Skip to main content

Conviso AST

Introduction

Scan and protect your codebase with Conviso AST, a combination of open source scanners for SAST, SCA, Secrets Detection and IaC.

At Conviso, we believe that AppSec goes beyond security tools, and we offer a comprehensive approach that includes consulting, training, and support services.

Objective

With Conviso AST, you can analyze your source code and consolidate the results in Conviso Platform Vulnerability management module. We have selected the best open source security scan tools and unified them in one single engine that aggregates and dedup results.

SAST

Currently we support the following languages:

  • Android: Qark
  • Angular: ESlint
  • Apex: pmd
  • C/C++: check
  • .NET: Devskim
  • Elixir: Sobelow
  • GO Gosec
  • iOS: grapper
  • Java: pmd
  • Node: njsscan
  • PHP: rips, progpilot
  • Python: bandit, dlint
  • Typescript: tslint

SCA

Conviso AST also analyzes the dependencies of your application and identifies vulnerable ones that need to be updated. For SCA, Conviso AST uses OSV Scanner.

IaC

We also support infrastructure as a code security scans to identify possible security problems in different types of technolgies as Terraform, Ansible, Kubernetes, and many more. For IaC, Conviso AST uses Checkov.

Secrets Detection

Start checking for exposed credentials, api keys or tokens in your source code. For Secret Detection, Conviso AST uses Gitleaks

How to use Conviso AST?**

Scan directly from your terminal with the Conviso CLI; see the tutorial here.

You can also implement Conviso AST directly in your DevOps/DevSecOps pipeline, whether on Github Actions, Gitlab, Jenkins, and many others; discover our integrations here.

The analysis results are sent to Conviso Platform, where you can view, prioritize and fix the vulnerabilities found using our Vulnerability Management feature.

Support

Should you have any questions or require assistance while using the Conviso Application Security Testing, feel free to contact our dedicated support team.

Resources

By exploring our comprehensive content, you’ll discover resources that will enhance your understanding of AppSec.

Securing customers CI/CD pipelines using Conviso CLI: This article presents the possibilities of using the Conviso CLI for your CI/CD pipeline.

Discover Conviso Platform!