Release date: March 10th, 2023
This new version includes the ability to import results from external scanners that use SARIF format as their output and a simpler way to invite your team to Conviso Platform
- Increased productivity for developers;
- Less manual work;
- Aggregate results and manage vulnerabilities from different tools like Trivy, Semgrep, Conviso Scan tools and other tools supporting SARIF format;
- Bring your team to Conviso Platform and start embracing AppSec cultural change
With these enhancements, you can easily bring your team to the platform to manage and address vulnerabilities across different tools, saving time and effort while ensuring the security of your applications.
SARIF Support now available!
Developers can now automate the entire vulnerability management process within Conviso Platform by integrating it with tools that use SARIF as the output format. That means you can now focus on fixing vulnerabilities instead of doing manual work - our automation handles it for you! Configuring this feature with your preferred CI/CD tool is easy. Simply use our CLI and follow a few easy steps.
This is an example that shows how to run a Trivy scan an send the results to Conviso Platform using Github Actions:
name: Trivy Security Scan + Conviso importation
# In this example we are using Trivy, but you can change the Scanner to any who performs SARIF output
name: Trivy Scan
- name: Checkout code
- name: Run Trivy vulnerability scanner in repo mode
name: Importation SARIF results to Conviso Platform
- name: Checkout code
- name: Download result from previous scan
- name: SARIF Importation
conviso findings import-sarif --input-file results.sarif
Check our documentation to learn more and start making use of it!
A new, simpler and redesigned User Invitation process
We believe effective application security requires the whole team to participate and engage. From Developers, Security Champions, Security Analysts, Engineering Managers, CISOs to CTOs, all need to have the proper tools and information to make that culture shift to bring security to the entire software development life-cycle. That's why you can and should invite team members to Conviso Platform without any extra cost.
In this release, we are delivering a simpler experience and redefined design for both, in-app and email design.
Bring the whole team to Conviso Platform and start changing the Culture of Application Security in your company.
Keep updated on upcoming deliveries!
To have a better understanding about what's coming next on our platform, have a look at our Roadmap.