
| Scout Suite | Open-source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. |
| ssh-audit Vulnerability Reports | SSH server auditing tool that checks for various security issues in SSH servers. |
| SSL Labs | Performs a deep analysis of the configuration of any SSL web server on the public Internet. |
| Sslscan | Quickly scans SSL servers to determine the supported SSL ciphers and protocols. |
| Sslyze | Fast and powerful SSL/TLS scanning library and CLI tool. |
| Sysdig Vulnerability Reports | Provides container intelligence for securing and monitoring your infrastructure. |
| Testssl | Command line tool to check SSL/TLS and security related information on any port. |
| TFSec | Security scanner for your Terraform code, which checks for potential security vulnerabilities. |
| Trivy | Simple and comprehensive vulnerability scanner for containers and other artifacts. |
| Twistlock Image | Cloud-native security platform that protects the full stack and lifecycle of your cloud-native workloads. |
| Wazuh | Open-source security monitoring platform that unifies log data analysis, intrusion detection, and security monitoring. |
| AWS Security Finding Format (ASFF) | Standardized format for AWS security findings, providing a unified way to describe security issues. |
| BugCrowd | Platform that connects organizations to a global crowd of security researchers to uncover security issues. |
| DrHeader | Tool for checking security headers in HTTP responses. |
| Generic Findings | General category for various security findings and reports. |
| HuskyCI | Continuous Integration tool for performing security tests inside CI pipelines. |
| SARIF | Static Analysis Results Interchange Format, used for the output format of static analysis tools. |
| Vulners | Provides vulnerability data and information for security researchers and professionals. |