VirusTotal

VirusTotal is a scanning tool that analyzes URLs for security threats using multiple antivirus engines and website scanners. It scans the URLs and source code to detect any malware or malicious content.

Usage

  • URL Detection and Scanning: SSD detects URLs in your CI/CD configurations and code base, then uses VirusTotal to scan these URLs for potential security threats.

  • Threat Analysis: SSD retrieves and analyzes threat reports from VirusTotal to evaluate the security of the detected URLs.

  • Results Display: The scan results are available on the View Open Security Issues page, providing detailed insights into detected threats and vulnerabilities.

Delivery Shield receives the scanned results from VirusTotal and generates alerts.

To Integrate VirusTotal:

  1. Navigate to Setup > Integrations.

  2. In the Source panel, click on VirusTotal.

You can use the toggle button provided below the integration tile to enable or disable it as needed.

  1. The VirusTotal integration page is displayed.

  1. Enter the Account Name and Token value of your VirusTotal account.

  2. Enable the URL Scan and Malware Detection toggle button if required.

  3. Select the Teams and the corresponding Environments from the dropdown for which you want the integration to be available. The integration will be available for the selected teams and environment only.

    You can select up to 5 teams for the integration to be displayed.

    • An example is given below for reference:

    • In the example above,

      • if Team 1, Team 2, and Team 3 are selected, only applications associated with these teams can access the integration. Any applications belonging to other teams, such as Team 4, will not have access to this account.

      • Even if the user who created this account is also an admin for Team 4, the integration account remains restricted and is not available for Team 4.

      • Access to the account is strictly limited to the specified Teams and Environments selected during account creation.

    • For Organization Admins:

      • When an Organization Admin creates an account without selecting specific Teams and Environments, the account will be universally applicable, granting access to all teams and all environments by default.

    • For Team Admins with Multiple Teams:

      • If a Team Admin who manages multiple teams creates an account without specifying particular Teams and Environments, the account will only be accessible to the teams for which the logged-in user holds admin privileges.

  4. Click Save. The tool is integrated in the source stage.

  5. To delete the integration, click the Delete button.

  6. You can edit the entered values by clicking the Edit option as shown below:

  1. Enter the token value and click Update.

The new values get updated.

To View VirusTotal Scan Results

The scan results generated by VirusTotal can be viewed and downloaded.

  • Navigate to Artifact Security.

  • Select the artifact for which you want to view the VirusTotal scan results.

  • Go to View Reports and click on the three dots.

  • Select VirusTotalURLScan and click on it.

The scan results are downloaded.

PreviousGrypeNextKubescape

Last updated