ScanSuite
  • Introduction
  • Architecture
  • Installation
    • Technical Requirements
    • Install ScanSuite server
    • Set up DefectDojo
    • Troubleshooting
    • SSL/TLS Setup
  • Administration
    • Setup parameters and services
    • Configuring API keys for external systems
    • User administration
    • Security logs
  • Usage
    • Products
    • Performing a static code analysis
      • Git repository authentication
      • Schedule and incremental checks
      • (Optional) Compiling the code
      • Executing the OpenAI scan
    • Managing scan execution
    • Working with scan results
      • Checking for exploitable vulnerabilities
      • Export to Securitm
      • (Optional) Parsing CSV exports
    • Performing dynamic web scanning
      • Authenticated scans
      • API scans
    • Running infrastructure tests
    • Scheduling the scan
    • Creating own scanning rules
Powered by GitBook
On this page
  1. Administration

Configuring API keys for external systems

PreviousSetup parameters and servicesNextUser administration

Last updated 15 days ago

To enable specific security scanning and AI-powered analysis features, API keys must be configured in ScanSuite. Follow the steps below to set up the necessary API keys.

Open the Settings menu:

1. OpenVAS Configuration (Infrastructure Scans)

ScanSuite requires OpenVAS credentials to execute infrastructure scans.

  • Specify the OpenVAS URL, login, and password in the ScanSuite settings.

  • OpenVAS can be installed on either the same host as ScanSuite or a separate server.

  • Follow the official installation guide: 🔗 OpenVAS Installation Guide

2. Snyk API Key Configuration (SCA & SAST Scans)

A Snyk API key is required for Snyk-based security scans. Obtain a free API key by following these steps:

  1. Create a Snyk account: 🔗 Sign Up or Log In to Snyk

  2. Enable Snyk Code:

    • Navigate to: Snyk Code Management

    • Enable Snyk Code for static code analysis.

  3. Generate an API Token:

    • Go to: Snyk Account Settings

    • Create and copy your Auth Token.

3. OpenAI API Key Configuration (AI-Assisted Features)

An OpenAI API key is required for AI-generated content, such as custom scanning rules and static code analysis.

  • Obtain an API key at: 🔗 OpenAI API Key Management

Entering API Keys in ScanSuite

  1. Navigate to ScanSuite Settings.

  2. Locate the respective fields for:

    • OpenVAS Connection Parameters

    • Snyk API Key

    • OpenAI API Key

  3. Enter the keys exactly as provided by the respective platforms.

  4. Click Save to apply the settings.