Docs/Security Scanners

Security Scanners

TigerGate provides seven specialized scanners covering every layer of your application stack

Code Scanner

SAST, SCA, Secrets, IaC scanning

Cloud Scanner

Multi-cloud CSPM with 900+ checks

Attack Scanner

DAST & AI-powered pentesting

Runtime Protection

eBPF-based monitoring

Code Scanner

Scan your repositories for vulnerabilities, secrets, and misconfigurations with SAST, SCA, and IaC scanning.

Supported Scan Types

SAST (Static Analysis)

Detect security vulnerabilities in source code

  • • SQL Injection (CWE-89)
  • • XSS (CWE-79)
  • • Command Injection (CWE-78)
  • • Path Traversal (CWE-22)

SCA (Dependency Analysis)

Identify vulnerable dependencies

  • • CVE detection via OSV database
  • • License compliance
  • • Outdated packages
  • • Transitive dependencies

Secrets Detection

Find exposed credentials and keys

  • • AWS/GCP/Azure credentials
  • • API keys and tokens
  • • Private keys
  • • Database passwords

IaC Security

Scan infrastructure as code

  • • Terraform misconfigurations
  • • Kubernetes manifests
  • • CloudFormation templates
  • • Docker security

Connecting Repositories

Connect your GitHub, GitLab, or Bitbucket repositories from the dashboard:

  1. Navigate to Settings → Integrations → Source Control
  2. Click "Connect" for your provider (GitHub, GitLab, Bitbucket)
  3. Authorize TigerGate to access your repositories
  4. Select repositories to scan

API Usage

curl -X POST https://api.tigergate.dev/api/scans \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "organization_id": "org-uuid",
    "provider": "github",
    "owner": "your-org",
    "repo_name": "your-repo",
    "branch": "main",
    "scan_config": {
      "enable_sast": true,
      "enable_sca": true,
      "enable_secrets": true,
      "enable_iac": true
    }
  }'

Cloud Scanner

Scan your cloud infrastructure for misconfigurations across AWS, Azure, GCP, Oracle, and Kubernetes.

Supported Clouds

AWS

576+ checks based on CIS v1.5.0

IAM, S3, EC2, RDS, Lambda, VPC, and 80+ services

Azure

162+ checks based on CIS v1.5.0

Storage, VMs, NSGs, AKS, Key Vault, and more

GCP

79+ checks based on CIS v1.3.0

Compute, GCS, Cloud SQL, GKE, IAM, and more

Kubernetes

83+ checks based on CIS v1.8.0

RBAC, Pod Security, Network Policies, and more

Connecting Cloud Accounts

Create a read-only IAM role for TigerGate to scan your cloud resources:

# AWS - Use CloudFormation template
aws cloudformation create-stack \
  --stack-name TigerGateSecurityAudit \
  --template-url https://install.tigergate.dev/aws-role.yaml \
  --capabilities CAPABILITY_IAM

Attack Scanner

Perform DAST scanning and AI-powered penetration testing on web applications and APIs.

Scan Types

  • DAST Scanning - Dynamic testing with Nuclei templates for OWASP Top 10 coverage
  • AI Pentesting - GPT-4/Claude-powered intelligent attack simulation
  • API Fuzzing - Automated API endpoint testing for injection vulnerabilities

Runtime Protection

eBPF-based runtime monitoring for real-time threat detection and compliance evidence collection.

Monitored Events

  • Process execution (execve syscalls)
  • File operations (open, write, unlink)
  • Network connections (outbound traffic)
  • Privilege escalation (setuid/capabilities)

See the Agent Deployment Guide for installation instructions.

Next Steps

Set Up IntegrationsAPI ReferenceCompliance FrameworksCode Security Product Page