Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiCNAPP Administration Guide
    26.2.0
    26.2.0

    Code Security support matrix

    Code Security support matrix

    The following content provides a high level list of scanners that are currently supported by Code Security. Select a scanner from the list or see Features for more information.

    Scanner

    Description
    Infrastructure-as-Code Security

    Scans your IaC configuration files to detect configuration issues. The languages supported by IaC are Cloudformation, Dockerfiles, Helm Charts, Kustomize, Terraform, and Terraform-plan. See Supported languages.

    FortiCNAPP's IaC static analyzer, Opal, evaluates IaC files for potential AWS, Azure, Google Cloud, and Kubernetes security and compliance violations prior to deployment. See Opal Engine.
    Software Composition Analysis (SCA)

    Scans for vulnerabilities in the open-source libraries and components used by the application. The programming languages supported by the SCA scanner are .NET, C/C++, Go, Java, NodeJS, PHP, Python, Ruby, and Rust. See Languages supported by SCA.

    The SCA binary component used in the lacework component install sca CLI command allows you to scan SCA, SAST, and secrets. See Overview.
    Static application security testing (SAST)

    Scans the source code of an application during development to minimize zero-day vulnerabilities. The application languages supported for SAST are Go, Java, JavaScript, PHP, Python, and Typescript. See Languages supported by SAST.

    Secrets detection

    The secret scanner detects secrets found in your first party source code, including IaC and Application code. The secret scanner scans hard coded secrets such as passwords, API keys, tokens, and more. See Detectable secrets.

    License compliance

    Detects the licenses found in your software projects based on the 3rd party packages you are importing. See License compliance.

    Source control management (SCM) integrations

    FortiCNAPP Code Security can integrate with the following SaaS SCM providers:

    • GitHub

    • GitLab

    • BitBucket

    See Integrating with an SCM and Requirements.

    Supported CI/CD pipeline tools

    CI/CD providers currently supported for IaC include:

    • Atlantis

    • Azure DevOps

    • GitHub actions

    • GitLab pipeline

    • GitLab self-hosted pipeline

    • Jenkins

    Furthermore, CI/CD providers currently supported for SCA and SAST include:

    • GitHub actions

    • GitLab pipeline

    For more information, see Integrate with a CI/CD pipeline and Requirements.

    Previous
    Next

    Code Security support matrix

    Code Security support matrix

    The following content provides a high level list of scanners that are currently supported by Code Security. Select a scanner from the list or see Features for more information.

    Scanner

    Description
    Infrastructure-as-Code Security

    Scans your IaC configuration files to detect configuration issues. The languages supported by IaC are Cloudformation, Dockerfiles, Helm Charts, Kustomize, Terraform, and Terraform-plan. See Supported languages.

    FortiCNAPP's IaC static analyzer, Opal, evaluates IaC files for potential AWS, Azure, Google Cloud, and Kubernetes security and compliance violations prior to deployment. See Opal Engine.
    Software Composition Analysis (SCA)

    Scans for vulnerabilities in the open-source libraries and components used by the application. The programming languages supported by the SCA scanner are .NET, C/C++, Go, Java, NodeJS, PHP, Python, Ruby, and Rust. See Languages supported by SCA.

    The SCA binary component used in the lacework component install sca CLI command allows you to scan SCA, SAST, and secrets. See Overview.
    Static application security testing (SAST)

    Scans the source code of an application during development to minimize zero-day vulnerabilities. The application languages supported for SAST are Go, Java, JavaScript, PHP, Python, and Typescript. See Languages supported by SAST.

    Secrets detection

    The secret scanner detects secrets found in your first party source code, including IaC and Application code. The secret scanner scans hard coded secrets such as passwords, API keys, tokens, and more. See Detectable secrets.

    License compliance

    Detects the licenses found in your software projects based on the 3rd party packages you are importing. See License compliance.

    Source control management (SCM) integrations

    FortiCNAPP Code Security can integrate with the following SaaS SCM providers:

    • GitHub

    • GitLab

    • BitBucket

    See Integrating with an SCM and Requirements.

    Supported CI/CD pipeline tools

    CI/CD providers currently supported for IaC include:

    • Atlantis

    • Azure DevOps

    • GitHub actions

    • GitLab pipeline

    • GitLab self-hosted pipeline

    • Jenkins

    Furthermore, CI/CD providers currently supported for SCA and SAST include:

    • GitHub actions

    • GitLab pipeline

    For more information, see Integrate with a CI/CD pipeline and Requirements.

    Previous
    Next