Configuring API keys for external systems
To enable specific security scanning and AI-powered analysis features, API keys must be configured in ScanSuite. Follow the steps below to set up the necessary API keys.
Open the Settings menu:
1. OpenVAS Configuration (Infrastructure Scans)
ScanSuite requires OpenVAS credentials to execute infrastructure scans.
Specify the OpenVAS URL, login, and password in the ScanSuite settings.
OpenVAS can be installed on either the same host as ScanSuite or a separate server.
Follow the official installation guide: š OpenVAS Installation Guide
2. OpenAI API Configuration (AI-Powered Features)
OpenAI API specification is supported for AI-generated content, such as custom scanning rules or static code analysis.
Both local and cloud LLMs are supported.
Obtain an API key at: š OpenAI API Key Management
Or set up the connection to the LLM in local network: š Ollama OpenAI setup
3. Dehashed API Key (Leaked Credentials, OSINT)
Deshashed API key is required for to query leaked credentials for domain names, analysed during Infrastructure OSINT scan.
Obtain an API key at: š Dehashed API Key Management
4. Shodan API key (OSINT Scan)
Shodan API key is required to check for the known services and vulnerabilities for the hosts discovered during the Intrastructure OSINT scan.
Obtain an API key at: š Shodan API Key Management
5. Snyk API Key (SCA & SAST Scans)
A Snyk API key is required for Snyk-based security scans. Obtain a free API key by following these steps:
Create a Snyk account: š Sign Up or Log In to Snyk
Enable Snyk Code:
Navigate to: Snyk Code Management
Enable Snyk Code for static code analysis.
Generate an API Token:
Go to: Snyk Account Settings
Create and copy your Auth Token.
Entering API Keys in ScanSuite
Navigate to ScanSuite Settings.
Locate the respective fields
Enter the keys exactly as provided by the respective platforms.
Click Save to apply the settings.
Last updated