How can we help you?

ArmourZero's AI-powered Code Scan combined multiple security code scanners to seamlessly detect and analyse source code or compiled versions of code to help find security flaws within your software development lifecycle (SDLC) and in your DevOps (Development Operations) methodology and practice.

These scanners are categorised as:

1. Static Application Security Testing (SAST) - to looks at the source code to check for coding and design flaws that could allow for malicious code injection.

2. Infrastructure as Code (IaC) - to find code vulnerability which automates the provisioning of infrastructure, enabling your organisation to develop, deploy, and scale cloud applications with greater speed, less risk, and reduced cost.

3. Software Composition Analysis (SCA) - to find open-source libraries and components that are being used by your code by analyzing information from multiple sources such as file hashes, binaries and more.

4. Secret Scanning - to find any sensitive information such as private keys, API secrets and tokens, etc. It does so by looking at file names, extensions, and content, attempting to match them against a list of signatures.

ArmourZero's AI-powered Code Scan seamlessly integrate (link) code security analysis into your cloud software development platforms, without the need to copy or retrieve any of your confidential source codes. Everything done within your CI/CD pipeline tools.

Supported CI/CD pipeline tools:

1. Github

2. Gitlab

3. Bitbucket

4. CircleCI

5. Azure Pipeline

6. Jenkins

7. Gitea

The scanned results of all possible vulnerabilities detected will then be compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels. Each of these possible vulnerability detected will then be mapped into OWASP Top 10 List (2021) and OWASP Mobile Top 10 (2024) compliance which is the latest standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to applications. 

There are 5 categories of CWE and CVE vulnerabilities' severity levels.

1. Critical
2. High
3. Medium
4. Low
5. Information

Integrates your CI/CD pipeline tools to start with ArmourZero's AI-powered Code Scan immediately, find all possible vulnerabilities faster than attackers.

ArmourZero's AI-powered Code Scan seamlessly integrates code security analysis into your cloud software development platforms, without the need to copy or retrieve any of your confidential source codes. Everything done within your CI/CD pipeline tools.

Supported CI/CD pipeline tools:

1. Github

2. Gitlab

3. Bitbucket

4. CircleCI

5. Azure Pipeline

6. Jenkins

7. Gitea

Step 1: Create repository and branch

You can create the number of repository according to your subscription plan.

1. Go to left menu and select "Code" under VULNERABILITY SCANNERS section, then click "Add New Repository".

2. Select what type application source code you would like to scan. If you are using GitHub or GitLab, you can have single sign-on (SSO) to retrieve your repositories and branches. ArmourZero supported both web and mobile application source code scan or review.

Click here if you are using GitHub or GitLab.

3. Click on the Project ID or the three dots action icon on the project, select "View Scan Details". You will be asked to create a branch by clicking "Add New Branch".

Notes:

It is very important to name your branch that match and identical with your working project branch name in your repository.

Step 2: Obtain unique API integration key

1. Go to left menu and select "Code" under VULNERABILITY SCANNERS section, then click "Configuration".

2. You will see an unique API Key that have generated for you. Copy that API Key for next step.

Step 3: Integrating to your CI/CD pipeline tools

Integration to your CI/CD pipeline tools just a one-time setup task, irregardless to the type of application you selected in Step 1! Yes it's that's easy. Depending on which CI/CD pipeline tools that you currently using, each platform comes with different but simple configurations.

You can refer to below links for the CI/CD pipeline tools' configuration.

1. Github integration

2. Gitlab integration

3. Bitbucket integration

4. CircleCI integration

5. Azure Pipeline integration

6. Jenkins integration

7. Gitea Pipeline integration

Congratulation! You have completed the seamless integration of security into your CI/CD pipeline tools. The Code Scan will be done automatically and at each time you and your team committed a code in the project and branch! Experience the automated vulnerability management evolution and view the scan results at your convenience.

Once the repository was successfully integrated, you can decide whether to have the scans automatically run whenever you committed your code or you would want to scan based on your needs. Depending on your subscribed plan, you can trigger multiple scans on multiple repositories at the same time. However the time to complete the scan depending on the size of source code.

You must first create repository and integrate to your CI/CD pipeline tools before scan is activated.

Enable auto scan

1. Go to left menu and select "Code" under VULNERABILITY SCANNERS section, then click "Add New Repository". Click on the Project ID or the three dots action icon on the project, select "View Scan Details". 

2. You may turn the on-off "Autorun Scan" option.

You can easily view Code Scan scanned results on all projects after scan triggered. All scan results will be listed in Latest Overall Scan Reports.

Step 1: Select the project

1. Go to left menu and select "Code" under VULNERABILITY SCANNERS section. Click on the Project ID or the three dots action icon   on the project, select "View Scan Details". 

Step 2: View details of vulnerabilities detected 

All scanned results of all possible vulnerabilities detected will be automatically compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels.

Each of these possible vulnerability detected will be automatically mapped into OWASP Top 10 List (2021) compliance which is the latest standard awareness document for developers and web application security.

1. A Latest Overall Scan Report of Code Scan will be auto generate for you. In a single glance of summary reports, you could see 4 scanners' result. 

2. You can also see past scanned reports under "Scan History" button to compare the previous results and current results. This is very useful if you have make correction or remediation on your code; or simply to compare with the latest possible vulnerabilities found.

The scan report will be summarised into 5 categories of CWE and CVE vulnerabilities' severity levels; Critical , High , Medium , Low and Information.

There are 2 ways to view details of vulnerabilities detected.

By each scanner

1. You can view individual scanner's results. Each scanner have its own automated Report compiled. Simply click if you want to looks at the details of scanned results.

All scanned results of all possible vulnerabilities detected will be automatically compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels.

Each of these possible vulnerability detected will be automatically mapped into OWASP Top 10 List (2021) compliance which is the latest standard awareness document for developers and web application security.

You can easily view your latest source code's compliances based on this each scanned results.

By overall vulnerabilities

1. Go to left menu and select Vulnerabilities under MANAGE section. You can easily sort based the repositories/branches, severity level, compliance or type of scanner (of all scanners).

Step 3: Mitigate vulnerabilities

There are 2 ways to mitigate vulnerabilities detected.

By each scanner

1. Click on of the scanner to look at the details of vulnerability found. 

2. Click on "Mitigation & Task Assignment". Here you can sort the list based on severity that you intend to focus on.

2. For each vulnerability found, click  to view the details of vulnerability and how you and your team can mitigate it with AI-remediation suggestions. Also you can assign the mitigation task across team members and follow the mitigation status. 

By overall vulnerabilities

1. Go to left menu and select Vulnerabilities under MANAGE section. You can easily sort based the repositories/branches, severity level, compliance or type of scanner (of all scanners).

2. For each vulnerability found, click  to view the details of vulnerability and how you and your team can mitigate it with AI-remediation suggestions. Also you can assign the mitigation task across team members and follow the mitigation status. 

There are 2 main parts of mitigation:

Part 1 : Informations

• Vulnerability's type and information - to list in details information the found vulnerability, including the lines of code caused it.

Part 2 : AI Assistance

• AI Assistance False Positive Detector - to check with AI's analysis in real-time to ensure the detected vulnerability won't mistakenly identifies as a threat or risk.
• Task management - to assign the task across team members to fix and track the mitigation progress and status.

• AI Assistance Remediation Suggestion - AI's analysis in real-time and recommend remediation against the vulnerabilities.

Notes:

Each vulnerability detected or found have it own characteristic, type, severity and risk to you and company. That's why each vulnerability have it's own remediation to work on.

After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate ArmourZero's AI-powered Code Scan into your GitHub.

Integration guide

1. Go to Code menu and click "Integrate" button.

2. Here you can also able to obtain your API Key by clicking Copy API Key.

3. Follow this video to add Repository Secrets in your GitHub repository.

In your GitHub repository. Click on "Settings" in the top navigation. Navigate to "Secrets" in the left sidebar. Click on "New repository secret", add a secret named AZ_TOKEN with your ArmourZero API key.

4. Create GitHub Actions Configuration File

Create a new file in your repository under the path .github/workflows/az-security-scan.yml and paste the provided configuration.

5. Save and Trigger a Push

Save the changes to the .github/workflows/az-security-scan.yml file. Commit and push the changes to your GitHub repository.

6. Monitor Actions

Go to the "Actions" tab on your GitHub repository. You'll see the status of your workflow. Click on it to view details.

After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate ArmourZero's AI-powered Code Scan into your GitLab.

Integration guide

1. Go to Code menu and click "Integrate" button.

2. Here you can also able to obtain your API Key by clicking Copy API Key.

3. Follow this video to add CI/CD Variables in your GitLab repository.

In your GitLab repository, go to "Settings" > "CI / CD" > "Variables." Add a variable named AZ_TOKEN with your ArmourZero API key.

4. Create GitLab CI/CD Configuration File

Create a new file in your repository named .gitlab-ci.yml and copy the provided configuration.

5. Commit and Push

Save the changes to the .gitlab-ci.yml file. Commit and push the changes to your GitLab repository.

6. Monitor Pipelines

Go to your GitLab repository. Click on "CI / CD" > "Pipelines." You'll see the status of your pipeline. Click on it to view details.

After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate ArmourZero's AI-powered Code Scan into your Bitbucket.

Integration guide

1. Go to Code menu and click "Integrate" button.

2. Here you can also able to obtain your API Key by clicking Copy API Key.

3. Follow this video to Enable Pipeline in your Bitbucket repository.

Navigate to your Bitbucket repository and go to "Settings" > "Pipeline" and enable pipelines for your repository.

4. Add Repository Variables

In your Bitbucket repository, go to "Settings" > "Repository Settings" > "Pipelines" and add the required environment variables like AZ_TOKEN.

5. Create a Bitbucket Pipeline Configuration

In the root directory of your project, create a file named bitbucket-pipelines.yml. This file will define your pipeline configuration.

6. Define the Pipeline Configuration

Edit the bitbucket-pipelines.yml file to define your pipeline configuration. Use the provided sample and customise as needed.

7. Commit and Push

Commit the bitbucket-pipelines.yml file and push it to your Bitbucket repository. This will trigger the pipeline.

8. Monitor the Pipeline

In your Bitbucket repository, go to "Pipelines" to monitor the pipeline's progress, view logs, and access build artifacts.

After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate ArmourZero's AI-powered Code Scan into your CircleCI.

Integration guide

1. Go to Code menu and click "Integrate" button.

2. Here you can also able to obtain your API Key by clicking Copy API Key.

3. Create CircleCI Configuration File

Create a new file in your repository named .circleci/config.yml and paste the provided configuration.

4. Commit and Push

Save the changes to the .circleci/config.yml file. Commit and push the changes to your repository.

5. Follow this video to Add Environment Variables in your CircleCI repository. 

In your CircleCI project settings, go to "Environment Variables." Add a variable named AZ_TOKEN with your ArmourZero API key.

6: Monitor Builds

Go to your CircleCI dashboard. You'll see your project listed with the status of your builds. Click on a build to view details.

After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate ArmourZero's AI-powered Code Scan into your Azure Pipeline.

Integration guide

1. Go to Code menu and click "Integrate" button.

2. Here you can also able to obtain your API Key by clicking Copy API Key.

3. Create Azure pipeline configuration file

Save your pipeline configuration file into your repo at root folder with filename azure-pipelines.yml and paste the provided configuration

4: Follow this video to Create & configure Pipeline in your Azure Pipeline repository.  

Azure DevOps may automatically detect your project and suggest a pipeline configuration. If not, you can choose a pipeline template or configure it manually.

Choose the repository where your project is hosted (GitHub, Bitbucket, GitLab, etc.).

5. Follow this video to Add Pipeline Variables.

In the pipeline settings, go to the "Variables" section. Add two variables named AZ_TOKEN with your ArmourZero API key.

6. Monitor Builds

Navigate to the "Pipelines" section in Azure DevOps. You'll see your pipeline runs with detailed logs and statuses.

After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate ArmourZero's AI-powered Code Scan into your Jenkins.

Integration guide

1. Go to Code menu and click "Integrate" button.

2. Here you can also able to obtain your API Key by clicking Copy API Key.

3. Manage Credentials in your Jenkins repository.

Go to your Jenkins portal → Manage Jenkins → Credentials. Select the appropriate domain (usually (global)) where you want to store the credential. Make sure you have admin rights.

4. Follow this video to add Credential in your Jenkins repository.

Add a new credential with:

Kind: Secret text

Secret: your ArmourZero API key

ID: AZ_Token

5. Navigate to Job

Go to your Jenkins portal and create a new Freestyle Job or edit an existing one.

6. Follow this video to Build Environment in your Jenkins repository.

Under Build Environment, check Use secret text(s) or file(s). Bind the credential AZ_TOKEN → to variable name AZ_API_KEY.

6: Follow this video to add Build Steps in your Jenkins repository.

Scroll to the Build section and click Add build step → Execute Shell.

7: Paste build scripts.

Copy the following script into the command box.

8: Save the job and trigger a build.