Source control management (SCM) systems

Azure DevOps
Connect Azure Repos to retroactively and continuously analyze code changes, build a complete application inventory, and comment on or block pull requests when risks are identified.
Bitbucket
Connect your Bitbucket repositories to retroactively and continuously analyze code changes, build a complete application inventory, and comment on or block pull requests when risks are identified.
GitHub
Connect your GitHub.com or GitHub Enterprise repositories to retroactively and continuously analyze code changes, build a complete application and software supply chain inventory, and comment on or block pull requests when risks are identified.
GitLab
Connect your GitLab repositories to retroactively and continuously analyze code changes, build a complete application and software supply chain inventory, and comment on or block merge requests when new risks are identified.
Perforce
Connect your Perforce repositories to retroactively and continuously analyze code changes, build a complete application inventory, and comment on or block pull requests when risks are identified.
Git “vanilla”
Connect your “Vanilla” Git repositories to retroactively and continuously analyze code changes, build a complete application inventory, and comment on or block pull requests when risks are identified.

Ticketing systems

Azure DevOps
Analyze Azure DevOps issues and automatically create and assign issues for triggering security code reviews and remediations.
GitHub
Analyze GitHub Issues and automatically create and assign issues for triggering security code reviews and remediations.
GitLab
Analyze GitLab issues and automatically create and assign issues for triggering security code reviews and remediations.
Jira
Analyze Jira tickets and automatically create and assign issues for triggering security code reviews and remediations.
ServiceNow →
ServiceNow Application Vulnerability Response (AVR) – Automated syncing of Risk from Apiiro to ServiceNow as AVITs; ServiceNow CMDB Integration – Bi-directional syncing of Applications and Code Resources; ServiceNow Container Vulnerability Response (CVR) – Automated syncing of Container Images and Risks from Apiiro to ServiceNow as CVITs

Communication tools

Slack
Automatically send alerts to Slack channels to trigger security code reviews, remediations, and more.
Teams
Automatically send alerts to Teams channels to trigger security code reviews, remediations, and more.
Google Chat
Automatically send alerts to Google Chat Spaces to trigger security code reviews, remediations, and more.

SCA tools

Black Duck
Ingest and enrich Black Duck Software Composition Analysis findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
GitHub
Ingest and enrich GitHub Dependabot findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
GitLab
Ingest and enrich GitLab Dependency Scanning findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Mend.io
Ingest and enrich Mend.io SCA findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Semgrep Pro
Ingest and enrich Semgrep Pro Supply Chain findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Snyk
Ingest and enrich Snyk SCA findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Sonatype
Ingest and enrich Sonatype findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined remediations, and more.
GitHub Advanced Security for Azure DevOps
Ingest and enrich GitHub Advanced Security for Azure DevOps CodeQL findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Veracode
Ingest and enrich Veracode SCA findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Checkmarx One
Ingest and enrich Checkmarx One SCA findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.

SAST tools

Checkmarx
Ingest and enrich Checkmarx SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Fortify on Demand
Ingest and enrich Fortify on Demand SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
GitHub
Ingest and enrich CodeQL findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
GitLab
Ingest and enrich GitLab SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Polaris™ SaaS Platform
Ingest and enrich Polaris SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Semgrep Pro
Ingest and enrich Semgrep Pro SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Snyk
Enrich Snyk Code (SAST) findings, connecting risks to their supply chain and cloud context, and prioritize based on likelihood and impact.
SonarCloud
Ingest and enrich SonarCloud SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
SonarQube
Ingest and enrich SonarQube SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Veracode
Ingest and enrich Veracode SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Qwiet AI
Ingest and enrich QwietAI (formerly ShiftLeft) SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Fortify Software Security Center (SSC)
Ingest and enrich Fortify Software Security Center (SSCS) SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
GitHub Advanced Security for Azure DevOps
GitHub Advanced Security for Azure DevOps CodeQL findings.
HCL App Scan
Ingest and enrich HCL App Scan SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Checkmarx One
Ingest and enrich Checkmarx One SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.

Host security

Tenable
Ingest your runtime infrastructure findings from Tenable to get a single pane of glass of all your vulnerabilities from code to runtime.
Dynatrace
Ingest runtime security findings from Dynatrace and enrich them with application and code context. View and manage vulnerabilities in a single risk graph to prioritize and remediate runtime and pre-deployment risks together.

Secrets security tools

GitHub
Ingest and enrich secrets detected by GitHub for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
GitLab
Ingest and enrich secrets detected by GitLab for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Git Guardian
Ingest and enrich secrets detected by Git Guardian for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
GitHub Advanced Security for Azure DevOps
Ingest and enrich secrets detected by GitHub Advanced Security for Azure DevOps secrets for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.

Runtime API security tools

Akamai →
Ingest endpoint inventory and API Security findings from Akamai API Security to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Salt Security
Ingest endpoint inventory and API Security findings from Salt Security to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Traceable
Ingest endpoint inventory and API Security findings from Traceable to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.

DAST tools

Invicti Netsparker
Ingest Invicti DAST findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Qualys WAS
Ingest Qualys WAS DAST findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Burp Suite Enterprise
Ingest Burp Suite Enterprise DAST findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Akamai API Security
Ingest endpoint inventory and Active Testing findings from Akamai API Security to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
GitLab DAST
Ingest GitLab DAST findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
WhiteHat™ Continuous Dynamic Analysis
Ingest endpoint inventory and findings from WhiteHat™ Continuous Dynamic Analysis to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
OpenText Dynamic Application Security Testing (Fortify)
Ingest endpoint inventory and findings from OpenText WebInspect to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.

MAST

NowSecure
Ingest mobile application security testing (MAST) findings from NowSecure to get a single pane of glass of all your vulnerabilities from code to runtime.

Cloud security tools

Wiz →
Ingest cloud security findings from Wiz to get a single pane of glass of all your vulnerabilities from code to runtime.

Container security tools

JFrog
Ingest JFrog Xray findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Snyk
Ingest Snyk Container findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Orca Security
Ingest Orca container vulnerability findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Prisma Cloud
Ingest Prisma Twistlock container vulnerability findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
CrowdStrike
Ingest and enrich CrowdStrike container vulnerability findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Wiz →
Ingest and enrich Wiz container vulnerability findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
AWS Inspector
Ingest AWS Inspector container vulnerability findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.

Threat modeling

SD Elements
Ingest and manage tasks generated from the threat modeling process, and prioritize them by automatically linking projects to repositories.

Bug bounty and penetration testing

Bugcrowd
Ingest bug bounty program and penetration testing findings from Bugcrowd to get a unified view of application risks across tools and processes.
HackerOne
Ingest bug bounty program and penetration testing findings from HackerOne to get a unified view of application risks across tools and processes.

Manual Findings Entry

Manual Findings Entry
Manually input, view, and manage findings from sources like penetration testing and compliance audits directly on the platform.

REST API

REST API
Use the REST API to integrate security tools not yet covered by built-in connectors. Ingest any type of finding – across SCA, SAST, DAST, API Security, Secrets, Containers, IaC, Host and more – for complete visibility in a single platform.

Registry

JFrog
Connect your JFrog package registry to Apiiro, to examine packages in your artifactory and calculate an accurate dependency inventory and relationships.
Sonatype Nexus Repository
Connect your Sonatype Nexus Repository artifact registry to Apiiro to get a deduplicated unified inventory of your artifacts.

Kubernetes clusters

Azure
Connect Azure API Management to bring valuable runtime cluster context for prioritization, mapping the exposure path of risks, and more.
AWS
Connect your AWS EKS environment to bring valuable runtime cluster context for prioritization, mapping the exposure path of risks, and more.
GKE
Connect Google Cloud Platform to bring valuable runtime cluster context for prioritization, mapping the exposure path of risks, and more.
Wiz →
Apiiro’s Wiz integration enables us to bring in valuable context from your runtime cluster context for prioritization, mapping the exposure path of risks, and more.

API gateways

Azure
Integrate Azure API Management as a supplementary connector to API Security connectors, enhancing API routing information. This aids in matching APIs to their respective endpoints, providing valuable runtime cluster context for improved prioritization and mapping of exposure paths for potential risks.
AWS
Integrate AWS API Management as a supplementary connector to API Security connectors, enhancing API routing information. This aids in matching APIs to their respective endpoints, providing valuable runtime cluster context for improved prioritization and mapping of exposure paths for potential risks.
Spring API Gateway
Integrate Spring API Management as a supplementary connector to API Security connectors, enhancing API routing information. This aids in matching APIs to their respective endpoints, providing valuable runtime cluster context for improved prioritization and mapping of exposure paths for potential risks.
Tyk
Integrate Tyk API Management as a supplementary connector to API Security connectors, enhancing API routing information. This aids in matching APIs to their respective endpoints, providing valuable runtime cluster context for improved prioritization and mapping of exposure paths for potential risks.

Identity management systems

Azure AD
Enable SAML and OpenID Connect (OIDC) SSO with Azure Active Directory.
Okta
Enable SAML and OpenID Connect (OIDC) SSO with Okta.

SIEM tools

Splunk
Send audit logs from Apiiro to your Splunk environment instances.

Security training platforms

Secure Code Warrior →
Integrate with Secure Code Warrior to deliver developer-specific, hyper-relevant trainings based on CWE and coding language.

Pipeline security

Jenkins
Get visibility into your Jenkins pipelines, including installed plugins and their associated vulnerabilities.
GitHub Actions
Gain insights into your GitHub Actions pipelines, enrich them with code context, and scan for vulnerabilities and misconfigurations.

Service catalog

Backstage
Connect to your Backstage instance to continuously ingest assets such as Systems/Domains/Groups and provision them as Apiiro assets, enrich them with Backstage sourced metadata, and link them to the managed Repositories based on matching.
SHINE

Apiiro Integrations Program

Apiiro is committed to Seamlessly connecting with the tools security and development teams rely on, providing customers with Holistic, Interconnected, and Vendor-Neutral visibility, Enriched with Apiiro’s deep context.

See all integrations
PROGRAM PRINCIPLES

SHINE with Apiiro

Apiiro integrates across stacks—from application security testing and cloud security tools to development and communication tools—fostering a collaborative environment where all stakeholders in the application development process can access and utilize critical security insights.

Seamless

We are committed to making it seamless for both our customers and our partners to integrate everything and anything into Apiiro with minimal permissions and easy-to-follow documentation.

Holistic

As part of our ASPM mission, Apiiro provides a holistic view across all integrations with accurate matching, normalization, and deduplication across tools and processes from code to runtime.

Interconnected

To provide a truly interconnected experience, we ensure that our integrations are not siloed, but are connected to one another and mapped across the development lifecycle.

Vendor-Neutral

With dozens of existing integrations and dozens more in the works, Apiiro is open to integrating with any and all tools, big and small to ensure our customers’ stacks are fully covered.

Enriched

Apiiro goes beyond shallow ingestion and alerting to enrich security findings with the insights and context needed for risk-based prioritization and seamless remediations.

SHINE INTEGRATION PARTNERS

Integrated with the tools security and development teams rely on

Explore our integrations across security and development stacks, from code to runtime.

Get in touch to SHINE with Apiiro

Join the program