Skip to main content
Version: 1.4

Security Tools

Viewing all connected security tools is available in the Integrations → Security Tools section. The functionality also allows adding new tools, editing, and deleting existing ones. Security Tools

Supported Security Tools

  • PT Application Inspector
  • Kaspersky Container Security
  • Solar AppScreener
  • Aqua
  • CodeScoring
  • Grype
  • KICS
  • OWASP Dependency Track
  • Trivy
  • Semgrep
  • ESLint
  • PVS-Studio
  • GitLab Advanced SAST
  • AppSec.Sting
  • SASTAV (v2.0.6)
info

For working with SASTAV

  • When authorizing during the setup of integration with SASTAV, it is necessary to use the SASTAV service account.
  • When working with SASTAV, unique repositories in projects are required. Therefore, in case of creating security checks with an identical scanning source in different projects, only one repository will be created in SASTAV, while in ASOC all scanning results will be formed within the established projects/security checks.

Connecting Security Tools

info

The set of minimum access rights for configuring security tools:

  • View tools
  • Manage tools For more details on setting up access rights, see Role Configuration.

To add a new security tool, follow these steps:

  1. In the Integrations → Security Tools section, click the Add Security Tool button
  2. Next, select the required security tool from the provided list of integrations.
  3. Fill in the fields:
    • Name
    • Description
  4. Depending on the tool, fill in additional fields:
    • Tool description
    • URL
    • Scan results language
    • Authentication method (optional at this stage)
      info

      Selecting an authentication method at this step is not mandatory, but without specifying an authentication method, you cannot test the connection to the tool. The fields to fill in may vary depending on the chosen authentication method.

  5. For authentication:
    • API Token: fill in the "API Token" field
    • Login/Password: fill in the "Login" and "Password" fields
    • None: If the None authentication method is selected, then scans will be unavailable, but the possibility of manually importing results will be available.
      note

      Additionally, some tools offer advanced configuration options that rely on data obtained through the tool integration. This includes information such as license validation details, tool-specific limitations, and the availability or unavailability of certain features. For the CodeScoring tool, existing authentication data can be utilized.

      caution

      When updating TRON.ASOC to version 1.3 and higher, it is necessary to reconfigure the integration with CodeScoring due to adaptations made for the new, non-backward compatible version CodeScoring 2025.29.3.

  6. Then click the Test Connection button (only available when an authentication method is specified)
  7. Click the Create button

Editing a Tool

To edit a tool, follow these steps:

  1. Click the edit button Edit in the tool row
  2. In the opened form, modify the necessary parameters Security Tools
  3. Click the Save button

Deleting a Tool

To delete a tool, follow these steps:

  1. Click the delete button Delete in the tool row

  2. In the opened window, confirm the deletion

    Security Tools

Integration Examples with Tools

Adding PT Application Inspector Tool

To add the tool to the platform, follow these steps:

  1. Navigate to the Integrations → Security Tools section
  2. Click the Add Security Tool button and select PT Application Inspector.
  3. Fill in the fields:
    • Integration Name - e.g., Inspector (name must be unique)
    • Description - for easy identification, e.g., Positive Inspector
  4. Configure connection parameters:
    • API URL - e.g., https://your.company.ptsecurity/api/v1
    • Scan results language
    • Authentication method (Login/Password, API Token or None)
      info

      The authentication method can be specified later when adding a security check

  5. Click the Test Connection button. If the fields are filled correctly, the test status should be successful. If the connection fails, check the correctness of the entered data and try again.
  6. Click the Save button

Adding Kaspersky Container Security (KCS) Tool

To add the tool, follow these steps:

  1. Navigate to the Integrations → Security Tools section
  2. Click the Add Security Tool button and select Kaspersky Container Security tool
  3. Fill in the required fields:
    • Name
    • Description
  4. Specify additional parameters:
    • URL: https://your.company.kcs/api/v1
    • Scan results language
    • Authentication method: API Token
      info

      The authentication method can be specified later when adding a security check

  5. Add the token in the API Token field
  6. Click the Test Connection button. If the fields are filled correctly, the test status should be successful. If the connection fails, check the correctness of the entered data and try again.
  7. Click the Save button