ScanSuite
  • Introduction
  • Architecture
  • Installation
    • Technical Requirements
    • Install ScanSuite server
    • Set up DefectDojo
    • Troubleshooting
    • SSL/TLS Setup
  • Administration
    • Setup parameters and services
    • Configuring API keys for external systems
    • User administration
    • Security logs
  • Usage
    • Products
    • Static Code Analysis
      • Git repository authentication
      • Scheduling Periodic and Incremental Scans
      • (Optional) Compiling the code
      • Executing the AI Powered Scan
    • Managing scan execution
    • Working with scan results
      • Checking for exploitable vulnerabilities
      • Export to Securitm
    • Credentials
    • Web App Scanning
      • Authenticated scans
      • Web API scans
    • Infrastructure Checks
    • Schedule the scan
    • Custom Rules
    • Assets
  • Versions History
    • v 1.0
    • v 1.1
    • v 1.2
Powered by GitBook
On this page
  1. Administration

Configuring API keys for external systems

PreviousSetup parameters and servicesNextUser administration

Last updated 12 days ago

To enable specific security scanning and AI-powered analysis features, API keys must be configured in ScanSuite. Follow the steps below to set up the necessary API keys.

Open the Settings menu:

1. OpenVAS Configuration (Infrastructure Scans)

ScanSuite requires OpenVAS credentials to execute infrastructure scans.

  • Specify the OpenVAS URL, login, and password in the ScanSuite settings.

  • OpenVAS can be installed on either the same host as ScanSuite or a separate server.

  • Follow the official installation guide: 🔗 OpenVAS Installation Guide

2. OpenAI API Configuration (AI-Powered Features)

OpenAI API specification is supported for AI-generated content, such as custom scanning rules or static code analysis.

Both local and cloud LLMs are supported.

  • Obtain an API key at: 🔗 OpenAI API Key Management

  • Or set up the connection to the LLM in local network: 🔗 Ollama OpenAI setup

3. Dehashed API Key (Leaked Credentials, OSINT)

Deshashed API key is required for to query leaked credentials for domain names, analysed during Infrastructure OSINT scan.

  • Obtain an API key at: 🔗 Dehashed API Key Management

4. Shodan API key (OSINT Scan)

Shodan API key is required to check for the known services and vulnerabilities for the hosts discovered during the Intrastructure OSINT scan.

  • Obtain an API key at: 🔗 Shodan API Key Management

5. Snyk API Key (SCA & SAST Scans)

A Snyk API key is required for Snyk-based security scans. Obtain a free API key by following these steps:

  1. Create a Snyk account: 🔗 Sign Up or Log In to Snyk

  2. Enable Snyk Code:

    • Navigate to: Snyk Code Management

    • Enable Snyk Code for static code analysis.

  3. Generate an API Token:

    • Go to: Snyk Account Settings

    • Create and copy your Auth Token.

Entering API Keys in ScanSuite

  1. Navigate to ScanSuite Settings.

  2. Locate the respective fields

  3. Enter the keys exactly as provided by the respective platforms.

  4. Click Save to apply the settings.