External Scanners Supported

The xygeni report-upload command normalizes and uploads findings from third-party security tools to the Xygeni platform. The input reports are typically export formats (JSON, XML) and may follow common exchange formats like Static Analysis Results Interchange Format (SARIF) or GitLab’s Security Report Schemas.

The following is the list of third-party security scanners and report formats supported. Formats and tools are listed in alphabetical order, and Xygeni does not endorse any vendor or tool.

Go to report-upload command reference for further details.

SCA (Software Composition Analysis)

SAST (Software Application Security Testing)

For Kiuwan, exporting the findings to a local file needs special configuration, as documented in xygeni-extensions - Report upload for Kiuwan

For Sonar, json report can be downloaded from issues/search endpoint at SonarCloud Web API GET api/issues/search, using the parameter additionalField=_all to get all additional fields from project. If maximum number of issues exceed the limit (500), query should be paginated, …​

IaC Flaws

Secret Leaks

Last updated