Xygeni Scanners
Last updated
Last updated
Although known as a whole as the , Xygeni provides a set of different scanners specialized to find different kinds of issues.
The available Xygeni scanners are:
The ( iac
) ( see ) processes IaC templates (Terraform, Ansible, CloudFormation, etc) searching for "flaws" or "defects" (a non-compliance) for a certain policy. Most flaws represent a security-related issue that adds significant risk.
The ( compliance
) ( see ) checks compliance with Software Supply-Chain Security standards and guidelines. A standard is a list of checkpoints, arranged in categories. A software project is compliant with a standard ("passes") only when all the standard’s required checkpoints passed.
The ( codetamper
) ( see ) is a tool that checks the commits of the software project under analysis, and reports "changes in critical files" according to critical files rules currently active for the policy assigned to the project.
The ( malware
) ( see ) is a tool that checks the files of the software project under analysis, and reports "evidences" according to malware detectors currently active for the policy assigned to the project.
The ( inventory
) ( see ) is used to discover SDLC assets at scan time, extracting the information from the available project and dependencies descriptors, build files, pipelines describing the CI/CD workflows, IaC templates, and eventually via calls to the tools' APIs.