SAST / DAST

The SAST / DAST tools can be integrated in the approval stages of pipelines to proactively identify vulnerabilities that occur in the execution process of the pipelines for a given application.

To Add SAST / DAST tools in the Pipeline Stages

The following steps provide details on how to access the SAST / DAST tools and use it in the pipeline stages.

  1. Create a pipeline by following the steps provided in Create Pipelines.

  2. Click Add Stage.

  3. From the Type dropdown, select Approval.

  4. Click Approval Configuration section > Connector Configuration, select the required SAST / DAST tool from the Connector dropdown and the related account (created in the Integrations page) from the Account dropdown. To know how to add integrations, refer Integrations

  5. Select the required execution options from the Execution Options section.

  6. Click Save Changes.

  7. Run the pipeline manually.

  8. Once the pipeline is executed, hover over the pipeline and click View Approval Request.

The entire details of the pipeline execution with respect to the selected tool is displayed.

The following table lists the different fields displayed for the respective SAST / DAST tools.

Aquawave

Aquawave Image ID - The image ID added for the account.

HCL AppScan

AppScan Project ID - The project ID for the given account.

JFrog XRay Scanning

JFrog Watch - The Jfrog watch ID

SonarQube

  • Project Key - The SonarQube project key added for the account.

  • Branch Name - The relevant branch name for the selected project key.

PrismaCloud

Prismacloud ID - The ID for the given account.

Last updated