External Scanners Supported
Last updated
Last updated
The xygeni report-upload command normalizes and uploads findings from third-party security tools to the Xygeni platform. The input reports are typically export formats (JSON, XML) and may follow common exchange formats like Static Analysis Results Interchange Format (SARIF) or GitLab’s Security Report Schemas.
The following is the list of third-party security scanners and report formats supported. Formats and tools are listed in alphabetical order, and Xygeni does not endorse any vendor or tool.
Go to report-upload command reference for further details.
| Format | Tool | Description |
|---|---|---|
| Format | Tool | Description |
|---|---|---|
For Kiuwan, exporting the findings to a local file needs special configuration, as documented in xygeni-extensions - Report upload for Kiuwan
For Sonar, json report can be downloaded from issues/search endpoint at SonarCloud Web API GET api/issues/search, using the parameter additionalField=_all to get all additional fields from project. If maximum number of issues exceed the limit (500), query should be paginated, …
| Format | Tool | Description |
|---|---|---|
| Format | Tool | Description |
|---|---|---|
sca-sarif
<any>
Component vulnerabilities detected by a SCA tool, SARIF format
sca-checkmarx
Checkmarx SCA
CxSCA report, in JSON format
sca-checkmarx-one
Checkmarx One
SCA scanner of Checkmarx One, in JSON format
sca-checkmarx-one-results
Checkmarx One
SCA scanner of Checkmarx One, exported using 'cx results show'
sca-snyk
Snyk
Snyk SCA report, in JSON format
sast-sarif
<any>
Code vulnerabilities detected by a SAST tool, in SARIF format
sast-checkmarx
Checkmarx
CxSAST JSON report
sast-checkmarx-xml
Checkmarx
CxSAST XML report
sast-checkmarx-one
Checkmarx One
SAST scanner of Checkmarx One, in JSON format
sca-checkmarx-one-results
Checkmarx One
SAST scanner of Checkmarx One, exported using 'cx results show'
sast-fortify-fpr
Fortify
Fortify SAST report, in .fpr or .fvdl format
sast-fortify-xml
Fortify
Fortify SAST XML report
sast-kiuwan
Kiuwan
Kiuwan SAST XML report
sast-sonarcloud
SonarCloud
SonarCloud SAST JSON report
sast-sonarserver
SonarServer
SonarServer SAST JSON report
iac-sarif
<any>
IaC vulnerabilities detected by a IaC tool, in SARIF format
iac-checkov
Checkov
Checkov IaC scanner, JSON format
iac-kics
KICS
IaC vulnerabilities detected by KICS, in JSON format
iac-checkmarx
Checkmarx
IaC scanner of Checkmarx, in JSON format
iac-checkmarx-one
Checkmarx One
IaC scanner of Checkmarx One, in JSON format
iac-checkmarx-one-results
Checkmarx One
IaC scanner of Checkmarx One, exported using 'cx results show'
secrets-sarif
<any>
Secrets detected by a secrets tool, in SARIF format
secrets-gitleaks
GitLeaks
Secrets detected by GitLeaks, in JSON format