Code Scanner support

Pixee automatically triages and fixes issues detected by code scanning tools when synced with the results of those scans. This page explains how to integrate code scanning tools with Pixee.

Supported Tools

• Sonar (SonarCloud and SonarQube)
• Semgrep
• CodeQL
• Snyk
• Contrast Security
• HCL AppScan
• Checkmarx

Supported Rules

Pixee can triage (T) and/or fix (F) a wide range of security issues detected by code scanning tools. Many of these issues are common across tools and languages, such as:

• SQL Injection (T+F)
• Cross-Site Scripting (XSS) (T+F)
• Insecure Deserialization (T+F)
• Insecure Randomness (T+F)
• XML External Entity (XXE) (F)
• Insecure Cookie Handling (F)
• Command Injection (T+F)
• Insecure Configuration (T)
• Sensitive Data Logging (T)
• Resource Leak (F)
• Detailed Error Messages (T+F)
• SSRF (T+F)
• Hardcoded Passwords (T)
• XPath Injection (T+F)
• HTTP Response Splitting / Response Smuggling / Header Injection (T+F)
• Log Forging (T+F)
• Path Traversal (T)
• Open Redirect (T)
• ... and more!

In addition, Pixee can triage and fix a variety of tool-specific, language-specific and code quality issues, too!

Note that we won't claim support for a code scanner until we offer significant rule coverage, and we will then continue to mature our offering until complete. In this sense, we are always improving and expanding our rule coverage on all tools as we continue adding more triage and fix capabilities.

GitHub Action

Pixee provides a GitHub Action that can be used to upload the results of code scanning tools to Pixee.

We are also working to support "native" integrations with code scanning tools. If you need support for a tool not listed here, please contact us.