Importing the scan results of a SARIF file

Introduction

The Conviso CLI allows you to import results from a SARIF file, such as Trivy or Semgrep, to a project in your account on the Conviso Platform. This can be useful for tracking and managing security vulnerabilities and other issues found by scanning tools.

Prerequisites

To successfully run conviso findings command you need to authenticate with the API Key. You can export it as shown below:

export CONVISO_API_KEY='<YOUR_CONVISO_API_KEY>'

Usage

To perform this action, simply execute the conviso findings import-sarif command in the terminal:

conviso findings import-sarif --input-file {path/to/file.sarif} --company-id {companyId} --asset-name {assetName}

Options

Option	Description
-i, --input-file PATH	The path to SARIF file. (required)
-c, --company-id	Your Conviso Company ID. (required)
--asset-name	Your Conviso Asset Name. (required)

note

If an asset with the specified asset name already exists in the Conviso Platform, the vulnerabilities from the SARIF file will be assigned to that asset. If it does not exist, a new asset will be created with the given asset name, and the vulnerabilities will be associated with it.

When everything goes well, you will receive the following message in the terminal:

The results were successfully imported!

The identified vulnerabilities will be automatically sent to your Project on Conviso Platform, now you can use the Vulnerabilities resource to work on the correction flow.

Video Tutorial in Portuguese

To see the tool working in practice, we recommend watching this video:

Support​

If you have any questions or need help using our product, please don't hesitate to contact our support team.

Resources​

By exploring our content you'll find resources to help you:

What is SARIF and how it could revolutionize software security: SARIF can help improve transparency and collaboration in the security software industry, allowing companies to share information and work together to identify and solve common security issues.