Conviso Platform Docs - An ASPM Platform
Conviso Platform is a comprehensive solution for Application Security Posture Management (ASPM), designed to empower development teams in building secure applications from the outset. The platform provides a detailed view of the entire application security ecosystem, encompassing threat modeling, risk and vulnerability identification, remediation, and metrics gathering, all integrated within a single environment. This process supports teams in structuring application security programs in a continuous and efficient manner.
With features ranging from security analysis to integration with external tools, Conviso Platform adapts to development workflows, enabling security practices to be seamlessly and sustainably embedded. In this way, the platform fosters a security-driven culture integrated into the development lifecycle and across all teams involved.
By centralizing and correlating security information, Conviso Platform offers a holistic view of an application's security posture, helping to anticipate potential risks with business impact. Thus, development professionals are equipped with the tools and insights needed to plan, build, and deliver secure software with agility, confidence, and consistency.Â
Getting Started with Conviso Platform​
- Quickstart - Get started with the Conviso Platform in your organization.
- Platform - Explore the main features and tools within Conviso Platform.
Integrate with Conviso Platform​
Explore our integration options to connect Conviso Platform with your CI/CD pipelines, defect tracking, notifications, and more:
- Integrations for CI/CD - Adopt incremental CI/CD integration with Conviso Platform to automate analysis and enhance team insights.
- Integrations for Defect Tracking - Integrate Conviso Platform with your Defect Tracker to streamline defect management, enhancing workflow and team collaboration.
- Notification Integrations - Integrate with a communication tool to send platform events, including vulnerability updates, directly to your team’s designated channel.
- Scanner Integrations - Integrate external scanners with Conviso Platform to centralize findings, providing a unified view for effective vulnerability management across tools.
- Identity Management - Set up Single Sign-On (SSO) to allow your developers and teams easy access to Conviso Platform through your current SSO provider.
- API - Access Conviso Platform's GraphQL API documentation to seamlessly interact with our services, retrieve data, and integrate security workflows into your development process.
Scan using Conviso Platform​
Learn how to use Conviso’s scanning features to protect your code, libraries, infrastructure, and secrets:
- Scan with Conviso AST - Scan application source code, open-source libraries, and more.
- Scan with Conviso DAST - Dynamic analysis to detect vulnerabilities during runtime.
- Generate Conviso SBOM - Automatically produce a Software Bill of Materials for your applications.
- Conviso Security Gate - Secure your CI/CD pipeline with enhanced control and oversight on security checks.
- Conviso CLI - Command-line tool enabling seamless integration with Security Gate, AST execution, and vulnerability import from SARIF files, enhancing automation and security in development workflows.
Resources​
By exploring our content, you'll find resources that will enhance your understanding of the importance of a Security Application Program.
Conviso Blog: Explore our blog, which offers a collection of articles and posts covering a wide range of AppSec topics. The content on the blog is primarily in English.
Conviso's YouTube Channel: Access a wealth of informative videos covering various topics related to AppSec. Please note that the content is primarily in Portuguese.
AppSec to Go - Conviso's Podcast on AppSec: Tune in to our podcast, where we discuss AppSec-related subjects, providing valuable insights and discussions. The podcast is conducted in Portuguese.