During this year’s RSA conference in San Francisco, we announced our new exciting platform capability: “Bring-Your-Own-Data” (BYOD), which allows customers to integrate their unique data-streams into the Invicti ASPM Platform.

Integrating diverse sets of data has become critical for AppSec. “Bring-Your-Own-Data” drastically improves the visibility for security teams into the application security stack of complex environments. It extends the feature-rich Invicti ASPM API and allows our customers to further automate their AppSec workflows.

“Bring-Your-Own-Data” currently consists of 2 platform capabilities, the new “Any Scanner” feature and the support for Custom Threat Intelligence Databases (launched earlier in 2024).

Any Scanner

As the maturity of AppSec teams increases over time, teams tend to use homegrown or heavily customized open-source scanners to ensure that vulnerabilities are identified before they can hit their production environments. However, tools come in many different flavors, just as each dev team may use a different tech stack with slightly different processes.

From a security engineering perspective, you ought to be able to consolidate and contextualize all tools that are used to ensure the integrity of your organization’s environment. In many cases though, this turns out to be a challenging and laborsome task that hurts the team’s effectiveness.

So to make this task easier and to extend the visibility provided by the Invicti ASPM Platform, we have developed the “Any Scanner” feature. It enables security teams to ingest a wide variety of custom scanner output.

A good use-case for this feature is to use the output of different linters in your Software Development Life Cycle (SDLC) processes to do custom checks. With the “Any Scanner” feature, you can re-use linter rules and outputs to perform checks in your pipelines and integrate the output with Invicti ASPM. With the data on our platform, you can take advantage of its correlation, deduplication, alerting and workflow automation features.

Here’s how it works:

1. Customize the linter rules.
2. Run the linter and generate a sample output.
3. Upload the JSON output to Invicti ASPM and start mapping fields.

The mapping process allows Invicti ASPM to understand which JSON fields correspond to the required Invicti ASPM fields. Once this is done, save the custom integration with a name of your choosing and use it in your SDLC.

The easiest way to use this feature is with Invicti ASPM's open-source CLI (KDT). An example command would be:

kdt scan -p ProjectName -t custom_scanner -b master -f results.json

Custom Threat Intelligence DB Integration

Application Security Processes (AppSec Processes) are all about the prioritization of vulnerabilities. Threat Intelligence is one of the most important aspects of an ASPM platform to achieve this.

The Invicti ASPM Platform provides a “Custom Threat Intelligence Database” integration that allows organizations to integrate their own threat intelligence (TI) databases. To integrate your threat intelligence database, just go to “Integrations” > “ Threat Intelligence” and activate “Custom TI DB”.

Once the integration has been successfully activated, you can feed your custom TI data to the Invicti ASPM Platform via the API. The following parameters are supported by the Invicti ASPM API:

• CVE ID: Required and must be unique.
• Description: Optional (default is empty).
• Observed in the wild: Optional (default is false).
• Known exploit: Optional (default is false).
• Publish date: Optional (defaults to the current time if sent as null).
• Risk Rating: Required (default is 0).

Here is a quick example in JSON:

{
"cve_id": "CVE-2018-14721", // required and must be unique
"description": "", // optional, default empty
"observed_in_the_wild": false, // optional, default false
"known_exploit": false, // optional, default false
"publish_date": "2023-08-16T19:05:01.000Z", // optional, it will current time if its sended null
"risk_rating": 2 // optional, default 0
}


Your threat intelligence data is accessible through the API. You can, for example, retrieve all your TI data using GET {API_BASE}/api/v3/threat_intelligence or a specific dataset using GET {API_BASE}/api/v3/threat_intelligence/{CVE_ID}.

The Custom TI DB integration is one of more than 20 new integrations that we have recently added to the Invicti ASPM Platform. Among them are new integrations for Contrast Security (IAST, SCA) and Red Hat (Red Hat Advanced Cluster Security), pushing the total number of available integrations to over 120, all developed and maintained in-house.

You can find the list of all integration related endpoints and capabilities supported by the Invicti ASPM API in our documentation.