Phoenix Security integrates with your native technology stack, security scanners for Application Security, Infrastructure Security, Cloud Security and Container Security, converting vulnerability into risk.
CODIGA CODE INSPECTOR
Codiga is a coding assistant that helps you find the right code snuppets within your IDE. Phoenix Security integrates with Codiga.
Google Cloud Security Command Center (SCC) and Phoenix Security provide a seamless solution for securing GCP environments from code to cloud. SCC delivers real-time detection of vulnerabilities, compliance gaps, and misconfigurations across cloud resources, while Phoenix Security adds contextual prioritization, mapping these findings to business impact and operational needs. This collaboration streamlines vulnerability remediation, reduces noise, and enables actionable workflows, empowering security and development teams to address critical risks efficiently without slowing innovation.
ACQUA SECURITY CNAPP
Aqua Security and Phoenix Security combine forces to revolutionize cloud-native application security. This integration secures APIs, streamlines CI/CD workflows, and delivers actionable insights, ensuring comprehensive protection from development to production. API Integration and CI/CD integration with Thrivi scanner
Sysdig Cloud
Sysdig is a cloud security company that offers a platform to help users detect, prevent, and respond to security threats in real time. Sysdig's platform is designed to address the security needs of containerized and Kubernetes infrastructures.
Phoenix security integrates and ingest runtime container and cloud security vulnerabilities from sysdig, reflecting reachability analysis elements into the application security stack and tracing code to cloud
Sysdig is a cloud security company that offers a platform to help users detect, prevent, and respond to security threats in real time. Sysdig's platform is designed to address the security needs of containerized and Kubernetes infrastructures.
Phoenix security integrates and ingest runtime container and cloud security vulnerabilities from sysdig, reflecting reachability analysis elements into the application security stack and tracing code to cloud
Microsoft Azure Defender for Cloud Microsoft Azure Defender for Cloud is a centralized management solution that provides security controls and tools to enable proactive protection against emerging threats in an evolving threat landscape. Phoenix Security now integrates with Azure Defender for the Cloud
Lacework delivers a native container security solution, reducing the attack surface and detecting the threats that matter in your container environment. Phoenix Security integrates with Lacework.
ZERO DAY MICRO
Our platform leverages cutting-edge technology to identify recently discovered vulnerabilities before they’re widely exploited. This empowers you to Proactive Security Measures: Patch vulnerabilities quickly and minimize attack surfaces .
Phoenix Security integrates with Prisma™ Cloud, a cloud-native security platform enabling you to secure your cloud-native infrastructure and applications using a single dashboard.
METASPLIT
This dynamic duo seamlessly integrates Phoenix Security’s contextual intelligence with Metasploit’s penetration testing capabilities, enabling you to not only identify vulnerabilities but also exploit them in a safe, controlled environment to assess their true impact.
MEND.IO
Phoenix Security integrates with Mend to help secure developers’ applications, helping them deliver quality, secure code faster. Removing the AppSec burden, we free developers to build secure apps.
Acunetix is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
Phoenix Security integrates with Netsparker. netsparker is a Web application Proof-Based Scanning To Find Real Vulnerabilities in web and API
Automatically share crucial vulnerability data to the relevant Teams channels.
Automatically share crucial vulnerability data to the relevant Slack channels.
Automatically create, assign and track ServiceNow incidents containing the right fix to each vulnerability
Automatically create, assign and track Jira tickets containing the right fix to each vulnerability.
Prioritize and fix vulnerability scan findings across applications deployed on AW.
Ingest Docker container data from AWS ECR to enrich asset risk posture and better prioritize vulnerabilities.
Ingest container data from AWS ECS to enrich asset risk posture and better prioritize vulnerabilities.
Prioritize and fix WhiteHat application security findings across web applications and code projects.
Prioritize and fix pen-testing and bug-bounty findings discovered by HackerOne.
Prioritize and fix pen-testing and bug-bounty findings discovered by Bugcrowd.
FORTIFY
Prioritize and fix Fortify security findings across web applications.
Prioritize and fix Fortify application scan findings across code projects.
Prioritize and fix Veracode application scan findings across code projects.
Prioritize all Checkmarx application scan findings across code projects.
Prioritize and fix dynamic web application scan findings across websites.
Prioritize and fix container and application security findings discovered by JFrog.
Prioritize and fix vulnerabilities in open source libraries and containers discovered by Snyk.
Prioritize and fix Burpsuite application security findings across web applications and code projects.
ANCHORE
BLACKDUCK HUB
CARGOAUDIT SCAN
DEPENDENCY-CHECK
DEPENDENCY-TRACK
GGSHIELD
NPM AUDIT
OSS INDEX DEV-AUDIT
RETIRE.JS
SNYK
SONATYPE
BLACKDUCK COMPONENT RISK
AUDITJS OSSIndex
GITLAB Dependency Scanning Report
GITHUB VULNERABILITY
VERACODE
Prioritize and fix Veracode application scan findings across code projects.
SARIF
XANITIZER
VISUAL CODE GREPPER
SEMGREP JSON REPORT
SONARQUBE
RUBOCOP SCAN
PMD SCAN
CHECKMARX
Prioritize all Checkmarx application scan findings across code projects.
BRAKEMAN
CODECHECKER Report native
CODE QL
COVERITY
ESLINT
DAWN SCANNER
FORTIFY
GITLAB SAST REPORT
VULNCHECK KEV
Our platform integrates with VulnCheck’s KEV, empowering you to focus on vulnerabilities most actively exploited in the wild. This allows you to Patch Critical Threats First: Quickly address vulnerabilities attackers are targeting now for immediate security improvements.
CWE
Our platform integrates with the Common Weakness Enumeration (CWE), providing insights into the underlying causes of vulnerabilities. This empowers you to Prevent Future Security Issues: Address the root cause of vulnerabilities and prevent similar attacks from recurring.
RANSOMWARE KEV
Our platform leverages the Ransomware KEV catalog, highlighting vulnerabilities attackers use in ransomware campaigns. This empowers you to Prioritize Ransomware Defense: Focus on patching vulnerabilities most exploited by ransomware actors for stronger security
RANSOMWARE
Our platform integrates intelligence to detect whether a vulnerability is used in ransomware, ensuring that the vulnerabilities detected are also flagged when used in ransomware
GITHUB
VULNCHECK NVD
Our platform integrates with VulnCheck NVD. This empowers you to Future-Proof Vulnerability Scanning: Seamlessly transition between NVD versions and ensure comprehensive vulnerability coverage.
MITRE
Our platform integrates with the MITRE, a globally recognized knowledge base for adversary tactics and techniques. This empowers you to Map Threats to Defenses: Identify vulnerabilities attackers might exploit and proactively strengthen your security posture
KEV
Our platform integrates with the Known Exploited Vulnerabilities (KEV) catalog, empowering you to prioritize remediation efforts on vulnerabilities actively exploited in the wild. This empowers you to Block Real-World Attacks: Patch vulnerabilities most likely to be used by attackers for immediate security improvements
CVE TRENDS
Our platform integrates with real-time CVE trend data, allowing you to prioritize vulnerabilities based on active exploitation attempts. This empowers you to Patch Critical Threats Faster: Focus on vulnerabilities attackers are targeting now for proactive security.
PACKET STORM
Phoenix Security integrates with PacketStorm, a vast resource for security tools and exploits . Unlike solely relying on vulnerability databases, Phoenix Security leverages real-world exploit examples from PacketStorm. This empowers you to stay ahead of evolving attack techniques and maximize the detection of threats used by malicious actors.
CAPEC
Our platform integrates with CAPEC (Common Attack Pattern Enumeration and Classification), enabling consistent vulnerability categorization. This empowers you to Streamline Threat Analysis: Leverage standardized classifications for efficient threat assessment and prioritization.
OSV
Phoenix security integrate with OSV to detect intelligence around whether a vulnerability is fixable and exploitable, phoenix leverages the intelligence to also identify whether a vulnerability is reachable and fixable when opening tickets
VULNERABILITY CATEGORIES
Our platform empowers you to organize vulnerabilities by category for efficient prioritization and remediation. This empowers you to focus on Critical Risks First: Quickly identify and address high-impact vulnerabilities.
CPE / PHOENIX
SECURITY CPE
Our platform leverages CPE (Common Platform Enumeration) and Phoenix Security CPE data for pinpoint vulnerability identification. This empowers you to prioritize high-risk threats: Focus on vulnerabilities targeting your specific systems for efficient remediation.
PHOENIX SECURITY CATEGORY
Our platform integrates with the powerful Phoenix security category enabling automated threat detection and response. This empowers you to stop threats in their tracks
WEB EXPLOIT POPULARITY
Our platform integrates with real-time web exploit popularity data. This empowers you to: Focus on Most Active Threats: Prioritize vulnerability scanning based on what attackers are targeting now.
NVD + KEV
Our platform integrates with NVD (National Vulnerability Database) & KEV (Known Exploited Vulnerabilities). This integration empowers you to Prioritize Critical Threats: Identify & address high-risk vulnerabilities from trusted sources.
CPE NVD
Our platform integrates NVD (National Vulnerability Database) with CPE (Common Platform Enumeration) . This powerful combination streamlines vulnerability assessment, prioritizes threats , and keeps you informed of the latest security risks.
WAPITI
The web-application vulnerability scanner. Wapiti allows you to audit the security of your websites or web applications.
ZED ATTACK PROXY (ZAP)
is an open-source web application security scanner. It is one of the most active Open Web Application Security Project (OWASP) projects and has been given Flagship status.
BUGCROWD
Leverage the crowdsource intelligence from bug bounty for popular exploits
HACKERONE
Prioritize and fix pen-testing and bug-bounty findings discovered by HackerOne.
CISA CYBERSECURITY + INFRASTRUCTURE
By integrating with CISA, Phoenix Security grants you access to their up-to-date advisories, vulnerability exploits, and best practices – keeping you informed of the latest threats and mitigation strategies.
SHADOWSERVER
This powerful duo grants you access to Shadowserver’s vast network intelligence, providing a richer context for prioritizing vulnerabilities and understanding your overall threat landscape.
GOOGLE PROJECT ZERO
This powerful partnership empowers you to address the most critical vulnerabilities – those identified by Google’s elite team of security researchers – before they can be exploited by attackers.
EXPLOIT PREDICTION SCORING SYSTEM (EPSS)
Empowers you to prioritize threats based on their likelihood of exploitation, not just their severity.
ZERO DAY INITIATIVE
This powerful partnership empowers you to address the most critical and newly discovered vulnerabilities (zero-days) before attackers exploit them.
NUCLEI
Nuclei is a very powerful tool, it allows you to perform automatic vulnerability scans based on templates predefined by the user.
EXPLOIT DB
The ExploitDB is a very useful resource for identifying possible weaknesses in your network and for staying up to date on current attacks occurring in other networks.
NATIONAL VULNERABILITY DATABASE (NVD)
Phoenix Security now integrates with NVD, this data enables automation of vulnerability management, security measurement, and compliance.
Jira Software Data Center helps software teams plan, track, and release software. It features integration with development tools, an agile board, and a release hub for software version release.
SNYK Cloud IAC enable the identification of infrastructure as code issue in your terraform and cloud build files
SNYK Code enables scanning of code vulnerabilities in most coding languages
Snyk container scanner enables the detection of container image vulnerabilities
Phoenix Security now integrates with tenable IO to enable vulnerability discovery at scale.
Phoenix security integrates with Lacework Container and Cloud security to retrieve vulnerabilities from code to cloud and contextualize vulnerabilities
Phoenix Security now integrates with Microsoft Defender for Endpoint an enterprise endpoint security platform hosted in Azure designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Automate the end-to-end lifecycle for software licenses, hardware assets, and cloud Phoenix Security extract and enrich information in ServiceNOW IT asset Management. Trace ownership and other business intelligence automatically.
Nessus is a vulnerability scanning solution. Learn more about its power by exploring how Tenable customers put it to work in a variety of infrastructure vulnerabilities.
Phoenix Security enables connections and prioritization of vulnerability findings from Nessus, Nessus Professional, Nessus Expert
SonarCloud (formerly Sonar) is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities in 20+ programming languages.
Phoenix Security integrates and ingests findings in SonarCloud and automatically prioritizes vulnerabilities
Qualys Endpoint protection is a cloud-based service that provides automated detection of vulnerabilities (authenticated and non-authenticated) on server and endpoints
Phoenix Security integrates with Crowdstrike Falcon for endpoint data security enrichment and retrieval
AppSec Phoenix enables the import of vulnerabilities from detectify web application security scanner.
Phoenix Security supports the import of vulnerabilities from Burpsuite format in XLM or Generic XML.
Phoenix Security supports the import of vulnerabilities, Applications, CMDB Data, Users, Pentest Results via CSV.
Phoenix Security scan website and API security with a set of configurable profiles.
With one click you can schedule and assess your website and API against the common security issues.
OWASP Nettacker project was created to automate information gathering, vulnerability scanning and in general to aid penetration testing engagements.
Web Application testing to identify WordPress security issues
Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing and release management capabilities. It covers the entire application lifecycle and enables DevOps capabilities.
Github Issues let you track your work on GitHub, where development happens. When you mention an issue in another issue or pull request, the issue’s timeline reflects the cross-reference so that you can keep track of related work. You can link an issue to a pull request to indicate that work is in progress.
Automatically create, assign and track Jira tickets containing the right fix to each vulnerability.
Automatically create, assign and track Jira tickets containing the right fix to each vulnerability.
Nmap (Network Mapper) is a free and open-source network that can be used to discover hosts and services on a computer network by sending packets and analyzing the responses.
Phoenix Security integrates with OWASP Nettacker project was created to automate information gathering, vulnerability scanning and in general to aid penetration testing engagements.
Cloud Conformity is an SaaS tool providing clients unparalleled visibility, control, governance, and reporting into their Public Cloud Infrastructure within seconds. Cloud Conformity provides 500+ Rules across 50+ AWS Services with a step by step resolution instructions for each of these rules.
AWS Security Hub centralizes alerts from a number of security scanners in AWS and gives you a comprehensive view of your security alerts and security posture across your AWS accounts.
Dependabot is a free and open source solution that alleviates the pain of 3rd party Open Source Security risk by updating your dependencies automatically, so you can spend less time updating dependencies and more time building software. Until now, the Dependabot features we’ve brought to GitHub have focused on automated security updates, which update packages with known vulnerabilities.
The Check Point CloudGuard platform provides you cloud native security, with advanced threat prevention for all your assets and workloads – in your public, private, hybrid or multi-cloud environment – providing you unified security to automate security everywhere.
Sonatype helps enterprises identify and remediate vulnerabilities in open source library dependencies and release more secure code.
Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.
Black Duck Maps string, file, and directory information to the Black Duck KnowledgeBase to identify open source and third-party components in applications.
OWASP ZAP (short for Zed Attack Proxy) is an open-source web application security scanner. It is one of the most active Open Web Application Security Project (OWASP) projects and has been given Flagship status.
SonarQube (formerly Sonar) is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
Fortify on Demand (FoD) is a complete Static Code analysis solution Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management.
Custom Import of Users, Vulnerabilities via API / CSV.
Fortify on Demand (FoD) – Dynamic Web Analysis is a complete Web Black Box Testing Code analysis solution Fortify on Demand covers in-depth mobile app security testing, open-source analysis.
Qualys Web Application Scanning (WAS) is a cloud-based service that provides automated crawling and testing of custom web applications to identify vulnerabilities including cross-site scripting (XSS) and SQL injection.
CRASHTEST SECURITY
CYCLONE DX
EDGESCAN
DRHEADER
DSOP Scan
METERIAN SCANNER
MOBSF Scan
MOZILLA OBSERVATORY SCANNER
TERRASCAN
RUFFLEHOG
WAZUH
GITLEAKS
Detect-Secrets
GOSEC Scanner
HUSKYCI Report
KIUWAN Scanner
HYDRA
ORT Evaluated Model Importer
OUTPOST 24 Scan
PWN Security Automation Framework
SCANTIST Scan
SOLAR APPSCREENER Scan
SPOTBUGS
TRUSTWAVE
VERACODE SourceClear
WFUZZ JSON importer
TALISMAN
RISKRECON API Importer
INTSIGHTS Report
IMMUNIWEB Scan
COBALT.IO Scan
HackerOne Cases
CRED SCAN REPORT
ESLINT
PHP Security Audit v2
PHP Symfony Security Checker
Rubocop Scan
SSLYZE
Test SSL Scan
SSLSCAN
QUALYS SSL LABS
QUALYS Infrastructure Scan
NMAP
OPEN VAS CSV
SCOUTSUITE
CLOUD SPLOIT
CHECKOV Report
AZURE SECURITY CENTER Recommendations Scan
Wiz Phoenix Security’s CSPM integration revolutionizes application security, merging Wiz’s detailed security data with application platforms to identify, contextualize, and correlate cloud threats
AWS SECURITY HUB
AWS PROWLER Scanner
CONTRAST Scanner
TWISTLOCK
NEUVECTOR (Compliance)
NEUVECTOR (REST)
TRIVY
KUBE-HUNTER Scanner
KUBE-BENCH Scanner
KICS BY CHECKMAX
HADOLINT
GITLAB Container Scan
DOCKER Bench Security Scanner
DOCKLE Report
CLAIR KLAN SCAN
CLAIR
BANDIT
AQUA
ANCHORE CTL Vuln Report
STACKHAWK HawkScan
QUALYS Webapp Scan
NETSPARKER DAST
MICROFOCUS Webinspect Scanner
IBM App Scan DAST
WHITEHAT SECURITY SANTINEL
JFROG XRAY
JFROG XRAY UNIFIED
JFROG XRAY API Summary Artifact Scan
YARN AUDIT
BUNDKER-AUDIT
ACQUA SECURITY CNAPP
Aqua Security and Phoenix Security combine forces to revolutionize cloud-native application security. This integration secures APIs, streamlines CI/CD workflows, and delivers actionable insights, ensuring comprehensive protection from development to production. API Integration and CI/CD integration with Thrivi scanner
Acunetix is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
ANCHORE
Custom Import of Users, Vulnerabilities via API / CSV.
Automatically create, assign and track Jira tickets containing the right fix to each vulnerability.
AUDITJS OSSIndex
Microsoft Azure Defender for Cloud Microsoft Azure Defender for Cloud is a centralized management solution that provides security controls and tools to enable proactive protection against emerging threats in an evolving threat landscape. Phoenix Security now integrates with Azure Defender for the Cloud
Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing and release management capabilities. It covers the entire application lifecycle and enables DevOps capabilities.
Black Duck Maps string, file, and directory information to the Black Duck KnowledgeBase to identify open source and third-party components in applications.
BLACKDUCK COMPONENT RISK
BLACKDUCK HUB
BRAKEMAN
BUNDKER-AUDIT
Prioritize and fix Burpsuite application security findings across web applications and code projects.
CARGOAUDIT SCAN
CHECKMARX
Prioritize all Checkmarx application scan findings across code projects.
Prioritize all Checkmarx application scan findings across code projects.
CODE QL
CODECHECKER Report native
CODIGA CODE INSPECTOR
Codiga is a coding assistant that helps you find the right code snuppets within your IDE. Phoenix Security integrates with Codiga.
COVERITY
Phoenix Security supports the import of vulnerabilities, Applications, CMDB Data, Users, Pentest Results via CSV.
DAWN SCANNER
Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.
DEPENDENCY-CHECK
DEPENDENCY-TRACK
AppSec Phoenix enables the import of vulnerabilities from detectify web application security scanner.
ESLINT
FORTIFY
Fortify on Demand (FoD) is a complete Static Code analysis solution Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management.
FORTIFY
Prioritize and fix Fortify security findings across web applications.
Prioritize and fix Fortify application scan findings across code projects.
Fortify on Demand (FoD) – Dynamic Web Analysis is a complete Web Black Box Testing Code analysis solution Fortify on Demand covers in-depth mobile app security testing, open-source analysis.
GGSHIELD
Dependabot is a free and open source solution that alleviates the pain of 3rd party Open Source Security risk by updating your dependencies automatically, so you can spend less time updating dependencies and more time building software. Until now, the Dependabot features we’ve brought to GitHub have focused on automated security updates, which update packages with known vulnerabilities.
Github Issues let you track your work on GitHub, where development happens. When you mention an issue in another issue or pull request, the issue’s timeline reflects the cross-reference so that you can keep track of related work. You can link an issue to a pull request to indicate that work is in progress.
GITHUB VULNERABILITY
GITLAB Dependency Scanning Report
GITLAB SAST REPORT
IBM App Scan DAST
Prioritize and fix container and application security findings discovered by JFrog.