# Integrations Overview Organizations rely on a diverse ecosystem of tools. OpsMx integrates with existing scanners, CI/CD systems, cloud platforms, ticketing systems, and developer tools to work seamlessly within current workflows. These integrations allow Delivery Shield to **collect, correlate, and act on** security data from across your entire toolchain — without replacing the tools you already use. OpsMx integrates with code, CI/CD, cloud, security, observability, and collaboration systems — bringing execution and decision context together in one place. ## How Integrations Work When you connect a tool to Delivery Shield: 1. Delivery Shield **authenticates** with the tool using an API token or credential 2. It **listens** for pipeline events or performs periodic scans 3. Scan results and metadata are **pulled into** the Delivery Shield platform 4. Data is **analyzed** against your security policies and contributes to the application's **overall security score** 5. Findings are surfaced in the **unified dashboard**, DBOM, and vulnerability pages All integrations are managed from **Setup → Integrations** in the Delivery Shield console. ## Integration Categories **CI/CD Platforms** Connect your delivery pipelines so Delivery Shield can trigger and monitor security scans automatically at every pipeline stage. Delivery Shield is compatible with Argo CD, Jenkins, Flux, Spinnaker, GitHub Actions, and Azure DevOps. | Tool | Notes | | ------------------ | ------------------------------------------------------------- | | **Jenkins** | Trigger scans from CI stages; CLI-based integration available | | **GitHub Actions** | Native event-driven scan triggering | | **GitLab CI** | Source code scan and MR gating support | | **Argo CD** | GitOps delivery pipeline integration | | **Spinnaker** | Full pipeline orchestration with policy enforcement | | **Azure DevOps** | Supports Azure Repos and pipeline scanning | | **CircleCI** | Scan automation via pipeline events | | **Flux** | GitOps-based deployment monitoring | **Source Control** Connect your repositories for code scanning, secrets detection, and Git security posture evaluation. | Tool | Notes | | --------------- | -------------------------------------------------------------- | | **GitHub** | SCM scanning, PR gating, OpenSSF Scorecard | | **GitLab** | SCM and artifact repository integration | | **Azure Repos** | Support for Azure Source Code Repositories in Ad Hoc scanning. | | **Bitbucket** | Repository access and scan integration | **SAST / DAST Tools** Static and dynamic analysis tools that scan your code and running applications for vulnerabilities. | Tool | Category | Notes | | -------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Semgrep** | SAST | Pattern-based static analysis tool for identifying and fixing security issues in source code. Supports Local (CLI) and Cloud (SaaS) modes. | | **SonarQube** | SAST | Deep code quality and security scanning; SonarQube quality reports and OpsMx security reports are accessible on the same platform. | | **Snyk** | SAST / SCA | Helps developers find and fix vulnerabilities in open-source dependencies and container images; supports Local and Cloud modes [OpsMX](https://www.opsmx.com/blog/top-open-source-application-security-tools/) | | **Codacy** | SAST | Automated code review and quality analysis | | **OWASP ZAP** | DAST | Active scanning of live/deployed web applications for runtime vulnerabilities | | **JFrog Xray** | SAST / SCA | Deep recursive scanning of artifacts and dependencies | | **MobSF** | Mobile SAST | Mobile application security testing | **Software Composition Analysis (SCA)** Tools that scan open-source dependencies, libraries, and packages for known vulnerabilities. | Tool | Notes | | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Trivy** | Open-source vulnerability scanner for containers and containerized applications. Delivery Shield mandates security scans on images using Trivy and also imports SBOMs generated by Trivy. | | **Grype** | Container image and artifact vulnerability scanning | | **Snyk** | Dependency vulnerability scanning and fix suggestions | | **JFrog Xray** | Artifact and dependency deep-scan | **Container Registries** Delivery Shield connects to container registries to scan images for vulnerabilities before and after deployment. Expanded support for artifact scanning covers GitLab Container Registry, Docker Hub, Azure Container Registry (ACR), Google Container Registry (GCR), Google Cloud Storage (GCS), Amazon ECR, JFrog Artifactory, and Quay. | Registry | | ------------------------------- | | Docker Hub | | Amazon ECR | | Google Container Registry (GCR) | | Google Artifact Registry | | Azure Container Registry (ACR) | | JFrog Artifactory | | Quay | | GitLab Container Registry | *** **Cloud Security** Scan cloud environments for misconfigurations, compliance gaps, and security posture issues. | Tool | Notes | | -------------- | --------------------------------------------------------------------- | | **AWS** | Cloud posture scanning and resource visibility | | **ScoutSuite** | Multi-cloud security auditing (AWS, Azure, GCP) | | **KubeScape** | Kubernetes cluster scanning — CIS Benchmarks, RBAC, misconfigurations | | **TFsec** | IaC security scanning for Terraform configurations | **Kubernetes Platforms** Delivery Shield auto-discovers applications from GKE, EKS, AKS, self-managed clusters, and OpenShift. | Platform | | -------------------------------- | | Google Kubernetes Engine (GKE) | | Amazon EKS | | Azure Kubernetes Service (AKS) | | OpenShift | | Self-managed Kubernetes clusters | **Secrets Management** Detect hardcoded credentials, API keys, and tokens in your source code and pipeline. | Tool | Notes | | -------------- | ------------------------------------------------------------------------------- | | **Trivy** | Secrets scanning in source code and containers | | **VirusTotal** | Detects URLs in your codebase and build pipelines, flagging any malicious URLs. | **Artifact Management** | Tool | | ------------------------ | | JFrog Artifactory | | Google Artifact Registry | | Sysdig | **Ticketing & Collaboration** Connect Delivery Shield to your team's workflow tools for automated issue tracking and notifications. | Tool | Notes | | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Jira** | Precision integration ensures the right tickets get to the right teams automatically — supports scan target level, service level, and RBAC-controlled access. | | **Slack** | Real-time security alerts and notifications | | **Microsoft Teams** | Pipeline and security event notifications | | **ServiceNow** | Governance and change management workflows | **AI & Intelligence** | Tool | Notes | | ------------------- | ---------------------------------------------------------------------------------------- | | **ChatGPT / GenAI** | AI-assisted remediation suggestions embedded into the platform for every identified risk | #### Adding an Integration All integrations follow the same setup pattern in Delivery Shield: 1. Navigate to **Setup → Integrations** 2. Select the tool category (Source, Artifact, Security Scanning, Cloud, etc.) 3. Click the tool tile and toggle it **on** 4. Click **+ New Account** and provide the required credentials or API token 5. Select the **Teams** and **Environments** for which the integration should be available 6. Save. Delivery Shield will begin collecting data on the next pipeline trigger or scheduled scan {% hint style="info" %} Each integration account can be assigned to up to 5 teams. Applications belonging to unassigned teams will not have access to that integration account. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.opsmx.com/integrations/integrations-overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.