Supported Integrations

Listed down below are the third-party tools Ozone supports for security integrations.

TRIVY:

Trivy is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.

Targets (what Trivy can scan):

• Container Image

• Filesystem

• Git Repository (remote)

• Virtual Machine Image

• Kubernetes

• AWS

Scanners (what Trivy can find there):

• OS packages and software dependencies in use (SBOM)

• Known vulnerabilities (CVEs)

• IaC issues and misconfigurations

• Sensitive information and secrets

• Software licenses

Trivy supports the most popular programming languages, operating systems, and platforms. SonarQube: SonarQube is a self-managed, automatic code review tool that systematically helps you deliver Clean Code. SonarQube integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects. SonarQube analyses 30+ different languages and integrates them into your CI pipeline to ensure that your code meets high-quality standards.

SNYK:

Snyk is an open-source security platform designed to help software-driven businesses enhance developer security. Snyk's dependency scanner makes it the only solution that seamlessly and proactively finds, prioritizes, and fixes vulnerabilities and license violations in open-source dependencies and container images.

• Find and fix vulnerabilities in 5 minutes

• Snyk supports your favorite languages and seamlessly integrates with your tools, pipelines, and workflows.

• More than 85% of developers recommend Snyk thanks to its ease of use and the considerable amount of time it saves them during development.