Skip to main content

Vulnerability Scanner Integrations Overview

Overview

Integrations expand the capability of the Vulnerability Scanner by enabling:
  • Import of scan results from external scanners
  • Triggering scans via CI/CD systems
  • Pulling asset inventories from external platforms
  • Syncing vulnerability metadata between systems
  • Automated enrichment using threat and technology intelligence
This ensures a single source of truth for all vulnerabilities detected across your ecosystem.

Supported Integration Types

CI/CD Integration

Run scans automatically during push, merge, or deployment workflows.

External Scanners

Import findings from tools like Nuclei, Trivy, or custom scanners.

Asset Sources

Sync assets from ASM, cloud adapters, or repositories.

CI/CD Integrations

Pipeline-Based Scanning

Supported Workflows

  • GitHub Actions
  • GitLab CI
  • Jenkins
  • Bitbucket Pipelines
  • Custom webhook-based pipelines

Capabilities

  • Trigger API, host, or web scans on deployment
  • Fail builds if severity thresholds are exceeded
  • Upload scan data back into VS automatically
Ideal for DevSecOps teams enforcing shift-left security.

External Scanner Integrations

Third-Party Scanner Imports

Examples Supported

  • Nuclei (YAML-based scanning)
  • Trivy (Container & IaC scanning)
  • ZAP / Burp via exports
  • OpenVAS or custom scanner outputs

What Gets Imported

  • Severity
  • Description & metadata
  • Affected assets
  • Timestamps
  • Evidence (if provided)
This enables centralized triage inside Snapsec VM and VS.

Asset Integrations

ASM / Cloud Asset Sync

VS can pull assets from:
  • Snapsec ASM
  • Cloud adapters (AWS, GCP, Azure)
  • Networking systems
  • Repositories (URLs, targets, APIs)
This ensures the scanner always has a complete inventory for coverage.

Integration Management

Add an Integration

  1. Go to Integrations → Add New Integration
  2. Select provider
  3. Configure credentials / keys
  4. Test connection
  5. Save

Monitor Integration Health

The integrator dashboard shows:
  • Connection status
  • Last sync
  • Assets imported
  • Errors or misconfigurations
Always maintain green-state for uninterrupted scanning.

What Problems This Solves

Fragmented Tools

Unifies results from multiple scanners into one consistent vulnerability catalog.

CI/CD Blind Spots

Ensures every deployment is tested before reaching production.

Incomplete Asset Coverage

Pulls assets from multiple sources to maintain full visibility.

Key Benefits

Single Source of Truth

Consolidate vulnerabilities from VS + external scanners in one place.

Automation Ready

Automate scans, imports, and syncing without manual effort.

Improved Accuracy

Cross-verification across scanners improves detection reliability.

Better Workflow Integration

Integrates deeply with VM, ASM, AIM, and CI/CD pipelines.

Next Steps

Configure Your First Integration

Connect CI/CD or external scanners to enhance detection coverage.