Conviso AST
Introduction​
Scan and protect your codebase with Conviso AST, a combination of open source scanners for SAST, SCA, Secrets Detection and IaC.
Objective​
With Conviso AST, you can analyze your source code and consolidate the results in Conviso Platform Vulnerability management module. We have selected the best open source security scan tools and unified them in one single engine that aggregates and dedup results.
SAST​
Currently we support the following languages:
- Android: Qark
- Angular: ESlint
- Apex: pmd
- C/C++: check
- .NET: Devskim
- Elixir: Sobelow
- GO Gosec
- iOS: grapper
- Java: pmd
- Kotlin: Semgrep
- Node: njsscan
- PHP: rips, progpilot
- Python: bandit, dlint
- Typescript: tslint
SCA​
Conviso AST also analyzes the dependencies of your application and identifies vulnerable ones that need to be updated. For SCA, Conviso AST uses OSV Scanner.
IaC​
We also support infrastructure as a code security scans to identify possible security problems in different types of technolgies as Terraform, Ansible, Kubernetes, and many more. For IaC, Conviso AST uses Checkov.
Secrets Detection​
Start checking for exposed credentials, api keys or tokens in your source code. For Secret Detection, Conviso AST uses Gitleaks
How to use Conviso AST?​
Scan directly from your terminal with Conviso CLI and combine other capabilities such as:
- Set policies to block the pipeline depending on different criteria;
- Send diff versions of your source code application to later be reviewed by your own security team or - Conviso's (when subscribed to our professional services license).
- Auto-close open vulnerabilities on the platform that are no longer identified during its execution, and can reopen them if they were closed but identified later.
Conviso AST integrates with all the major CI/CD tools in the market, whether on Github Actions, Gitlab, Jenkins, and many others; discover our integrations here.
The analysis results are sent to Conviso Platform, where you can view, prioritize and fix the vulnerabilities found using our Vulnerabilities feature.
How to fix a vulnerability with Conviso AST?​
Conviso AST can automatically detect when a vulnerability in the Conviso Platform has been fixed and update its status. After correcting a vulnerability in your code, rerun the Conviso scan, making sure to use the following command:
conviso ast run --vulnerability-auto-close
By using this feature, the vulnerability status will be automatically updated. You will see a message indicating that the tool has identified the vulnerability as fixed.
Support​
Should you have any questions or require assistance while using the Conviso Application Security Testing, feel free to contact our dedicated support team.
Resources​
By exploring our comprehensive content, you’ll discover resources that will enhance your understanding of AppSec.
Securing customers CI/CD pipelines using Conviso CLI: This article presents the possibilities of using the Conviso CLI for your CI/CD pipeline.
