-
Notifications
You must be signed in to change notification settings - Fork 65
Home
SecHub enables the operation and integration of various security tools with one central API in a development environment.
SecHub server orchestrates different security tools by one API layer. Users call SecHub Server but nor security tools directly, so projects / build pipelines do not need to implement different plugins etc. but just one single API. Also no plugin is necessary: SecHub client - written in go - is able to scan synchronous and break a build pipeline when necessary. The client can be easily integrated in every build system!
-
easily integrate security tools
-
centralize your security infrastructure
-
switch between or combine different tools
-
mitigate affects to your projects
-
by just one single JSON file
-
Inside a JSON file security setup is defined (e.g. code scan, infra scan, web scan,…)
-
REST API or small native client (which is more convenient) is used to create a SecHub job
-
SecHub Job execution can be done
-
synchronous (break build on problems) or
-
asynchronous (does not break build)
-
-
Overview reports with listed vulnerabilities can be downloaded in JSON or HTML output format.
-
Exact details are still provided by tools, but can be easily access by SecHub reports with included links
-
Server manages different SecHub Jobs
-
A job belongs to a SecHub project
-
A job can only be triggered by an user being a member of a project
-
A project has a whitelist of URLs/IPs - so accidently scanning of other IPs/URLs is not possible…
-
Depending on the JSON configuration different product executors are started
-
The product executor communicates with a security product by a dedicated product adapter.
-
The product results are collected by SERECO (SecHub report collector)
Please refer to documentation wiki page
Please look at IDE-Integration