ImmuniWebIntegrations
DevSecOps, CI/CD and SDLC Integrations
ImmuniWeb® AI Platform provides a wide spectrum of seamless, one-click integrations with the most popular software developing tools, Web Application Firewalls, SIEMs and enterprise security systems to ensure agile vulnerability remediation.
Amazon LWA
Amazon’s Login-With-Amazon (LWA) is based on OAuth 2.0 for SSO with your Amazon account. Our integration with LWA enables our customers to leverage Amazon’s SSO solution to securely log in to the ImmuniWeb Platform. After registration, LWA’s SSO authentication can be activated on any Portal account belonging to your business and brings centralized management and timely revocation of access to the Platform when so is required.
Asana
Asama is a powerful project management and workplace content management system designed to assign, monitor the progress and automate internal workflows by efficient and productive dispatching of various tasks, including software development and bug fixing. Zooming from micro to macro level, Asana aptly organizes your workflows in such a manner that even enterprise-size teams are clear what to do, why it matters, and how to get it done in the optimum way. Our integration with Asana enables you to export any detected security vulnerabilities and misconfiguration in your web, mobile, and cloud infrastructures to Asana for rapid remediation by your software developers.
AWS Amazon Machine Image
An Amazon Machine Image (AMI) is a special type of virtual appliance that is used to create a virtual machine within the Amazon Elastic Compute Cloud ("EC2"). With ImmuniWeb's AMI you can quickly deploy a virtual machine, which allows penetration testing and/or vulnerability scanning of internally-hosted web applications and web services inaccessible from the Internet. The main and the sole role of ImmuniWeb AMI is to tunnel traffic between internally hosted web application(s) and ImmuniWeb infrastructure in a secure, reliable and encrypted manner.
Azure Pipelines
Azure Pipelines by Microsoft Azure automatically builds and tests your code projects hosted in any cloud environment or on‑premise, supporting Linux, macOS, and Windows environments, eventually designed to build web, desktop and mobile applications. It supports all the most popular programming languages and project types, as well as combines continuous integration (CI), continuous delivery (CD), and continuous testing (CT) to automatically build, test, and deliver your source code to any destination in a few minutes. Our certified extension on Microsoft Visual Studio Marketplace helps you to smoothly integrate our web application and API security, compliance and privacy testing into your Azure Pipeline to audit your code prior to deployment.
Azure Virtual Machine
Azure Community Image lets you create and use virtual machines in the cloud as Infrastructure as a Service. With Azure VM you can use an image provided by Azure itself, or any other third-party. Within Azure Community Gallery ImmuniWeb offers its own image, which can be easily mounted on your virtual machine, allowing penetration testing and/or vulnerability scanning of internally-hosted web applications and web services inaccessible from the Internet. The main and the sole role of ImmuniWeb image is to tunnel traffic between internally hosted web application(s) and ImmuniWeb infrastructure in a secure, reliable and encrypted manner.
Barracuda WAF
Barracuda Web Application Firewall (WAF) protects web applications, APIs, and mobile app backends against a variety of web-based attacks including the OWASP Top 10, some vectors of zero-day threats, data leaks and exposure of personal data, as well as application-layer denial of service (DoS) attacks. It also provides advanced features of smart load balancing, bad bot protection, security orchestration, and correlation of security events aimed at detecting coordinated attacks by sophisticated threat actors against your organization. Our technology alliance with Barracuda and the integration with Barracuda WAF allows you to export any detected web security vulnerabilities and API weaknesses in one click to your Barracuda WAF appliance to deploy a reliable virtual patching, enabling your software engineers to focus on top-priority tasks, instead of urgently patching the vulnerable source code.
Bugzilla
Bugzilla is a free bug-tracking system, offering a broad spectrum of enterprise-level features and functionalities. It allows your application developers and project managers to keep track of any software bugs, security problems, privacy and compliance issues, and other change requests in your enterprise software of any kind, such as web and mobile applications. Simple but powerful defect-tracking capabilities of Bugzilla significantly save time for your engineers and reduce the overall vulnerability remediation time. Our integration with Bugzilla provides a one-click web application and API vulnerabilities data export functionality, which enables you to swiftly dispatch and assign the necessary remediation tasks across your team and then track their process in a simple and reliable manner.
DefectDojo
DefectDojo by the OWASP project is a leading open-source vulnerability management correlation and security orchestration tool, designed to scale and accelerate application security management at organizations of any size. It can seamlessly track projects, developers, security and performance metrics, and tasks across different software teams, environments and applications. With DefectDojo, software engineers can easily set remediation deadlines, based on criticality of the findings, having access to easily manageable reports and reminders about impending deadlines. Our integration with DefectDojo allows software engineers to easily import security, privacy and compliance issues, detected by our award-winning web security scanning and application security testing products, to their dashboards for a risk-based and timely remediation.
F5 BIG-IP Advanced WAF
BIG-IP Advanced Web Application Firewall (WAF) by F5 reliably protects your apps, APIs, and data against the most prevalent cyber attacks and even from some zero-day vulnerabilities, application-layer denial of service (DoS) attacks, web-based threat campaigns, application takeover, and malicious bots. It also includes behavioral analytics and application-layer encryption of sensitive data. Our technology alliance with F5 and the integration with F5 BIG-IP Advanced WAF delivers a one-click virtual patching capabilities for your web applications, cloud-native and traditional APIs, saving time that your web application engineers have to spend on remediation.
FogBugz
FogBugz by IgniteTech is Software Project Management System (SPMS) designed to plan, track and release enterprise-grade software with lightweight and customizable system that seamlessly integrates into any project management workflow. FogBuz helps software developers to track their projects from start to finish, to log and track all their bugs and security issues, to easily customize case flows, and to get accurate delivery estimates with its proprietary Evidence-Based Scheduling (EBS) statistical algorithm that produces software release shipping date probability distributions based on historical timesheet data. Our integration with FogBugz enables you to export any web application, mobile, cloud and API vulnerabilities into FogBugz in just one click for a coordinated remediation and ongoing progress tracking.
Fortinet FortiWeb WAF
FortiWeb web application firewall (WAF) protects modern-day web applications, micro services and APIs from sophisticated web attacks that target both known and unknown vulnerabilities. Among other things, its numerous features, powered by Machine Learning, improve your security posture by predictively mitigating new threats, detecting anomalies, stopping bad and malicious bots. It also includes advanced threat analytics aimed at identifying the most critical threats across all protected applications and APIs. Our technology alliance with Fortinet and the integration with FortiWeb WAF enable you to rapidly export any detected web security vulnerabilities, weaknesses and misconfigurations into your WAF appliance for immediate and robust virtual patching, proving your software developers with a peace of mind.
GitHub Actions
GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to fully automate your software build, test, and deployment pipeline in a simple, reliable and efficient manner. With it you can create tailored-made workflows to build and test every pull request to your code repository, or deploy merged pull requests to production environment. Our integration with GitHub Actions allows you to seamlessly integrate our award-winning application and API security testing and vulnerability scanning products into your CI/CD pipeline to automatically test your code prior to deployment.
GitLab CI/CD
GitLab CI/CD by Microsoft is a powerful tool for software development that relies on modern concepts of Continuous Integration (CI), Continuous Delivery (CD), Continuous Deployment (CD) and other continuous software development methodologies. It can automatically build, test, deploy, and monitor your applications in a simple and reliable manner, saving time and resources of your software development team, catching security bugs and errors early in the software development cycle, and ensure that your code deployed to production complies with your internal policies and code quality standards. Our integration with GitLab CI/CD enables you to add our award-winning application security testing and vulnerability scanning capabilities directly into your CI/CD pipeline for holistic security, privacy and compliance testing.
Google Sign-In SSO
Google Sign-In manages the OAuth 2.0 flow and token lifecycle. Our integration with Google Sign-In enables you to leverage Google’s SSO solution to securely log in to the ImmuniWeb Platform. After registration, the SSO can be activated on any account belonging to your business and brings centralized management and timely revocation of access to the Platform when so is required.
Imperva WAF
Imperva Web Application Firewall (WAF) protects all types of modern and legacy web assets from the most sophisticated web-based attacks, ranging from OWASP Top 10 to certain vectors of zero-day attacks that are detected by its proprietary traffic analysis technology. Imperva WAF stops malicious bots and suspicious traffic to your website before the actual harm occurs, with a false-positive rate verging on zero. It can be rapidly deployed for on-premise, multicloud and third-party web applications to ensure continuous protection and compliance. Our technology alliance with Imperva and the integration with Imperva WAF enables you to export any vulnerabilities, found by our award-winning application security testing and web vulnerability scanning, in a few clicks to Imperva WAF for instant virtual patching, significantly optimizing and accelerating the workflow of your software developers.
Jenkins
Jenkins is a leading open-source CI/CD automation solution designed to intelligently automate all kinds of software development tasks spanning from code building, testing, delivering to deploying into production. It provides over 1,800 plugins to automate virtually any task or process, so that your software engineers can better use their valuable time, focusing on the most complex and important tasks that cannot be automated or delayed. Jenkins can be installed via native system packages, Docker, or even run standalone on a machine with a Java Runtime Environment (JRE). Our integration with Jenkins via a Jenkins plugin allows you to leverage our award-winning vulnerability scanning and application security testing capabilities in your CI/CD pipeline in a simple and efficient manner, ensuring full automation of software development lifecycle (SDLC) and meeting compliance requirements.
JIRA
Jira by Atlassian is a powerful, multifunctional and flexible solution for bug tracking and issue management for all kinds of modern software projects, including web and mobile apps, APIs and microservices, and cloud-native apps. It allows small and large teams of application developers to assign, transfer, prioritize and track any reliability, functionality, security, privacy or compliance issues in their code in a time-efficient and effective manner. Designed to be deployed both on premise and in a multicloud environment, Jira is a perfect choice for any organization looking to accelerate and improve its software development lifecycle (SDLC). Our integration with Jira enables you to funnel any security, privacy and compliance issues, detected by our award-winning application security testing technology, to your Jira environment to dispatch and monitor the remediation process as may be required by compliance procedures.
Mantis
MantisBT is an open-source bug tracker designed for any kind of software development projects, elegantly combining functionality and the ease of use. Software developers can easily start using MantisBT in a few minutes, unleashing its powerful potential to smoothly coordinate software development in a collaborative, efficient and productive manner. Available both on premise and in a cloud environment, it can be easily accessed via its intuitive web interface. Our integration with MantisBT allows you to rapidly export any security, privacy or compliance issues, detected by our award-winning web security scanning and application security testing products, to MantisBT for a coordinated, risk-based and timely remediation, eventually accelerating your software development process and saving valuable time of your software developers.
MatterMost
Mattermost is a powerful open-source platform created for agile collaboration between technical and operational teams that work in multistakeholder environments with complicated compliance and data security requirements. Available both on premise and in a cloud environment, MatterMost provides software engineers with Channels, Playbooks and Boards, aimed at accelerating, automating, coordinating and streamlining software development process within large organizations. Our integration with MatterMost enables software developers to get instant alerts on newly discovered vulnerabilities, weaknesses and misconfigurations, detected by our award-winning application security and web security scanning products, to their Channels directly.
Micro Focus ALM/Quality Center
Micro Focus Application Lifecycle Management (ALM)/Quality Center serves as a cockpit for software quality and reliability management. It helps you to govern application lifecycle management activities and to implement rigorous, auditable software lifecycle processes. With ALM/Quality Center software developers can achieve high efficiency in testing and manage quality with a requirements-driven, risk-based approach, align people with tasks and processes, mitigate application complexities, automate manual tasks, and establish end-to-end traceability of security, quality and reliability issues even in the most complicated software packages. Our integration with ALM/Quality Center delivers vulnerability data, discovered by our award-winning application security testing and web vulnerability scanning products, to a consolidated dashboard equipped with visual graphs, enabling one-click creation of customized reports.
Micro Focus ArcSight Logger
Micro Focus ArcSight Recon simplifies log management and compliance, while accelerating forensic investigations and threat hunting. Designed to hunt and defeat cyber threats with big-data search, visualization, and reporting, its vulnerability export functionality helps you to increase threat investigation effectiveness. Being a comprehensive log management and security analytics solution, ArcSight Recon eases compliance burdens and accelerates forensic investigation for security professionals and Blue Teams. It combines a comprehensive set of compliance, storage and reporting needs of log management with the capabilities of big data search and analysis. Our integration with ArcSight Recon enables one-click vulnerability data export, coming from our award-winning application security testing and web security scanning products, to your ArcSight Recon dashboard to enhance your threat hunting and digital forensics with valuable intelligence on possible root causes of security incidents.
Microsoft Entra ID
Microsoft Entra ID (formerly Azure Active Directory) is a cloud-based identity service enabling users to securely sign in to third-party web applications. Our integration with Microsoft Entra ID enables you to leverage Microsoft’s single sign on (SSO) solution to securely log in to the ImmuniWeb Platform. After registration, the SSO can be activated on any account belonging to your business and brings centralized management and timely revocation of access to the Platform when so is required.
Microsoft Teams
Microsoft Teams is an advanced business communication platform developed by Microsoft, as part of the Microsoft 365 family of products. Microsoft Teams, as the central hub for teamwork in Microsoft 365, is the meeting point where people, including people outside your organization, can openly connect and easily collaborate in real time to get things done in the most efficient manner. It is also a place to have informal chats, iterate quickly on a project, work with team files, and collaborate on shared deliverables. With Microsoft Teams software developers can work together using ergonomically designed chats equipped with many data-sharing features, instead of traditional email and other outmoded channels, letting everyone work together no matter where they are. Our integration with Microsoft Teams allows you to get instant messages and security alerts to your chat directly from our award-winning application security testing and web vulnerability scanning products for a timely and coordinated remediation.
Pivotal Tracker
Pivotal Tracker is an agile software development project-management and issue-tracking solution, designed for a real-time collaboration of diversified teams in a friendly, collaborative and multistakeholder environment. It provides a visual map of your tasks, processes and pending issues with your code, empowering your team to focus on the most important and urgent tasks, eventually optimizing your software development lifecycle (SDLC) and accelerating code delivery to end users. Our integration with Pivotal Tracker enables you to seamlessly export any security, privacy and compliance issues, detected by our award-winning web security scanning and application security testing products, to your Pivotal Tracker for a timely remediation.
Qualys WAF
Qualys Web Application Firewall (WAF) is a cloud service for scalable and resilient protection of your web applications. It defends your web applications and APIs by using a set of ready-to-use security policies developed by Qualys Security Intelligence team, offering a one-click response to both well-known and emerging web security threats of any complexity. You can also address your custom security needs with simple, customizable and reusable policies and rules. Qualys WAF’s virtual appliance can be deployed and quickly scaled up both on premise and in public cloud environment including AWS, Azure and GCP. Our technology alliance and integration with Qualys WAF allows you to mitigate even the most sophisticated web vulnerabilities, detected by our award-winning application security testing and web security scanning products, in a few clicks, giving your software engineers a competitive advantage and saving their valuable time for more important and urgent tasks.
Rally
Rally is an enterprise-class platform for scaling agile software development practices by centralizing and streamlining internal communications around designing and building modern software, enabling predictability and adaptability, while pursuing your business goals and strategy, eventually improving and accelerating the entire software development lifecycle (SDLC). It helps multicultural and international teams of software developers and architects to stay informed, engaged and happy both on macro and micro level. Our integration with Rally enables instant export of vulnerability data, coming from our award-winning application security testing and web security scanning products, to Rally users for a timely remediation in risk-based and traceable manner.
Redmine
Redmine is a free and open-source project management and bug tracking solution for software development projects or any size and complexity, supporting over 49 programming languages. It can be rapidly deployed and easily accessed via its user-friendly web interface, offering compatibility and accessibility for software developers using any kind of devices, operating systems and SDK. Redmine provides issue tracking, knowledge management, discussion platform, calendar, event management, and powerful visualization of your current software development projects, tasks and processes. It also has a set of turn-key integrations with various version control systems, simplifying software development workflow. Our integration with Redmine enables you to export any security, privacy or compliance issues, detected by our award-winning application security testing and web vulnerability scanning, to Redmine in a few clicks for a risk-based and timely remediation.
Rocket.Chat
Rocket.Chat is an open-source communications platform designed to simplify, accelerate and fluidify corporate communications in companies of any size. Built for organizations that need more control over their communications, it enables collaboration between colleagues, partners, customers, communities, and even platforms without compromises on data ownership, customizations or integrations. Actively used by software developers for better and faster development and bug-fixing, it saves a great amount of their time usually lost in traditional email-based communications. Our integration with Rocket.Chat allows you to start, manage and get results of our award-winning application security testing and web security scanning directly from Rocket.Chat Conversation, bringing agility and efficiency to your software security testing processes.
ServiceNow
The Now Platform by ServiceNow empowers anyone to digitize and automate departmental and cross-enterprise workflows, to optimize business processes for resiliency, and to mitigate risk, all on one cloud-based platform. The Now Platform lets you re-imagine any process as a digital workflow, seamlessly connecting people, applications, and systems, breaking down organizational silos, accelerating service delivery, and strengthening business continuity.
Additionally, the Now Platform increases workforce productivity to work smarter and reduce costs, accelerates enterprise automation to deliver faster and more reliable results, and provides trust and security across your entire operational environment. Our integration with ServiceNow’s Now Platform enables software developers to import actionable web security, privacy and compliance data, detected by our award-winning web security scanning and application security testing products, in a few clicks to the Now Platform for a risk-based and timely remediation.
Additionally, the Now Platform increases workforce productivity to work smarter and reduce costs, accelerates enterprise automation to deliver faster and more reliable results, and provides trust and security across your entire operational environment. Our integration with ServiceNow’s Now Platform enables software developers to import actionable web security, privacy and compliance data, detected by our award-winning web security scanning and application security testing products, in a few clicks to the Now Platform for a risk-based and timely remediation.
Slack
Slack is a leading enterprise messaging app for businesses that connect people to the information they need, replacing emails with something faster, more agile and better organized. Instead of one-off email chains, all your communications are organized into topic-specific channels that are easy to create, join and search. Slack’s channels bring order and clarity to your workflows: you can create them for every project, topic, or team. When there’s a channel for everything, you can focus on the conversations and work that matters most to you. For software developers and security engineers, Slack streamlines their work, automates routine tasks, and brings actionable context into their conversations and cross-team collaboration. Our Slack app allows your security and software engineers to start and get instant alerts on newly discovered security, privacy and compliance issues directly from our award-winning application security testing and web vulnerability scanning products for a timely and risk-based mitigation.
Splunk
Splunk is a leading SIEM platform to search, analyze, correlate and visualize various machine-generated data gathered from websites, applications, sensors, devices and any other corporate sources. Splunk platform is purposely built for expansive data access, powerful analytics and full automation, designed to identify key risks and to detect cyber threats before they become major incidents. With Splunk, software developers and cybersecurity professionals can easily monitor, investigate, analyze and detect cyber threats across multicloud environments including AWS, GCP and Microsoft Azure. Its advanced threat detection capabilities rapidly identify the most sophisticated attacks that bypass traditional security controls in a stealth manner. Our integration with Splunk enhances your Splunk cyber threat intelligence data with verified web, mobile, API and cloud security problems and compliance issues that may be the root cause of a security incident or data breach.
YouTrack
YouTrack by JetBrains is a powerful project management solution to track tasks, manage projects, maintain a knowledge base, collaborate, and deliver high-quality software products. It can easily track multistakeholder projects and tasks, use agile dashboards, plan sprints and software releases, keep an enterprise-wide knowledge base, work with reports and dashboards, create workflows that follow your business processes. YouTrack offers a real-time overview of what software development teams are doing, also providing a historical overview and powerful task and progress tracking mechanisms. Our integration with YouTrack allows your software developers to import verified vulnerability data, coming from our award-winning application security testing and web vulnerability scanning systems, into a specific dashboard for a risk-based and timely remediation.
Zapier
Zapier is a powerful no-code automation tool that lets you connect your apps into automated workflows, so they can easily communicate, synchronize and work together in a reliable, simple and agile manner. A pre-defined event can trigger a complicated workflow, without spending a single second of valuable human time on it, accelerating the entire software development process and interconnected tasks. Software developers utilize Zapier to productively collaborate across various departments to create secure, custom workflows that scale and accelerate software development lifecycle (SDLC) across the organization. With our application on the Zapier Marketplace, software developers can automate, manage and get actionable security findings in real time from our award-winning application security testing and web vulnerability scanning products.
Zoho BugTracker
Zoho BugTracker is a simple but fast and powerful bug tracking solution that helps you to manage even the most sophisticated software bugs easily and to deliver reliable software products on schedule. Its collaborative dashboard allows software developers to see the latest updates and to stay on top of what's going on in their environment within seconds, to gain insights about status of bugs filed in a project with visually appealing reports and actionable statistics. With Zoho BugTracker you can assign any bug or security issues to your team members, and keep your customers and other third parties in the loop if you need to. Our integration with Zoho BugTracker enables software developers to import verified vulnerability data in just one click from our award-winning application security testing and web vulnerability scanning products.