Existing Uleska Integrations

The Uleska DevSecOps Platform comes pre-built with many of the most popular commercial and open source security tools used by security testers around the world. Connect the dots from your DevOps tools to the security tools you want to run, easily, quickly, consistently, and in a way that easily scales to 1000s of projects and tools.

Uleska is constantly adding new integrations, so if you don't see an integration below that you would like, contact us and we can integrate it for you.

The Only Exensible DevSecOps Platform

The Uleska DevSecOps Platform allows you to easily create custom security checks in any language, and integrate into the platform, super charging your DevSecOps programs.

This means you can simply apply the checks you need in minutes and scale to all projects that need it. The Uleska Platform will automatically invoke your custom checks, along with other configured tools, when triggered by your DevOps.

You can quickly create the technical check, and let the Uleska Platform handle false positives, duplicates, report generation, updates to Slack, Jira, e-mail, etc.

DevOps Integrations

Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software.

Plan smarter, collaborate better and ship faster with Azure DevOps Services, formerly known as Visual Studio Team Services.

Bamboo is a continuous integration and continuous deployment server developed by Atlassian.

GitHub brings together the world's largest community of developers to discover, share, and build better software.

From project planning and source code management to CI/CD and monitoring, GitLab is a complete DevOps platform, delivered as a single application.

API - any system that can request an API can be used as a DevOps trigger for Uleska.

Plan, track, and manage your agile and software development projects in Jira. Customize your workflow, collaborate, and release great software.

Slack brings the team together, wherever you are. With all of your communication and tools in one place, remote teams will stay productive no matter where you're working from.

Email updates to your own or teams' inbox with the latest security scan updates, insights, and more.

Hasura GraphQL Engine is an opensource service that connects to your databases & microservices.

TeamCity is a build management and continuous integration server from JetBrains.

More DevOps integrations are coming down the pipeline every month.  Let us know if there's an integration you'd like to see.

Commercial Security Testing Tools

Burp Suite is a leading range of cybersecurity tools, brought to you by PortSwigger.

Micro Focus Fortify protects your applications from security vulnerabilities with integrations, automation, and remediation at the speed of DevOps.

A simpler and more scalable way to increase the resiliency of your global application infrastructure, without slowing innovation.

Checkmarx is the global leader in software security solutions for modern enterprise software development.

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

Find and prevent critical vulnerabilities from reaching production with the LGTM security analysis.

Catch bugs and vulnerabilities in your app, with thousands of automated Static Code Analysis rules.

Open Source Security Testing Tools

OWASP® Zed Attack Proxy (ZAP). The world's most widely used web app scanner. Free and open source.

Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for over 8000 issues.

Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers.

SSLyze

SSLyze is a fast and powerful SSL/TLS scanning library to analyze the SSL/TLS configuration of a server by connecting to it, in order to detect various issues.

Nmap Free Security Scanner, Port Scanner, & Network Exploration Tool. Download open source software for Linux, Windows, UNIX, FreeBSD, etc.

Bandit

Bandit is a tool designed to find common security issues in Python code.

w3af is a Web Application Attack and Audit Framework, that helps you secure your web applications by finding and exploiting all web application vulnerabilities.

nodejsscan is a static security code scanner for Node.js applications.

npmaudit

The npm audit command submits a description of the dependencies configured in your package to your default registry and asks for a report of known vulnerabilities.

DNSRecon

A powerful DNS enumeration script included in Kali Linux.

Application Inspector

Microsoft Application Inspector identifies “interesting” features and metadata, like the use of cryptography, connecting to a remote entity, and the platforms it runs on.

PythonFuzz

PythonFuzz is coverage-guided fuzzer for testing python packages. (requires on-site installation and development integrations)