SAST Integrations — Static Code Analysis
Static analysis findings are only actionable when they reach the team that owns the code — with the source file, the line, and the fix point. Centraleyezer imports SAST results from HCL AppScan on Cloud and AppScan 360 complete with call traces and best-fix-point markers, and scores them alongside your DAST and infrastructure findings so code-level risk competes fairly for remediation attention.
HCL AppScan on Cloud
HCL AppScan on Cloud (ASoC) — dynamic web application testing and static source code analysis imported over the ASoC API with an API key. XML report import also supported.
Integration guideHCL AppScan 360
HCL AppScan 360 self-managed platform — DAST and SAST results imported over the same AppScan REST API, pointed at your own AppScan 360 deployment.
Integration guideSnyk Code
Snyk SAST and SCA findings import covering static code analysis (Snyk Code) and open-source dependency vulnerabilities (Snyk Open Source).
Semgrep
Semgrep static analysis findings for custom and community rule sets. Covers security anti-patterns, hardcoded secrets, and OWASP Top 10 code-level issues.
Checkmarx
Checkmarx SAST scan result import covering source code vulnerabilities, data flow analysis, and OWASP/SANS classification.
Fortify SAST (OpenText)
OpenText Fortify Static Code Analyzer scan results — covers 800+ vulnerability categories across 27+ programming languages.