CI/CD System integrations

Uleska provides flexible integration to CI and CD through dedicated plugins and our CLI.  Centralise all your security tools, results, and metrics with one CI/CD integration.

jenkins@2x

Use the Uleska Jenkins plugin, or add our CLI to your jobs, to manage all security tools and results.

githublogo2

Add Uleska CLI to your projects' GitHub Actions to let Uleska manage all your security tools and outputs in pipelines.

circlecilogo2

You can use the Uleska CLI in your CircleCI YAML jobs to add security tools and results to your CircleCI interface.

azure

Add the Uleska CLI to Azure Pipeline templates to easily roll out Uleska hook for all your projects' security checks.

bitbucket-01

The Uleska CLI can add to your Bitbucket Pipelines so Uleska can orchestrate security tools and results.

Harnes_logo_horizontal

Use our CLI as a single hook in your Harness CI YAML to run and aggregate security tool outputs.

gitlab-01-01

Include us into your projects's GitLab YAML and Uleska will run open-source and commercial tools centrally.

teamcity

Add the Uleska CLI once to your projects' TeamCity to let Uleska manage all security tools and results.

TravisCI-Full-Color

Bring security testing to your Travis CI pipelines with one Uleska hook.  Manage build security across all projects.

Static Code Analysis

Uleska can run any type of static code analysis (SAST) tool and aggregate the results together with other tools for ease of use. 

veracodelogo3

Add a Veracode SAST token to orchestrate testing of many languages and combine results with other tools.

sonarqube-logo

Integrate your SonarQube instance, or our community version, to find code flaws in many languages.

semgreplogo2

Use Semgrep to find coding flaws in many languages including Java, C#, Python, JavaScript, and others.

Bandit

Bandit is an expert open-source code scanner for the Python language. Use Uleska to run and capture results.

notejsscanLogo-1

Uleska can run NodeJSScan to check your Node JS for security coding flaws and report with other tools.

whisperslogo2

Add Whispers secrets scanning to your security toolkit and detect leaked secrets in project repos during every build.

fortifyondemand

Integrate a MicroFocus FortifyOnDemand token to automate your larger scale software security checks.

flawfinderlogo

Use the popular open-source FlawFinder tool to check your C / C++ code projects for common security coding flaws.

cloclogo2

Automate CLOC (Count Lines of Code) for visibility of code and technology used in project repos.

Software Composition Analysis

Check your software for vulnerable 3rd party libraries in your supply chain.  These tools continually update to find the latest security issues in your dependencies.

open-web-application-security-project-owasp-logo-F3F8C0CD54-seeklogo.com

Use Uleska to run OWASP Dependency Check, a popular open-source tool to scan your libraries for security issues.

snyklogo2

Integrate your Snyk usage into Uleska toolkits to continually scan for the latest vulnerabilities with your dependencies. 

open-web-application-security-project-owasp-logo-F3F8C0CD54-seeklogo.com

OWASP Dependency Track is a popular open-source scanner for 3rd party libs that integrates with Uleska scans.

npmlogo2

Automatically scan the JavaScript dependencies in your projects using the NPM Audit functionality with Uleska.

cyclonedx

Automatically generate CycloneDX SBOMs in each release using the ORT tool in your pipelines with Uleska.

Container Security Scanning

Container security tools can crack open your container artefacts or Dockerfiles and flag any known vulnerable components.

clairlogo2

Scan your Dockers to discover vulnerable components. With frequent vulnDB updates for new CVEs.

semgreplogo2

Use Semgrep in builds to scan Dockerfiles in your projects' repos for known bad security patterns and configurations.

jfrogxraylogo2

Integrate JFrog Xray artefact to Uleska to scan project containers for known issues and CVEs each release.

checkov_by_bridgecrew

Use open-source Checkov (Bridgecrew) to find for insecure patterns and configurations in Dockerfiles.

Dynamic Security Scanning

Run dynamic security tests and scans (DAST) against your staging, testing, and running systems to discover more types of issues detectable in run-time.

Burpsuite

Integrate the popular BurpSuite security scanner into your projects' testing to find flaws in live websites.

OWASPZapLogo

Integrate OWASP ZAP web scanning into your pipelines with Uleska to automatically find dynamic flaws.

veracodelogo3

Integrate your Veracode DAST website scanning into your pipeline testing suite with Uleska integration.

nikto

Check for common security flaws, website configuration problems, and more with Nikto via Uleska.

fortifyondemand

Run dynamic MicroFocus FortifyOnDemand on your larger projects by integrating your license with Uleska.

sslyzelogo.png

Use the popular open-source SSLyze tool to check TLS certificates configurations on your systems.

sqlmaplogo2

Automate the fully features SQLMap security tool into your toolkit to find all SQL flaws in your systems.

w3af

Run the open-source w3af security scans from your security build automation with Uleska integration.

nmaplogo2

Run security checks on your web infrastructure with the popular NMap tool added to Uleska ToolKits.

webinspectlogo2

Run powerful dynamic security scans with CyberRes WebInspect from your automation with Uleska.

amazoninspectorlogo2

Use Uleska and AWS Inspector to scan ports and CIS Benchmark flaws, and tie flaws back to your projects.

Infrastructure As Code Security Scanning

Continually check your Infrastructure as Code files for security flaws and misconfigurations, including Dockerfiles, Terraform, CloudFormation, Kubernetes, Helm, ARM, and Serverless.

semgreplogo2

Semgrep (from r2c) can check your repo files for Kubernetes, Dockerfile, and Terraform flaws.

checkov_by_bridgecrew

Use the popular Checkov (from Bridgecrew) to security scan your IaC files and configuration.

Secrets Security Scanning

Check your project source code repos and Git histories for leaked secrets.

whisperslogo2

Use Whispers to find potential secrets and sensitive files in your project source code during pipeline runs.

semgreplogo2

Automate Semgrep (by r2c) to check for potential secret values being leaked in your project source code.

gitleakslogo

Scan for leaked secrets, tokens, and passwords in project Git histories with the open-source GitLeaks tool.

DEVELOPER COLLABORATION TOOLS

Integrate all your security tools using Uleska, and communicate updates and results to developer ecosystem tools.

jira-01-01

Send newly discovered security issues to your projects' Jira, and update tickets when issues are fixed.

slack

Update your project and security teams with security result updates from any tools with Uleska.

azure

Create tickets for new security issues raised by any security tool for your project in Azure DevOps tickets.

Sign up for AppSec and DevSecOps news

You may unsubscribe at any time using the link in the email.

dog

LET’S TALK

Ready to see the Uleska platform in action? Book a free demonstration now to see how it can help your business to automate security testing.