¶
Boostsecurity is an Application Security Posture Management (ASPM) solution that helps you build secure software, and secure your software supply chain.
Tutorials¶
- Establish Your First Connection - Learn how to integrate BoostSecurity with your Source Code Maanagement tools.
- Enable Zero Touch Provisioning - Learn to connect your SCM's with Zero Touch Provisioning.
- Build First Custom Policy - Learn how to create or change policies.
How-to Guides¶
- Integrate with Source Code Management - Dive deeper into managing SCM integrations and gain more insights into your supply chain.
- ZTP Wizard - Learn about the Zero Touch Provisioning Wizard and how to provisioning ZTP for all your SCMs.
- Tuning Provisioning - Learn how to reconfigure and optimize your provisioning.
- Policy - Learn how to create and manage policies.
- Software Bill Of Materials - Learn how to setup and use BoostSecurity's SBOM service.
- Findings - Learn how to manage your findings.
- APIs - Learn how to manage API resources.
- Integrate with Third Party Notification Services - Learn how to integrate with 3rd-party notification services like Teams, etc.
- Integrate with Third Party Scanners - Integrate with 3rd-party scanners.
Reference¶
- Platform UI - Dive deep into each aspect of the BoostSecurity user interface and gain understanding into how each view works.
- Scanner Coverage -
- CI Integration - Learn how to integrate BoostSecurity into your CI.
- Configuring Scanner Modules - Learn about all the supported scanner modules
- FAQ - common questions and answers about BoostSecurity
- What's new - List of latests changes to the service
BoostSecurity Scanner¶
The Boost Scanner provides out-of-the-box static-analysis automation with over 150 tuned rules to find across all cloud platforms and half a dozen programming languages. The Boost Scanner rules have been screened, tested, and adjusted to provide high-signal, low-noise results directly to developers before code is in production.
- All Rules - see the list of 150+ rules support by the Boost Scanner
- Secrets - rules for detecting secrets in source code
- Insecure Coding - rules for discovering vulnerabilities like the OWASP Top 10
- CI/CD - Supply Chain - rules for CI/CD - Supply Chain misconfigurations
- AWS - rules for cloud misconfigurations in AWS terraform and cloud formation
- GCP - rules for cloud misconfigurations in GCP terraform
- Azure - rules for cloud misconfigurations in Azure terraform
- Kubernetes - rules for misconfiguration in Kubernetes manifests
- X.509 - rules for misconfigurations in X.509 certificates
Integrations¶
- Jira - connect BoostSecurity findings to JIRA
- Slack - connect the BoostSecurity Activity Feed to Slack to see findings as they are discovered
- Teams - connect the BoostSecurity Activity Feed to Teams to see findings as they are discovered
- Dependabot - connect the BoostSecurity to Github's Dependabot API