From 73dde3263272403c8796d662d1c13b9b6316b8ea Mon Sep 17 00:00:00 2001 From: Stefan Fleckenstein Date: Thu, 15 Feb 2024 11:12:59 +0100 Subject: [PATCH] docs: add SecObserve in CI/CD and reporting (#6139) --- docs/ecosystem/cicd.md | 8 ++++++++ docs/ecosystem/reporting.md | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/docs/ecosystem/cicd.md b/docs/ecosystem/cicd.md index 12d050cd6b0e..e840e1d40984 100644 --- a/docs/ecosystem/cicd.md +++ b/docs/ecosystem/cicd.md @@ -79,3 +79,11 @@ You can use Trivy Resource in Concourse for scanning containers and introducing It has capabilities to fail the pipeline, create issues, alert communication channels (using respective resources) based on Trivy scan output. 👉 Get it at: + + +## SecObserve GitHub actions and GitLab templates (Community) +[SecObserve GitHub actions and GitLab templates](https://github.com/MaibornWolff/secobserve_actions_templates) run various vulnerability scanners, providing uniform methods and parameters for launching the tools. + +The Trivy integration supports scanning Docker images and local filesystems for vulnerabilities as well as scanning IaC files for misconfigurations. + +👉 Get it at: diff --git a/docs/ecosystem/reporting.md b/docs/ecosystem/reporting.md index 847205a00c34..ac86adb46bde 100644 --- a/docs/ecosystem/reporting.md +++ b/docs/ecosystem/reporting.md @@ -19,3 +19,8 @@ A Trivy plugin that scans and outputs the results to an interactive html file. Trivy-Streamlit is a Streamlit application that allows you to quickly parse the results from a Trivy JSON report. 👉 Get it at: + +## SecObserve (Community) +SecObserve can parse Trivy results as CycloneDX reports and provides an unified overview of vulnerabilities from different sources. Vulnerabilities can be evaluated with manual and rule based assessments. + +👉 Get it at: