Integrations Overview

Click the Integrations icon in the navigation bar to open the Integrations page.



The default view lists all the currently configured integration tools.

  • Use the menu on the left to display supported tools arranged by tool type.
  • Select All to display all the analysis tools, integration tools, IDEs, issue tracking systems, plugins, and version control tools supported by SRM.
  • Select Configured to display all the currently configured integration tools.
  • Enter a search term in the Search Integrations field to search for a specific tool.

Integration Tool Types

SRM supports the following types. (Click the link for additional information.)

Analysis Tools

SRM supports the following Analysis Tools:

  • 42Crunch
  • Acunetix (XML)
  • Anchore (JSON)
  • Android Lint (XML)
  • APIsec
  • AppScan DAST (XML)
  • AppScan Enterprise
  • AppScan Source (OZASMT)
  • AppSpider (XML)
  • Aqua Enterprise
  • Arachni (JSON and XML)
  • ASoC (XML)
  • AWS Security Hub (JSON)
  • Azure Security Center (CSV)
  • Synopsys Black Duck
  • Synopsys Black Duck Binary Analysis (CSV and JSON)
  • Brakeman (JSON and ZIP of JSON outputs) (Built-in tool)
  • Burp Enterprise
  • Burp Suite (XML)
  • C++test (XML)
  • CAT.NET (XML) (Built-in tool)
  • Checkmarx (XML)
  • Checkmarx IAST
  • Checkmarx One
  • Checkstyle (XML) (Built-in tool)
  • Clang (ZIP of HTML outputs)
  • Clang-Tidy (TXT: console log)
  • Clippy (JSON and ZIP of JSON outputs) (Built-in tool)
  • CodePeer (CSV)
  • CodeSecure (XML)
  • CodeSonar (CodeSonar-Scrape ZIP)
  • Contrast
  • Synopsys Coverity (JSON v8+)
  • Synopsys Coverity on Polaris
  • Cppcheck (XML v2) (Built-in tool)
  • CycloneDX (JSON and XML)
  • Data Theorem Mobile
  • DefenseCode ThunderScan (JSON)
  • Synopsys Defensics Fuzz Test (XML: super-summary.xml)
  • Dependency-Check (XML) (Built-in tool)
  • Dependency-Track
  • dotTEST (XML)
  • Dynatrace
  • ErrCheck (TXT: console.log)
  • error-prone (TXT)
  • ESLint (JSON) (Built-in tool)
  • Faraday
  • Fortify (FPR)
  • Fortify Software Security Center
  • FxCop (XML and ZIP of XML outputs) (Built-in tool)
  • Gendarme (XML) (Built-in tool)
  • GitHub Advanced Security
  • GitLab Security (JSON)
  • GoCyclo (TXT: console log)
  • GoLint (TXT: console log)
  • GoSec (JSON)
  • Grype (JSON)
  • Hacker One
  • Harbor (JSON and CSV)
  • Helix PRQA-QAC (CSV)
  • Imperva
  • IneffAssign (TXT: console log)
  • Inviciti (XML)
  • Inviciti Enterprise (XML: Vulnerabilities List)
  • IriusRisk
  • JFrog Xray (JSON)
  • Jlint (TXT)
  • JSHint (TXT) (Built-in tool)
  • Jtest (TXT) (Built-in tool)
  • Mend SCA
  • Microsoft Defender For Cloud
  • Microsoft Code Analysis (TXT: MSBuild log and TSV: errors table)
  • Microsoft Threat Model (HTM and TM7)
  • MobSF (JSON: Generate JSON Report endpoint)
  • MobSF Scan (JSON)
  • NDepend (XML)
  • Nessus (NESSUS)
  • NeuVector
  • Nmap (XML)
  • NowSecure
  • NowSecure Workstation (JSON and ZIP of JSON outputs)
  • OCLint (XML)
  • Orca Security
  • PHP_CodeSniffer (XML) (Built-in tool)
  • PHPMD (XML) (Built-in tool)
  • PMD (XML) (Built-in tool)
  • Synopsys Polaris
  • Prisma Cloud (RedLock) (CSV and JSON: List Alerts V1 endpoint)
  • Prisma Cloud Compute (Twistlock) (CSV and JSON)
  • Pylint (JSON and ZIP of JSON outputs)
  • Q-MAST
  • Qualys CS (CSV)
  • Qualys VM (XML)
  • Qualys VMDR
  • Qualys WAS
  • Synopsys Rapid Scan SAST (JSON)
  • Rapid7 InsightAppSec
  • Rapid7 Nexpose (XML)
  • SafeSQL (TXT: console log)
  • SARIF (JSON v2.1.0)
  • SATE (XML)
  • Scalastyle (XML) (Built-in tool)
  • SCAP (XML)
  • SciTools Understand (CSV)
  • SD Elements
  • Synopsys Seeker
  • Semgrep (JSON)
  • Snyk (JSON)
  • SonarQube
  • Sonatype Nexus
  • SPDX (JSON and SPDX)
  • SpotBugs (XML) (Built-in tool)
  • Synopsys SRM Custom Integration (XML)
  • Staticcheck (JSON)
  • SWAMP (XML)
  • Synopsys Managed Services Platform (XML)
  • Tenable.io
  • Tenable.io Web App Scanning
  • Tenable.sc
  • Synopsys Tinfoil API
  • Synopsys Tinfoil Web
  • Trivy (JSON: container image results)
  • TruffleHog (JSON)
  • Trustwave App Scanner
  • Veracode (XML and ZIP)
  • Vet (JSON)
  • WebInspect (XML)
  • Synopsys WhiteHat
  • Wiz
  • WPScan (JSON)
  • ZAP (XML)
  • ZPA (JSON) (Built-in tool)

Continuous Integration

SRM supports the following CI tools (click the link for more information):

Integrated Development Environments

SRM supports the following IDEs (click the link for more information):

Issue Tracking

SRM supports the following issue tracking tools (click the link for more information):

Plugins

SRM supports the following plugins (click the link for more information):

Source Code Management

SRM supports the following SCM systems (click the link for more information):