Integrations
Our SaaS technology seamlessly integrates into your security workflow.
Or click on the logos for details on our integrations.
Source Code Management
CI/CD
Container
SIEM
Management Services
GitHub
What is it?
With every commit MergeBase analyses the code developers want to add to your repositories for known-vulnerabilities and triggers checks and automatic pull request reviews. You can configure these to extend full enterprise control over these potentially catastrophic risks to your organization.
What does the integration do?
Scans commits and pull requests and sends them to your MergeBase dashboard.
How does it work?
Enable Mergebase and immediately start receiving commit checks and pull request reviews.
Bitbucket
What is it?
With every commit, MergeBase analyses the code developers want to add to your repositories for known vulnerabilities and gives you detailed vulnerability information for your latest commits.
What does the integration do?
Scans commits and pull requests and sends them to your MergeBase dashboard.
How does it work?
Enable MergeBase Bitbucket Connect app integration and immediately get scan results for your Bitbucket repositories in your MergeBase dashboard.
Screenshots:
- Integration Request Access
GitLab
What is it?
GitLab is an integrated source code repository and CI/CD tool for managing the software development workflow using continuous integration and continuous deployment.
What does the integration do?
Integration with GitLab includes MergeBase vulnerability scanning in the Gitlab workflow by adding the MergeBase Command Line Tool (CLT) to your Gitlab CI/CD projects.
How does it work?
Integration adds a custom step to your pipelines to generate scans in your custom MergeBase dashboard.
Need more details? See our simple installation guide below:
Screenshots:
- Creating new CI/CD pipeline
- Example of using MergeBase in a pipeline
Other Source Code Management integrations
What is it?
While MergeBase doesn’t provide direct platform integration to other SCM platforms, the MergeBase CLT can be used to scan code from many other source code management systems.
Sends MergeBase notifications to the SIEM tool of your choice so that alert for new vunerabilities, changes in vulnerability severity and vulnerability breaches get injected into your regular SecOps workflow. For example, in Perforce, MergeBase can be implemented as a custom tool.
Please contact us for more information on less commonly-used tools.
Gitlab CI/CD
What is it?
GitLab is an integrated source code repository and CI/CD tool for managing the software development workflow using continuous integration and continuous deployment.
What does the integration do?
Integration with GitLab includes MergeBase vulnerability scanning in the Gitlab workflow by adding the MergeBase Command Line Tool (CLT) to your Gitlab CI/CD projects.
How does it work?
Integration adds a custom step to your pipelines to generate scans in your custom MergeBase dashboard.
Need more details? See our simple installation guide below:
Screenshots:
- Creating new CI/CD pipeline
- Example of using MergeBase in a pipeline
Jenkins
What is it?
MergeBase is an SCA extension (software composition analysis) that scans your applications within Jenkins. It helps your development teams identify dangerous and insecure library versions early. Your results will be displayed in your own web-based dashboard.
What does the integration do?
Integrates a MergeBase scan into your Jenkins CI/CD pipeline.
How does it work?
Add the Jenkins plugin to your Jenkins projects; view the scans in your custom dashboard.
Need more details? See our simple installation guide below:
Screenshots:
- Plugin Settings
- Plugin Settings
Bamboo
What is it?
MergeBase is an SCA extension (software composition analysis) that scans your applications within your Bamboo plans. Use MergeBase to help your development teams identify dangerous and insecure library versions early. Your results will be displayed in your own web based dashboard.
What does the integration do?
Integrates MergeBase into Bamboo CI/CD pipelines.
How does it work?
Add the plugin, and enter your credentials. You will receive the scans in your custom dashboard.
Need more details? See our simple installation guide below:
Screenshots:
- Plugin Settings
Teamcity
What is it?
Scan your source code with MergeBase directly from it.
What does the integration do?
Scan your source code with MergeBase directly from your Teamcity Ci/CD pipeline.
How does it work?
Add the Mergebase CLT to your TeamCity projects, then view the scans in your custom dashboards.
Need more details? See our simple installation guide below:
Screenshots:
- Product Screenshot
Azure DevOps
What is it?
MergeBase is an SCA extension (software composition analysis) that scans your applications within your azure DevOps plans. Use MergeBase to help your development teams identify dangerous and insecure library versions early. Your results will be displayed in your own web based dashboard.
What does the integration do?
Integrates mergebase into azure devops DevOps pipeline jobs.
How does it work?
Add the plugin, and enter your credentials. You will receive the scans in your custom dashboard.
Need more details? See our simple installation guide below:
Screenshots:
- Plugin Settings
- Settings-as-code
Bitbucket Pipelines
What is it?
Bitbucket Pipelines is a tool for software development using continuous integration and continuous deployment
What does the integration do?
Integrates a MergeBase scan into your Bitbucket pipeline.
How does it work?
Add the pipeline, and enter your credentials. You will then receive scans in your custom MergeBase dashboard.
Need more details? See our simple installation guide below:
Screenshots:
- Product Screenshot
Github Action
What is it?
A Github action to scan your repositories with MergeBase. Supports Java w/ Maven, NPM, .NET, Ruby, and more.
What does the integration do?
Adds a MergeBase scan as an action to your Github development pipeline.
How does it work?
Add the action, and enter your credentials. You will then receive scans in your custom MergeBase dashboard.
Need more details? See our simple installation guide below:
Screenshots:
- How to add from Marketplace
- Details
Other CI/CD Integrations
What is it?
MergeBase supports all CI/CD platforms that allow custom scripts. The MergeBase CLT can be downloaded and run programmatically to suit your use case.
The MergeBase CLT is a Java JAR which, when run, will scan your source or binary code and upload results to the dashboard. The execution can be customized with many additional arguments to suit your project’s needs.
How does it work?
To use the CLT in your CI/CD scripts, see the “Downloading via API” section of the MergeBase manual
Requirements:
- Java 8+ available to the scripting environment and network access to your MergeBase dashboard.
Docker
What is it?
Docker is a set of platform-as-a-service products that use OS-level virtualization to deliver software in packages called containers.
What does the integration do?
Scans docker containers for vulnerable binaries.
How does it work?
Invoke the MergeBase CLT.
Need more details? See our simple installation guide below:
Screenshots:
- Product Description
IBM QRADAR
What is it?
IBM QRadar XDR, a modular security suite, helps security teams gain visibility to quickly detect, investigate and respond to threats.
What does the integration do?
Sends MergeBase alerts through Syslog to QRadar or other SIEM platforms.
How does it work?
Enable the integration by setting configuration values in the MergeBase dashboard.
Need more details? See our simple installation guide below:
Slack
What is it?
Slack is a team messaging app used by companies and developers.
What does the integration do?
Sends MergeBase notifications to Slack.
How does it work?
Enable the integration on the MergeBase dashboard and start receiving notifications in Slack.
Need more details? See our simple installation guide below:
Screenshots:
- Settings
- Notification Example
Splunk
What is it?
Splunk is a data platform that powers enterprise observability, unified security and limitless custom applications in hybrid environments.
What does the integration do?
Sends MergeBase notifications to Splunk.
How does it work?
Enable the integration on the MergeBase dashboard and start receiving notifications in Splunk.
Need more details? See our simple installation guide below:
Screenshots:
- Mergebase Settings for Splunk
Microsoft Teams
What is it?
Teams is a messaging app created by Microsoft for organizations and teams.
What does the integration do?
Sends MergeBase notifications to Teams.
How does it work?
Enable the integration on the MergeBase dashboard and start receiving notifications in Teams
Need more details? See our simple installation guide below:
Screenshots:
- Mergebase settings for Microsoft Teams
Other SIEM tools
What is it?
MergeBase supports the RFC-5424 and LEEF standards for itnegration with virtually any SIEM tool.
What does the integration do?
Sends MergeBase notifications to the SIEM tool of your choice so that alert for new vunerabilities, changes in vulnerability severity and vulnerability breaches get injected into your regular SecOps workflow.
How does it work?
Enable the integration in Setings/Integrations on the MergeBase dashboard, set up receiving the messages in your SIEM tools and start receiving vulnerability notifications.
Jira
What is it?
Plan, track, and manage your agile and software development projects in Jira. Customize your workflow, collaborate, and release great software.
What does the integration do?
Add Jira tickets for vulnerabilities found by MergeBase.
How does it work?
After enabling the Jira integration you can create tickets directly from the MergeBase dashboard.
Need more details? See our simple installation guide below:
Screenshots:
- Settings for Jira Integration
ThreatConnect
What is it?
The ThreatConnect Platform is the unifying force across security teams, fusing cyber threat intelligence, knowledge, and tradecraft across cybersecurity operations and enabling machine power to maximize operational effectiveness and efficiency.
What does the integration do?
Sync your MergeBase vulnerability information to the ThreatConnect intel platform.
How does it work?
Enable the integration on the MergeBase dashboard
Need more details? See our simple installation guide below:
Screenshots:
- Settings
- Screenshot of group created in Threatconnect
Kenna Security
What is it?
Kenna processes and analyzes 18+ threat and exploit intelligence feeds, 12.7+ billion managed vulnerabilities, and your enterprise’s security data to give you an accurate view of your company’s risk.
What does the integration do?
Add MergeBase vulnerability results to your Kenna Dashboard.
How does it work?
Talk to us for more information.
Need more details? See our simple installation guide below:
Nucleus
What is it?
Nucleus Security is an automated vulnerability management solution that accelerates vulnerability response and enhances application security.
What does the integration do?
Import your MergeBase scans to the Nucleus Reporting Platform.
How does it work?
Add a MergeBase connector to your Nucleus dashboard. You are then able to import your MergeBase scans into the Nucleus platform.
Need more details? See our simple installation guide below:
Screenshots:
- How to setup Mergebase connector in Nucleus
- Settings page for API in MergeBase
API
What is it?
MergeBase provides a protected API for integration with virtually any management tool, including in house developed tools.
What does the integration do?
Provides access to the scan results in MergeBase. In addition to this you can receive notifications through the RF-5424 standard.
How does it work?
Enable the integration in Setings/Integrations on the MergeBase dashboard and use the API key provided there.
Dont’t see the integration you are looking for?
We might have it, or have a way to support you. Please connect with us.
Get a personalized Demo!
Check how MergeBase works throught the development lifecycle in your company.
Book a Demo