ASPM scanner integrations
Invicti AppSec Core ships with a set of preconfigured security scanners that run automatically as part of your application security workflow. For teams that want to extend scan coverage using their existing tools, Invicti ASPM supports integrations with a wide range of third-party security scanners.
This section provides integration guides for all scanners supported through the ASPM product, organized by scan type.
The integrations in this section require the Invicti ASPM product. If you are looking for the preconfigured scanners included with Invicti AppSec Core, refer to AppSec Core scanners overview
Supported scanner categories
| Category | Description |
|---|---|
| SAST | Static Application Security Testing tools that analyze source code for vulnerabilities. |
| DAST and API | Dynamic Application Security Testing tools that test running applications and APIs. |
| SCA | Software Composition Analysis tools that identify vulnerabilities in open-source dependencies. |
| Container security | Tools that scan container images for known vulnerabilities and misconfigurations. |
| CSPM | Cloud Security Posture Management tools that monitor cloud infrastructure for misconfigurations. |
| Infrastructure | Tools that scan network infrastructure for vulnerabilities. |
| Infrastructure as code | Tools that analyze IaC configuration files for security misconfigurations. |
| IAST | Interactive Application Security Testing tools that analyze applications during runtime. |
| MAST | Mobile Application Security Testing tools that scan mobile applications. |
| Bug bounty | Integrations with bug bounty platforms for external vulnerability reporting. |
Scanner workflow
The scanner workflow for ASPM third-party integrations consists of three steps.
Step 1: Activate the scanner integration
Third-party scanners must be manually activated before they can be used. In Invicti ASPM, navigate to Integrations > Scanners and activate the scanner you want to use.
Unlike AppSec Core scanners, ASPM third-party scanners are not activated automatically. Each scanner must be enabled individually before it can be assigned to a project.
Step 2: Add the scanner to your project
After activating the scanner, assign it to the relevant projects in your ASPM workspace.
Step 3: Configure scanner settings
Configure scanner-specific settings to match your project requirements. Settings can be adjusted at any time after a scanner is added to a project.
Manage scanners
Once activated, scanners can be managed as needed:
- Deactivate a scanner: turn individual scanners off if they are no longer needed, without losing existing configuration.
- Update scanners: keep scanners up to date to benefit from the latest vulnerability definitions and detection capabilities.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center