Integrations
Integrate with everything. Enrich everything with deep context from the Apiiro Data Fabric. 100+ integrations across your security, development and IT stack.
Seamless
One view across all integrations: automatic and accurate matching, normalization, and deduplication from code to runtime.
Neutral
Apiiro doesn't just ingest findings - it connects every integration and signal across the agentic development lifecycle, then enriches each one with deep context for risk-based prioritization, prevention and AutoFix.
Data Fabric
Let's SHINE together
Ingest any finding type via REST API: SCA, SAST, DAST, API security, secrets, containers, IaC, host, and more. Or join SHINE and build the connector with us.
Integrate anything into the Apiiro Data Fabric via API, with least-privilege access, a guided product flow, and AI agent-ready instructions.
Five principles. One brighter ecosystem. This is how we help customers SHINE.
Data Fabric
Enriched
Integrate with everything. Enrich everything with deep context from the Apiiro Data Fabric. 100+ integrations across your security, development and IT stack.
Vendor-neutral. Any tool: enterprise, open source, or custom. Bring every signal into the Data Fabric so your entire stack is covered.
Never siloed. Every integration and signal is connected, correlated, and mapped across the agentic development lifecycle.
Interconnected
Holistic
Integrations
Don't see your tool?
Beyond shallow ingestion: every signal enriched with context for risk-based prioritization, prevention and AutoFix.
Integration catalog
Coding agents
Guardrails for AI-generated code: detect and fix risks as agents write it.
- Cursor
- Claude
- Codex
- Gemini CLI
- GitHub Copilot
- Amazon Q Developer
SCM
Continuously analyze code changes, build a complete application inventory, and comment on or block pull requests on risk.
- GitHub
- GitLab
- Azure DevOps
- Bitbucket
- Perforce
- Git "vanilla"
Ticketing
Automatically create and assign issues to trigger security code reviews and remediations.
- Jira
- ServiceNow
- Azure DevOps
- GitHub
- GitLab
Communication
Send alerts to channels to trigger security code reviews, remediations, and more.
- Slack
- Microsoft Teams
- Google Chat
SCA
Ingest and enrich SCA findings: correlation, deduplication, risk-based prioritization, coverage mapping, governance.
- Snyk
- Black Duck
- Mend.io
- Sonatype
- Semgrep Pro
- GitHub Dependabot
- GitLab
- Veracode
- Checkmarx One
- GHAS for Azure DevOps
SAST
Ingest and enrich SAST findings: correlation, deduplication, risk-based prioritization, coverage mapping, governance.
- Checkmarx
- Checkmarx One
- Veracode
- Snyk Code
- Semgrep Pro
- GitHub CodeQL
- GitLab
- SonarQube
- SonarCloud
- Fortify on Demand
- Fortify SSC
- Polaris SaaS
- Qwiet AI
- HCL AppScan
- GHAS for Azure DevOps
Secrets
Ingest and enrich detected secrets: correlation, deduplication, risk-based prioritization, governance.
- GitGuardian
- GitHub
- GitLab
- GHAS for Azure DevOps
Runtime API Security
Ingest endpoint inventory and API findings, tied to root cause in code, code owners, and associated risks.
- Akamai
- Salt Security
- Traceable
DAST
Ingest DAST findings, tied to their root cause in code, code owners, and associated risks.
- Akamai API Security
- Burp Suite Enterprise
- Invicti Netsparker
- Qualys WAS
- GitLab DAST
- WhiteHat Dynamic
- OpenText DAST (Fortify)
Host Security
Ingest runtime infrastructure findings for a single pane of glass from code to runtime.
- Tenable
- Dynatrace
Pipeline Security
Ingest pipeline posture and enforce risk-based guardrails in every CI/CD run.
- Jenkins
- GitHub Actions
Containers
Ingest container vulnerability findings, tied to root cause in code, code owners, and associated risks.
- JFrog
- Wiz
- CrowdStrike
- Prisma Cloud
- Orca Security
- Snyk Container
- JFrog Xray
- AWS Inspector
Registry
Artifact registry risk tied to component origins and supply chain context.
- Sonatype Nexus
- JFrog Artifactory
SIEM
AppSec events and risk signals streamed to your SIEM for unified visibility.
- Splunk
Bug Bounty & Pentest
Bug bounty and pentest findings mapped to code owners and associated risks.
- HackerOne
- Bugcrowd
- Manual Findings
Identity
Identity context enriching risk-based prioritization across the development lifecycle.
- Okta
- Azure AD
Service Catalog
Sync your service catalog for complete application and ownership context.
- Backstage
Kubernetes
Bring runtime cluster context for prioritization and mapping the exposure path of risks.
- Google Cloud
- Kubernetes
- AWS EKS
- Azure AKS
- Google GKE
- Wiz
Package Managers
Package manager intelligence for accurate SCA matching and supply chain context.
- npm
- yarn
- PyPI
- Maven
- Gradle
- NuGet
- RubyGems
- CocoaPods
- Swift
- Go
- Rust
- Composer
- GoMod
- Cargo
- SPM
MAST
Ingest mobile AST findings for a single pane of glass from code to runtime.
- NowSecure
Cloud Security
Ingest cloud security findings for a single pane of glass from code to runtime.
- Wiz
Threat Modeling
Ingest and prioritize threat modeling tasks, auto-linked from projects to repositories.
- SD Elements
API Gateways
Enhance API routing information to match APIs to endpoints and map exposure paths.
- AWS API Gateway
- Azure API Management
- Spring API Gateway
- Tyk
Training
Developer-specific, hyper-relevant secure code training based on CWE and language.
- Secure Code Warrior
Vulnerability Intel
Vulnerability intelligence source powering detection and exploitability context.
- NVD
- GHSA
- CISA KEV
- FIRST
- Vulners
- deps.dev
- OSV
- Go Vulnerability DB
REST API
Ingest any finding type: SCA, SAST, DAST, API, secrets, containers, IaC, host, and more.
- REST API