Package: Invicti AppSec Enterprise (on-premise, on-demand)
Third-party scanners overview
Invicti AppSec supports a wide range of third-party scanner integrations that extend your security coverage beyond the built-in AppSec Core scanners. These integrations allow you to connect external scanning tools to the platform, centralizing vulnerability data from multiple sources into a single view.
The following scanner categories are available. Each category contains multiple scanner integrations.
| Category | Description | In AppSec Core |
|---|---|---|
| SAST | Static Application Security Testing tools that analyze source code for vulnerabilities. | Yes |
| MAST | Mobile Application Security Testing tools that scan mobile applications. | No |
| DAST/API | Dynamic Application Security Testing tools that test running applications and APIs. | Yes |
| IAST | Interactive Application Security Testing tools that analyze applications during runtime. | No |
| SCA | Software Composition Analysis tools that identify vulnerabilities in open-source dependencies. | Yes |
| CSPM | Cloud Security Posture Management tools that monitor cloud infrastructure for misconfigurations. | No |
| CS | Container Security tools that scan container images for known vulnerabilities and misconfigurations. | Yes |
| IaC | Infrastructure as Code tools that analyze configuration files for security misconfigurations. | Yes |
| Secrets | Secrets detection tools that identify hardcoded secrets, credentials, and sensitive data in your codebase. | Yes |
| Infra | Tools that scan network infrastructure for vulnerabilities. | No |
| Bug Bounty | Integrations with bug bounty platforms for external vulnerability reporting. | No |
Six of these categories (SAST, DAST/API, SCA, CS, IaC, and Secrets) are also included as built-in scanners with the AppSec Core package. For details, refer to AppSec Core scanners overview.
Scanner workflow
The scanner workflow for third-party integrations consists of three steps:
Step 1: Activate the scanner integration
Third-party scanners must be manually activated before they can be used. Navigate to Integrations > Scanners and activate the scanner you want to use.
Unlike AppSec Core scanners, third-party scanners are not activated by default. You must activate each scanner individually under Integrations.
Step 2: Add the scanner to your project
After activating the scanner, add it to specific projects. For instructions, refer to Configure scanners.
Step 3: Configure scanner settings
Configure scanner-specific settings to match your project requirements. You can adjust settings at any time after adding a scanner to a project. For instructions, refer to Configure scanners.
Manage scanners
In addition to the workflow above, you can manage your scanners as needed:
- Deactivate a scanner: turn individual scanners off if you no longer need them. Refer to Deactivate an integration for details.
- Update scanners: update scanners to the latest version to benefit from the most recent vulnerability definitions and detection capabilities. Refer to Update scanner version for details.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center