Integrations Overview
Organizations rely on a diverse ecosystem of tools. OpsMx integrates with existing scanners, CI/CD systems, cloud platforms, ticketing systems, and developer tools to work seamlessly within current workflows.
These integrations allow Delivery Shield to collect, correlate, and act on security data from across your entire toolchain — without replacing the tools you already use. OpsMx integrates with code, CI/CD, cloud, security, observability, and collaboration systems — bringing execution and decision context together in one place.
How Integrations Work
When you connect a tool to Delivery Shield:
Delivery Shield authenticates with the tool using an API token or credential
It listens for pipeline events or performs periodic scans
Scan results and metadata are pulled into the Delivery Shield platform
Data is analyzed against your security policies and contributes to the application's overall security score
Findings are surfaced in the unified dashboard, DBOM, and vulnerability pages
All integrations are managed from Setup → Integrations in the Delivery Shield console.
Integration Categories
CI/CD Platforms
Connect your delivery pipelines so Delivery Shield can trigger and monitor security scans automatically at every pipeline stage.
Delivery Shield is compatible with Argo CD, Jenkins, Flux, Spinnaker, GitHub Actions, and Azure DevOps.
Jenkins
Trigger scans from CI stages; CLI-based integration available
GitHub Actions
Native event-driven scan triggering
GitLab CI
Source code scan and MR gating support
Argo CD
GitOps delivery pipeline integration
Spinnaker
Full pipeline orchestration with policy enforcement
Azure DevOps
Supports Azure Repos and pipeline scanning
CircleCI
Scan automation via pipeline events
Flux
GitOps-based deployment monitoring
Source Control
Connect your repositories for code scanning, secrets detection, and Git security posture evaluation.
GitHub
SCM scanning, PR gating, OpenSSF Scorecard
GitLab
SCM and artifact repository integration
Azure Repos
Support for Azure Source Code Repositories in Ad Hoc scanning.
Bitbucket
Repository access and scan integration
SAST / DAST Tools
Static and dynamic analysis tools that scan your code and running applications for vulnerabilities.
Semgrep
SAST
Pattern-based static analysis tool for identifying and fixing security issues in source code. Supports Local (CLI) and Cloud (SaaS) modes.
SonarQube
SAST
Deep code quality and security scanning; SonarQube quality reports and OpsMx security reports are accessible on the same platform.
Snyk
SAST / SCA
Helps developers find and fix vulnerabilities in open-source dependencies and container images; supports Local and Cloud modes OpsMX
Codacy
SAST
Automated code review and quality analysis
OWASP ZAP
DAST
Active scanning of live/deployed web applications for runtime vulnerabilities
JFrog Xray
SAST / SCA
Deep recursive scanning of artifacts and dependencies
MobSF
Mobile SAST
Mobile application security testing
Software Composition Analysis (SCA)
Tools that scan open-source dependencies, libraries, and packages for known vulnerabilities.
Trivy
Open-source vulnerability scanner for containers and containerized applications. Delivery Shield mandates security scans on images using Trivy and also imports SBOMs generated by Trivy.
Grype
Container image and artifact vulnerability scanning
Snyk
Dependency vulnerability scanning and fix suggestions
JFrog Xray
Artifact and dependency deep-scan
Container Registries
Delivery Shield connects to container registries to scan images for vulnerabilities before and after deployment.
Expanded support for artifact scanning covers GitLab Container Registry, Docker Hub, Azure Container Registry (ACR), Google Container Registry (GCR), Google Cloud Storage (GCS), Amazon ECR, JFrog Artifactory, and Quay.
Docker Hub
Amazon ECR
Google Container Registry (GCR)
Google Artifact Registry
Azure Container Registry (ACR)
JFrog Artifactory
Quay
GitLab Container Registry
Cloud Security
Scan cloud environments for misconfigurations, compliance gaps, and security posture issues.
AWS
Cloud posture scanning and resource visibility
ScoutSuite
Multi-cloud security auditing (AWS, Azure, GCP)
KubeScape
Kubernetes cluster scanning — CIS Benchmarks, RBAC, misconfigurations
TFsec
IaC security scanning for Terraform configurations
Kubernetes Platforms
Delivery Shield auto-discovers applications from GKE, EKS, AKS, self-managed clusters, and OpenShift.
Google Kubernetes Engine (GKE)
Amazon EKS
Azure Kubernetes Service (AKS)
OpenShift
Self-managed Kubernetes clusters
Secrets Management
Detect hardcoded credentials, API keys, and tokens in your source code and pipeline.
Trivy
Secrets scanning in source code and containers
VirusTotal
Detects URLs in your codebase and build pipelines, flagging any malicious URLs.
Artifact Management
JFrog Artifactory
Google Artifact Registry
Sysdig
Ticketing & Collaboration
Connect Delivery Shield to your team's workflow tools for automated issue tracking and notifications.
Jira
Precision integration ensures the right tickets get to the right teams automatically — supports scan target level, service level, and RBAC-controlled access.
Slack
Real-time security alerts and notifications
Microsoft Teams
Pipeline and security event notifications
ServiceNow
Governance and change management workflows
AI & Intelligence
ChatGPT / GenAI
AI-assisted remediation suggestions embedded into the platform for every identified risk
Adding an Integration
All integrations follow the same setup pattern in Delivery Shield:
Navigate to Setup → Integrations
Select the tool category (Source, Artifact, Security Scanning, Cloud, etc.)
Click the tool tile and toggle it on
Click + New Account and provide the required credentials or API token
Select the Teams and Environments for which the integration should be available
Save. Delivery Shield will begin collecting data on the next pipeline trigger or scheduled scan
Each integration account can be assigned to up to 5 teams. Applications belonging to unassigned teams will not have access to that integration account.
Last updated