SAST / DAST
Last updated
Last updated
The SAST / DAST tools can be integrated in the approval stages of pipelines to proactively identify vulnerabilities that occur in the execution process of the pipelines for a given application.
The following steps provide details on how to access the SAST / DAST tools and use it in the pipeline stages.
Create a pipeline by following the steps provided in Create Pipelines.
Click Add Stage.
From the Type dropdown, select Approval.
Click Approval Configuration section > Connector Configuration, select the required SAST / DAST tool from the Connector dropdown and the related account (created in the Integrations page) from the Account dropdown. To know how to add integrations, refer Integrations
Select the required execution options from the Execution Options section.
Click Save Changes.
Run the pipeline manually.
Once the pipeline is executed, hover over the pipeline and click View Approval Request.
The entire details of the pipeline execution with respect to the selected tool is displayed.
The following table lists the different fields displayed for the respective SAST / DAST tools.
Aquawave
Aquawave Image ID - The image ID added for the account.
HCL AppScan
AppScan Project ID - The project ID for the given account.
JFrog XRay Scanning
JFrog Watch - The Jfrog watch ID
SonarQube
Project Key - The SonarQube project key added for the account.
Branch Name - The relevant branch name for the selected project key.
PrismaCloud
Prismacloud ID - The ID for the given account.
