# SAST / DAST

The SAST / DAST tools can be integrated in the approval stages of pipelines to proactively identify vulnerabilities that occur in the execution process of the pipelines for a given application. 

### To Add SAST / DAST tools in the Pipeline Stages

The following steps provide details on how to access the SAST / DAST tools and use it in the pipeline stages. 

1. Create a pipeline by following the steps provided in [Create Pipelines](https://docs.opsmx.com/user-guide/manage-pipelines/create-a-pipeline). 
2. Click **Add Stage**.
3. From the **Type** dropdown, select Approval.
4. Click **Approval Configuration** section > **Connector Configuration**, select the required SAST / DAST tool from the **Connector** dropdown and the related account (created in the Integrations page) from the **Account** dropdown.   To know how to add integrations, refer [Integrations](https://docs.opsmx.com/user-guide/data-sources)
5. Select the required execution options from the **Execution Options** section.
6. Click **Save Changes**. 
7. Run the pipeline manually. 
8. Once the pipeline is executed, hover over the pipeline and click **View Approval Request**.

<figure><img src="https://lh3.googleusercontent.com/ztjinDl3r9T0w3dluBD6Vcw5SZY33M3Z4vMcp9RtbkrFYBQ9I6BgVM2jJA-mn8G_eOpQpq314bLoXCjHl4FO6w7sZtfbKpGb65Kqx42IdrQjdU6HJ_hPRivLLeRjUL63QnptB7u1i19s3_XEdbImJ-M" alt=""><figcaption></figcaption></figure>

The entire details of the pipeline execution with respect to the selected tool is displayed.

<figure><img src="https://lh6.googleusercontent.com/SYa7M9YLmsM98i_CobAgZVmK8zi4NCyAWOLkg_t6RxH0csN37NLQrU00Ze41SwZrOoFwzPe9l7OWJJsw-ro5Z4ulcx9YmrRyuEfmBkqUGQ9aDbrmJSUUaLUBEZBGyWNShaTuIrNVMLGdYVPYdKzGu34" alt=""><figcaption></figcaption></figure>

The following table lists the different fields displayed for the respective SAST / DAST tools.

| <p>Aquawave</p><p><br></p>    | Aquawave Image ID - The image ID added for the account.                                                                                                         |
| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| <p>HCL AppScan</p><p><br></p> | AppScan Project ID - The project ID for the given account.                                                                                                      |
| JFrog XRay Scanning           | JFrog Watch - The Jfrog watch ID                                                                                                                                |
| SonarQube                     | <ul><li>Project Key - The SonarQube project key added for the account. </li><li>Branch Name - The relevant branch name for the selected project key. </li></ul> |
| PrismaCloud                   | Prismacloud ID - The ID for the given account.                                                                                                                  |

<br>

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.opsmx.com/opsmx-1/opsmx-context-engine/user-guide/data-sources/used-integrations/sast-dast.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.