SLScan Integration

The following guide helps you integrate and configure SLScan with Sprinto for vulnerability monitoring. You can also configure SLScan with code-hosting platforms like AWS CodeCommit, Azure DevOps, Bitbucket, and GitLab. Based on your SLScan use case, you can use the configuration procedure below.

How does this integration help

Sprinto check: Dependency vulnerability scanner SLScan should be running

• Vulnerability monitoring: The integration enhances your ability to monitor vulnerabilities detected by SLScan from your configured code hosting service. Resolving these vulnerabilities within the stipulated SLA is essential to meeting data security compliance requirements. Sprinto facilitates this process by assigning relevant Sprinto checks for open vulnerabilities and notifying designated stakeholders to take the necessary actions to address and resolve them.

Integrate SLScan on Sprinto

Follow the below applicable procedure to configure SLScan based on your use case:

Before you begin

• Log in to the Sprinto admin portal.

• Ensure you have admin access on the cloud service provider you wish to deploy SLScan.

• Ensure you have admin access to the SLScan account to perform the integration.

Vulnerability monitoring SLScan with AWS CodeCommit

1. Create a new AWS Role to configure SLScan on AWS.

   • Log in to the AWS Console using your credentials.

   • Navigate to the IAM service, then select Roles under Access Management.

     
   • Click Create role to create a new role.

     
   • Select the AWS account from the Select Trust Entities section.

     
   • Select the Another AWS account option, and enter the Account ID as 001360870653.

   • Select the checkbox next to the Require external ID option and enter the External ID as ImF3c2NjLTMzN2MyODZiLTRmYTgtNDQ4ZS04NTg1LTM3MDVlNDU2ZGMyNy01Ig==.

     
   • Do not select the Require MFA option.

   • Click Next to proceed further.

   • Select the following policies, then click Next.

     • AWSCodeCommitReadOnly

     • IAMReadOnlyAccess

       
   • Enter the role name and the description. Optionally, if required, you can add tags to the role. - Role name: sprinto-codecommit-role

     
   • Click Create role.

2. Copy the newly created roles ARNs.

   • Select the role you have created in the previous step. Use the search bar for quick navigation.

   • Copy the ARN and save it securely. We will need this detail on Sprinto.

     
3. Configure SLSacn for AWS CodeCommit.

   • Go to Security Hub > Vulnerabilities > Overview, and click Add monitoring source.

     
   • Click Choose next to SLScan.

     
   • Click Connect AWS CodeCommit to configure SLScan for AWS CodeCommit.

     
   • Click Connect AWS CodeCommit.

     
   • Select the acknowledgment checkbox, and click Let’s connect the AWS account.

     
   • Enter the ARN you copied from Step 1, and select your AWS account region.

   • Click Connect AWS CodeCommit.

     
4. Configure SLScan for CodeCommit.

   • From the Vulnerabilities Overview page, click Add monitoring source.

     
   • Click Choose next SLScan.

     
   • Click Choose next to Configure SLScan for CodeCommit.

   • Click Add SLScan for AWS CodeCommit.

     
5. Configure repos for vulnerability monitoring.

   • From the Vulnerability Overview page, select SLScan from the left-side navigation bar.

     
   • Click Manage SLScan.

     
   • The monitored code repositories are listed next to CodeCommit. If you don’t see any repos listed, click View to navigate to the Change mgmt section for repo classification.

Note: Vulnerabilities are monitored for all the “Production” classified code repositories.

Configure SLScan for Azure DevOps

1. Integrate SLScan for Azure DevOps.

   • Go to Security Hub > Vulnerabilities > Overview, and click Add monitoring source.

     
   • Click Choose next SLScan.

     
   • Click Connect Azure DevOps.

     
   • Click Connect from the integration page.

     
   • Log in to your Microsoft account using your credentials.

   • Follow the on-screen instructions to grant Sprinto the necessary permissions.

2. Add SLScan as a vulnerability source.

   • Come back to the Vulnerability Overview page and click Add monitoring source.

     
   • Click Choose next to SLScan.

     
   • Click Choose next to Configure Azure DevOps.

     
   • Click Add SLScan for Azure DevOps.

     
3. Configure repos for vulnerability monitoring.

   • From the Vulnerability Overview page, select SLScan from the left-side navigation bar.

     
   • Click Manage SLScan.

     
   • The monitored code repositories are listed next to DevOps. If you don’t see any repos listed, click View to navigate to the Change mgmt section for repo classification.

Note: All “Production” classified code repositories are monitored for vulnerabilities.

Configure SLScan for Bitbucket

Note: Ensure you’ve integrated and configured Bitbucket as a change management system. For detailed instructions, refer to the Bitbucket integration guide.

1. Integrate SLScan for Bitbucket.

   • Go to Security Hub > Vulnerabilities > Overview, and click Add monitoring source.

     
   • Click Choose next SLScan.

     
   • Click Connect Bitbucket.

     
   • Click Connect from the integration page.

     
   • Log in to your Bitbucket account using your credentials.

   • Follow the on-screen instructions to grant Sprinto the necessary permissions.

2. Add SLScan as a vulnerability monitoring source.

   • From the Vulnerability Overview page, click Add monitoring source.

     
   • Click Choose next to SLScan.

     
   • Click Choose next to Configure Bitbucket.

     
   • Click Add SLScan for BitBucket.

     
3. Configure the code repositories for vulnerability monitoring.

   • From the Vulnerability Overview page, select SLScan from the left-side navigation bar.

     
   • Click Manage SLScan.

     
   • The monitored code repositories are listed next to Bitbucket. If you don’t see any repos listed, click View to navigate to the Change mgmt section for repo classification. Note: All “Production” classified code repositories are monitored for vulnerabilities.

Configure SLScan for GitLab

1. Integrate SLScan for Gitlab.

   • Go to Security Hub > Vulnerabilities > Overview, and click Add monitoring source.

     
   • Click Choose next to SLScan.

     
   • Click Connect GitLab.

     
   • Click Connect from the integration page.

     
   • Log in to your GitLab account using your credentials.

   • Follow the on-screen instructions to grant Sprinto the necessary permissions.

2. Add SLScan as a vulnerability monitoring source.

• From the Vulnerability Overview page, click Add monitoring source.

  
• Click Choose Next to SLScan.

  
• Click Choose next to Configure GitLab.

  
• Click Add SLScan for GitLab.

  

1. Configure the code repositories for vulnerability monitoring.

• From the Vulnerability Overview page, select SLScan from the left-side navigation bar.

  
• Click Manage SLScan.

  
• The monitored code repositories are listed next to Gitlab. If you don’t see any repos listed, click View to navigate to the Change mgmt section for repo classification. Note: All “Production” classified code repositories are monitored for vulnerabilities.

Please contact Sprinto Support if you have any queries related to the the integration or need any assistance.