Integrate SSLYze into CI/CD

What is SSLYze?

SSlyze is a great open source tool for checking a website or servers SSL/TLS certificates. It checks the SSL/TLS configuration of a server by connecting to it in real time. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their servers.

Security Stage DAST (Dynamic Analysis)
Type OpenSource
Languages Any Framework
Site https://tools.kali.org/information-gathering/sslyze

 

Pre-requisite

1 You'll need a URL to scan

 

How to set up SSLyze?

Adding SSLyze to your set of dynamic security tests is simple. Your version configuration will be setup for dynamic testing. 

To add the SSLyze security tool to a Toolkit:

  • Create a new Toolkit (or edit an existing one) by following the Creating a Toolkit guide and selecting 'SSLyze' as a tool.

sslyze

  • Click Save.

Now any time you click 'Test Now' with that Toolkit, or make a request over the Uleska API or CLI with that Toolkit, the SSlyze tool will be included in the test run and any results added to your vulnerabilities list.

Notes

Currently, the SSlyze adaptor will run the standard set of SSL/TLS tests. Configuration for timeouts, client certificates, and other settings are not currently supported but will be included in a future release. This adaptor interprets known errors from the SSLyze tool and reports them as vulnerabilities.