SAST / DAST
The SAST / DAST tools can be integrated in the approval stages of pipelines to proactively identify vulnerabilities that occur in the execution process of the pipelines for a given application.
To Add SAST / DAST tools in the Pipeline Stages
The following steps provide details on how to access the SAST / DAST tools and use it in the pipeline stages.
Create a pipeline by following the steps provided in Create Pipelines.
Click Add Stage.
From the Type dropdown, select Approval.
Click Approval Configuration section > Connector Configuration, select the required SAST / DAST tool from the Connector dropdown and the related account (created in the Integrations page) from the Account dropdown. To know how to add integrations, refer Integrations
Select the required execution options from the Execution Options section.
Click Save Changes.
Run the pipeline manually.
Once the pipeline is executed, hover over the pipeline and click View Approval Request.
The entire details of the pipeline execution with respect to the selected tool is displayed.
The following table lists the different fields displayed for the respective SAST / DAST tools.
Aquawave
| Aquawave Image ID - The image ID added for the account. |
HCL AppScan
| AppScan Project ID - The project ID for the given account. |
JFrog XRay Scanning | JFrog Watch - The Jfrog watch ID |
SonarQube |
|
PrismaCloud | Prismacloud ID - The ID for the given account. |
Last updated