Skip to main content

Conviso AST

Introduction

Scan and protect your codebase with Conviso AST, a combination of open source scanners for SAST, SCA, Secrets Detection and IaC.

At Conviso, we believe that AppSec goes beyond security tools, and we offer a comprehensive approach that includes consulting, training, and support services.

Objective

With Conviso AST, you can analyze your source code and consolidate the results in Conviso Platform Vulnerability management module. We have selected the best open source security scan tools and unified them in one single engine that aggregates and dedup results.

SAST

Currently we support the following languages:

  • Android: Qark
  • Angular: ESlint
  • Apex: pmd
  • C/C++: check
  • .NET: Devskim
  • Elixir: Sobelow
  • GO Gosec
  • iOS: grapper
  • Java: pmd
  • Kotlin: Semgrep
  • Node: njsscan
  • PHP: rips, progpilot
  • Python: bandit, dlint
  • Typescript: tslint

SCA

Conviso AST also analyzes the dependencies of your application and identifies vulnerable ones that need to be updated. For SCA, Conviso AST uses OSV Scanner.

IaC

We also support infrastructure as a code security scans to identify possible security problems in different types of technolgies as Terraform, Ansible, Kubernetes, and many more. For IaC, Conviso AST uses Checkov.

Secrets Detection

Start checking for exposed credentials, api keys or tokens in your source code. For Secret Detection, Conviso AST uses Gitleaks

How to use Conviso AST?

Scan directly from your terminal with Conviso CLI and combine other capabilities such as:

  • Set policies to block the pipeline depending on different criteria;
  • Send diff versions of your source code application to later be reviewed by your own security team or - Conviso's (when subscribed to our professional services license).
  • Auto-close open vulnerabilities on the platform that are no longer identified during its execution, and can reopen them if they were closed but identified later.

Conviso AST integrates with all the major CI/CD tools in the market, whether on Github Actions, Gitlab, Jenkins, and many others; discover our integrations here.

The analysis results are sent to Conviso Platform, where you can view, prioritize and fix the vulnerabilities found using our Vulnerability Management feature.

Support

Should you have any questions or require assistance while using the Conviso Application Security Testing, feel free to contact our dedicated support team.

Resources

By exploring our comprehensive content, you’ll discover resources that will enhance your understanding of AppSec.

Securing customers CI/CD pipelines using Conviso CLI: This article presents the possibilities of using the Conviso CLI for your CI/CD pipeline.

Discover Conviso Platform!