Introduction

ScanSuite is an advanced security scanning orchestration platform designed to automate and streamline the process of static code analysis, dynamic application security testing (DAST), and infrastructure scanning. By integrating with a diverse range of fine-tuned security scanners, ScanSuite ensures comprehensive vulnerability detection with minimal manual intervention.

ScanSuite intelligently processes various user-supplied inputs, including:

• Source Code Archives

• Code Repositories

• Web Application URLs

• Host Names, IPs & Domains

• Container Image Names

Using pre-configured connectors, ScanSuite invokes the appropriate vulnerability scanners with optimized parameters, ensuring accuracy and efficiency in security assessments.

Upon scan completion, results are automatically uploaded to DefectDojo, a centralized vulnerability management system, enabling efficient tracking, visualization, and processing of security findings. Additionally, both raw reports and structured parsed results are available for download, ensuring compatibility with various security workflows.

ScanSuite is accessible via multiple interfaces, including:

• Web-based Dashboard

• Command-Line Interface (CLI)

• CI/CD Management Consoles

This flexibility enables seamless integration into DevSecOps pipelines, making security scanning an effortless and scalable part of the development lifecycle.