SHINE

Apiiro Integrations Program

Apiiro is committed to Seamlessly connecting with the tools security and development teams rely on, providing customers with Holistic, Interconnected, and Vendor-Neutral visibility, Enriched with Apiiro’s deep context.

See all integrations
PROGRAM PRINCIPLES

SHINE with Apiiro

Apiiro integrates across stacks—from application security testing and cloud security tools to development and communication tools—fostering a collaborative environment where all stakeholders in the application development process can access and utilize critical security insights.

Seamless

We are committed to making it seamless for both our customers and our partners to integrate everything and anything into Apiiro with minimal permissions and easy-to-follow documentation.

Holistic

As part of our ASPM mission, Apiiro provides a holistic view across all integrations with accurate matching, normalization, and deduplication across tools and processes from code to runtime.

Interconnected

To provide a truly interconnected experience, we ensure that our integrations are not siloed, but are connected to one another and mapped across the development lifecycle.

Vendor-Neutral

With dozens of existing integrations and dozens more in the works, Apiiro is open to integrating with any and all tools, big and small to ensure our customers’ stacks are fully covered.

Enriched

Apiiro goes beyond shallow ingestion and alerting to enrich security findings with the insights and context needed for risk-based prioritization and seamless remediations.

SHINE INTEGRATION PARTNERS

Integrated with the tools security and development teams rely on

Explore our integrations across security and development stacks, from code to runtime.

Source control management (SCM) systems

Azure DevOps
Connect Azure Repos to retroactively and continuously analyze code changes, build a complete application inventory, and comment on or block pull requests when risks are identified.
Bitbucket
Connect your Bitbucket repositories to retroactively and continuously analyze code changes, build a complete application inventory, and comment on or block pull requests when risks are identified.
GitHub
Connect your GitHub.com or GitHub Enterprise repositories to retroactively and continuously analyze code changes, build a complete application and software supply chain inventory, and comment on or block pull requests when risks are identified.
GitLab
Connect your GitLab repositories to retroactively and continuously analyze code changes, build a complete application and software supply chain inventory, and comment on or block merge requests when new risks are identified.
Perforce
Connect your Perforce repositories to retroactively and continuously analyze code changes, build a complete application inventory, and comment on or block pull requests when risks are identified.
Git “vanilla”
Connect your “Vanilla” Git repositories to retroactively and continuously analyze code changes, build a complete application inventory, and comment on or block pull requests when risks are identified.

Ticketing systems

Azure DevOps
Analyze Azure DevOps issues and automatically create and assign issues for triggering security code reviews and remediations.
GitHub
Analyze GitHub Issues and automatically create and assign issues for triggering security code reviews and remediations.
GitLab
Analyze GitLab issues and automatically create and assign issues for triggering security code reviews and remediations.
Jira
Analyze Jira tickets and automatically create and assign issues for triggering security code reviews and remediations.
ServiceNow →
ServiceNow Application Vulnerability Response (AVR) customers can push Apiiro risks to ServiceNow for unified and streamlined risk management across your entire organization.

Communication tools

Slack
Automatically send alerts to Slack channels to trigger security code reviews, remediations, and more.
Teams
Automatically send alerts to Teams channels to trigger security code reviews, remediations, and more.
Google Chat
Automatically send alerts to Google Chat Spaces to trigger security code reviews, remediations, and more.

SCA tools

Black Duck
Ingest and enrich Black Duck Software Composition Analysis findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
GitHub
Ingest and enrich GitHub Dependabot findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
GitLab
Ingest and enrich GitLab Dependency Scanning findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Mend.io
Ingest and enrich Mend.io SCA findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Semgrep Pro
Ingest and enrich Semgrep Pro Supply Chain findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Snyk
Ingest and enrich Snyk SCA findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Sonatype
Ingest and enrich Sonatype findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined remediations, and more.

SAST tools

Checkmarx
Ingest and enrich Checkmarx SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Fortify
Ingest and enrich Fortify SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
GitHub
Ingest and enrich CodeQL findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
GitLab
Ingest and enrich GitLab SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Polaris
Ingest and enrich Polaris SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Semgrep Pro
Ingest and enrich Semgrep Pro SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Snyk
Enrich Snyk Code (SAST) findings, connecting risks to their supply chain and cloud context, and prioritize based on likelihood and impact.
SonarCloud
Ingest and enrich SonarCloud SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
SonarQube
Ingest and enrich SonarQube SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Veracode
Ingest and enrich Veracode SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
Qwiet AI
Ingest and enrich QwietAI (formerly ShiftLeft) SAST findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.

Host security

Rapid7
Ingest your runtime vulnerability findings from Rapid7 to get a single pane of glass of all your vulnerabilities from code to runtime.
Tenable
Ingest your runtime infrastructure findings from Tenable to get a single pane of glass of all your vulnerabilities from code to runtime.

Secrets security tools

GitHub
Ingest and enrich secrets detected by GitHub for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.
GitLab
Ingest and enrich secrets detected by GitLab for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.

Runtime API security tools

Akamai →
Ingest runtime findings from Akamai API Security to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.

DAST tools

Invicti
Ingest Invicti DAST findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Qualys
Ingest Qualys DAST findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Burp Suite Enterprise
Ingest Burp Suite Enterprise DAST findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Akamai API Security
Ingest Akamai API Security Active Testing findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
GitLab DAST
Ingest GitLab DAST findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.

Cloud security tools

Wiz →
Ingest cloud security findings from Wiz to get a single pane of glass of all your vulnerabilities from code to runtime.

Container security tools

JFrog
Ingest JFrog Xray findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Snyk
Ingest Snyk Container findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Orca Security
Ingest Orca container vulnerability findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Prisma Cloud
Ingest Prisma Twistlock container vulnerability findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Crowdstrike
Ingest and enrich Crowdstrike container vulnerability findings to tie them to their root cause in code, code owners and teams, and associated risks for faster remediations.
Wiz →
Ingest and enrich Wiz container vulnerability findings for correlation, deduplication, risk-based prioritization, testing coverage mapping, streamlined governance, and more.

Threat modeling

SD Elements
Ingest and manage tasks generated from the threat modeling process, and prioritize them by automatically linking projects to repositories.

Bug bounty and penetration testing

Bugcrowd
Ingest bug bounty program and penetration testing findings from Bugcrowd to get a unified view of application risks across tools and processes.
HackerOne
Ingest bug bounty program and penetration testing findings from HackerOne to get a unified view of application risks across tools and processes.

Manual Findings Entry

Manual Findings Entry
Manually input, view, and manage findings from sources like penetration testing and compliance audits directly on the platform.

REST API

REST API
Integrate Any Security Tool with Apiiro via REST API to ingest any type of finding. Upload data from any security tool into Apiiro, even if it lacks a built-in integration! Seamlessly add findings like container vulnerabilities, SCA, DAST, SAST, and secrets for full visibility.

Registry

JFrog
Connect your JFrog package registry to Apiiro, to examine packages in your artifactory and calculate an accurate dependency inventory and relationships.

Kubernetes clusters

Azure
Connect Azure API Management to bring valuable runtime cluster context for prioritization, mapping the exposure path of risks, and more.
AWS
Connect your AWS EKS environment to bring valuable runtime cluster context for prioritization, mapping the exposure path of risks, and more.
GKE
Connect Google Cloud Platform to bring valuable runtime cluster context for prioritization, mapping the exposure path of risks, and more.
Wiz →
Apiiro’s Wiz integration enables us to bring in valuable context from your runtime cluster context for prioritization, mapping the exposure path of risks, and more.

API gateways

Azure
Integrate Azure API Management as a supplementary connector to API Security connectors, enhancing API routing information. This aids in matching APIs to their respective endpoints, providing valuable runtime cluster context for improved prioritization and mapping of exposure paths for potential risks.
AWS
Integrate AWS API Management as a supplementary connector to API Security connectors, enhancing API routing information. This aids in matching APIs to their respective endpoints, providing valuable runtime cluster context for improved prioritization and mapping of exposure paths for potential risks.
Spring API Gateway
Integrate Spring API Management as a supplementary connector to API Security connectors, enhancing API routing information. This aids in matching APIs to their respective endpoints, providing valuable runtime cluster context for improved prioritization and mapping of exposure paths for potential risks.
Tyk
Integrate Tyk API Management as a supplementary connector to API Security connectors, enhancing API routing information. This aids in matching APIs to their respective endpoints, providing valuable runtime cluster context for improved prioritization and mapping of exposure paths for potential risks.

Identity management systems

Azure AD
Enable SAML and OpenID Connect (OIDC) SSO with Azure Active Directory.
Okta
Enable SAML and OpenID Connect (OIDC) SSO with Okta.

SIEM tools

Splunk
Send audit logs from Apiiro to your Splunk environment instances.

Security training platforms

Secure Code Warrior →
Integrate with Secure Code Warrior to deliver developer-specific, hyper-relevant trainings based on CWE and coding language.

Pipeline security

Jenkins
Get visibility into your Jenkins pipelines, including installed plugins and their associated vulnerabilities.
GitHub Actions
Gain insights into your GitHub Actions pipelines, enrich them with code context, and scan for vulnerabilities and misconfigurations.

Service catalog

Backstage
Connect to your Backstage instance to continuously ingest assets such as Systems/Domains/Groups and provision them as Apiiro assets, enrich them with Backstage sourced metadata, and link them to the managed Repositories based on matching.

Get in touch to SHINE with Apiiro

Join the program