External Scanners Supported
The xygeni report-upload
command normalizes and uploads findings from third-party security tools to the Xygeni platform. The input reports are typically export formats (JSON, XML) and may follow common exchange formats like Static Analysis Results Interchange Format (SARIF) or GitLab’s Security Report Schemas.
The following is the list of third-party security scanners and report formats supported. Formats and tools are listed in alphabetical order, and Xygeni does not endorse any vendor or tool.
Go to report-upload command reference for further details.
SCA (Software Composition Analysis)
SAST (Software Application Security Testing)
For Kiuwan, exporting the findings to a local file needs special configuration, as documented in xygeni-extensions - Report upload for Kiuwan
For Sonar, json report can be downloaded from issues/search endpoint at SonarCloud Web API GET api/issues/search, using the parameter additionalField=_all
to get all additional fields from project. If maximum number of issues exceed the limit (500), query should be paginated, …
IaC Flaws
Secret Leaks
Last updated