Customizations
Last updated
Last updated
Organizations may need to customize the Xygeni platform to meet their specific needs. Although Xygeni is designed to provide useful, actionable findings on the security posture of an organization against software supply chain attacks from the very start, Xygeni also provides a rich REST API and a set of development tools for special customizations.
There is a public GitHub repository, , that contains documentation and sample sources for different extensions of the Xygeni platform. In this repository you will find detailed instructions and how-to guides for developing custom detectors, sample code and project build templates.
The allows the retrieval of security issues, project risk summary, trends in security position, and report generation as well as administration. You may use the API to integrate the security findings into your own tools and systems, or into your pipelines.
A Xygeni detector is a piece of logic that detects a security issue in a scanned target system such as source code, a source code repository or a container image, a CI/CD system or other software too.
Xygeni provides a rich set of predefined, off-the-shelf detectors used in scans, although you may add your own custom detector. Such custom detectors can be easily integrated into scans using the --custom-detectors-dir
option.
If you need to from a third-party security tool, and the report format is not supported by Xygeni, you may develop your own extension for loading the input report and converting it to one of the available Xygeni reports.
Xygeni provides a framework for developing customized report converters and registering them so they are available in the report-upload
scanner command.
For further details, read .
In other cases, third-party tools do not provide a standardized report to be ingested. For some popular tools an export mechanism (often using the tool api) is provided. See for more details.