BoostSecurity is a security automation platform to manage workflows that connect security tooling to developers with frictionless integrations.

User Guide

• What's new - List of latests changes to the service
• Getting Started - learn how to integrate BoostSecurity with your SCM
• Integrating Boost with your CI - learn how to integrate BoostSecurity with your CI
• Configuring Scanner Modules - learn about all the supported scanner modules
• Creating and Managing Policies - learn how to create or change policies
• Creating an API Key - lean how to create an API Key
• Scanning Generated Artifacts - learn how to scan artifacts generated in your CI
• Software Bill Of Materials - learn how to setup and use Boostsecurity's SBOM service
• Using the GraphQL API - lean how to use the GraphQL APIs
• FAQ - common questions and answers about BoostSecurity

Boost Scanner

The Boost Scanner provides out-of-the-box static-analysis automation with over 150 tuned rules to find across all cloud platforms and half a dozen programming languages. The Boost Scanner rules have been screened, tested, and adjusted to provide high-signal, low-noise results directly to developers before code is in production.

• All Rules - see the list of 150+ rules support by the Boost Scanner
• Secrets - rules for detecting secrets in source code
• Insecure Coding - rules for discovering vulnerabilities like the OWASP Top 10
• CI/CD - Supply Chain - rules for CI/CD - Supply Chain misconfigurations
• AWS - rules for cloud misconfigurations in AWS terraform and cloud formation
• GCP - rules for cloud misconfigurations in GCP terraform
• Azure - rules for cloud misconfigurations in Azure terraform
• Kubernetes - rules for misconfiguration in Kubernetes manifests
• X.509 - rules for misconfigurations in X.509 certificates

Integrations

• Jira - connect BoostSecurity findings to JIRA
• Slack - connect the BoostSecurity Activity Feed to Slack to see findings as they
• Dependabot - connect the BoostSecurity to Github's Dependabot API