Skip to main content
All CollectionsConnectorsApplication Security (SCA/SAST/DAST)
Qwiet.AI Connector
Qwiet.AI Connector
Updated this week

Am I reading the correct user guide?

Some connectors on the Vulcan help center offer multiple user guides tailored to different setups and versions.

Click on 'How to connect' on the Connector's setup page to open the right guide for your setup and version, ensuring accuracy and relevance.

Overview

About Qwiet.AI

Qwiet.AI uncovers, prioritizes, and generates fixes for your top vulnerabilities with a single scan that includes SAST, SCA, Container, Secrets, and SBOM.

Why integrate Qwiet.AI into the Vulcan platform?

The Qwiet.AI Connector by Vulcan integrates with the Qwiet.AI platform to pull and ingest Code Project assets and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.

Qwiet.AI Connector Details

Supported products

SAST, SCA, Container security

Category

Application Security - SCA

Application Security - SAST

Ingested asset type(s)

Code Projects

Integration type

UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)

Connector Setup

Prerequisites and user permissions

Before you begin configuring the Connector, make sure you have the following:

Generating API token and granting access

  1. Go to the Qwiet.AI platform > Organization tab.

  2. In the overview tab, you can see and reset the access token if needed.

  3. Since scans are performed per branch, Vulcan requires access to the most recent scan of a particular branch. Go to the Applications tab and click on the desired app name.

  4. Navigate to the Settings tab, click on Select Branch, and set a branch as the default.

Configuring the Qwiet.AI Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Qwiet.AI icon.

  4. Set up the Connector as follows:

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Qwiet.AI instance, then click Create (or Save Changes).

  6. The Advanced Configuration drop-down allows you to set the Connector's sync time. By default, all days are selected.

  7. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  8. Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.

  9. To confirm the sync is complete, navigate to the Connectors page. Once the Qwiet.AI icon shows Connected, the sync is complete.

Qwiet.AI in the Vulcan Platform

Viewing Qwiet.AI vulnerabilities in the Vulcan Platform

To view vulnerabilities by Connector:

  1. Go to the Vulnerabilities page.

  2. Click on Filter and set the condition to Vulnerability > Connector is Qwiet.AI.

Viewing Qwiet.AI assets in the Vulcan Platform

Viewing assets by Connector for users with the new platform view (Asset Hub):

  1. Go to the Assets page.

  2. Click on "Filter " and specify the condition as "Assets > Connector is Qwiet.AI".

Viewing assets by Connector for users with the older platform view:

  1. Go to the Assets page.

  2. Choose the relevant asset type tab.

  3. Click on "Filter" and specify the condition as "Assets > Connector is Qwiet.AI"

You can add more filters to narrow down your search further.
See the complete list of available asset filters.

Click on any asset for more asset details.

Taking Action on vulnerabilities and assets detected by Qwiet.AI

To take remediation action on vulnerabilities and assets detected by Qwiet.AI:

  1. Go to the Vulnerabilities pr Assets Page.

  2. Use the Filter to filter vulnerabilities by the Qwiet.AI connector and display all synced vulnerabilities/assets along with their associated assets/vulnerabilities.

  3. Select the relevant vulnerabilities/assets from the results list.

  4. Click on Take Action to proceed with remediation or further actions.

Automating remediation actions on vulnerabilities detected by Qwiet.AI

Use Vulcan Playbooks to create automation and remediate vulnerabilities at scale.

From Qwiet.AI to the Vulcan Platform - Data Mapping

The Vulcan Platform integrates with Qwiet.AI through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.

Code Project field mapping

Qwiet.AI UI field

Qwiet.AI API field

Vulcan field

Value example

App ID

id

Asset Uniqueness criteria

connector-lab

Application name

name

Code Project Name (name)

Language

scan.language

Code Project Language (language)

last scan date

scan.completed_at

Code Project Last report (last_seen)

2024-06-30T05:36:40.32902Z

App version
Lines of code
Platfrorm

scan.version,
scan.stats.data[*].key=Lines of code,
scan.platform

Code Project details(added_data)

tags

tags

Code Project Tags - Vendor’s tags (tags)

"tags": [
                {
                    "key": "group",
                    "value": "connector"
                }
            ],

Groups
Teams

tags[*]."key"= "group",
team_name

Code Project Tags - Additional (tags)

File name


SAST:
sink_user_location

Asset codebase - Source (SAST) (codebase)

File Location

SAST:
sink_user_location

Asset codebase - Location (SAST) (codebase)

"db-init.js:179"

library name

details.dependency.artifact_id


details.dependency.version

Asset libraries - Name (SCA)

(libraries)

"semver"

version

details.dependency.version

Asset libraries - Version (SCA)

(libraries)

"5.7.1"

App ID + Finding ID + Default branch

app + id + default_branch

Vulnerability instance uniqueness criteria

first seen

created_at

Vulnerability instance First seen (first_seen)

2024-06-23T10:37:37.530679Z

last seen

Vulnerability instance Last seen (last_seen)

Assigned to
Detailed info
branch name
scan id
base score
temporal score
impact subscore
shiftleft score
exploitability score
dependency
related uris
tags
Description

assignee,
description,
default_branch,
scan_first_seen,
base_score,
temporal_score,
impact_subscore,
shiftleft_score,
exploitability_subscore,dependency,related_uris,
tags,
description

Vulnerability instance details (added_data)

"type": "oss_vuln",
"container"

is_sca

"type": "vuln","oss_vuln","secret","security_issue"

is_sast

SAST and Secrets: category

OSS Vulns and Container: purl(e.g pkg:npm/ws@8.16.0)

Unique Vulnerability uniqueness criteria

Finding name

SAST and Secrets: category

OSS Vulns and Container: tags[*]."key": purl(e.g pkg:npm/ws@8.16.0)

Vulnerability title (title)

severity

tags[*]."key": "cvss_31_severity_rating"

Vulnerability score (cvss_score)

Description

Vulnerability description (description)

Other Considerations
Additional information
Category
Language
Platform
type

cvss

category,
language,
platform,
type,
tags[*]."key": "cvss_score"

Vulnerability details (added_data)

cve

tags[*]."key": "cve"

CVE/S (report_item_cve)

cwe

cwe

CWE (cwe)

fix

Solution uniqueness criteria

Upgrade to versions 5.7.2, 6.3.1, 7.5.2 or above.

Fix recommendation from http://Qwiet.AI

Fix - Title

fix

fix

Fix - Description

Vulnerability status mapping

Qwiet.AI Status

Vulcan Status

Open, 3rdparty

Vulnerable

fixed

Fixed

-

Ignored - false positive

ignore

Ignored risk acknowledged

Vulnerability score mapping

  • Based on the "severity" filed

Qwiet.AI score

Vulcan score

Critical

10

High

7

Medium

5

Low

3

0

Status Update Mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any are added).

The table below lists how the status update mechanism works in the Qwiet.AI connector for the vulnerabilities and assets in the Vulcan Platform.

Update type in Vulcan

Mechanism (When?)

The asset is archived

- Asset not found on the Connector's last sync

- Asset not seen for X days according to "Last Seen"

The vulnerability instance status changes to "Fixed"

- If the vulnerability no longer appears in the scan findings.

- Vulnerability status on the Connector's side changes to "FIXED".

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).

Support and Expected Behaviour

Support and expected behavior remarks on some Qwiet.AI ingested vs. un-ingested fields:

Successful sync without scans

The connector can successfully sync even if none of the assets have been scanned. In this case, only the asset inventory will be synced.

Fetching only scanned default branches of applications

  • Fetching all branches can result in duplicate data because different branches often share the majority of their codebase.

  • To avoid duplication, connections are overwritten, which can lead to missing the most up-to-date data from the relevant branch and scan.

  • For large clients, this process requires a significant number of API calls, as each app and branch must be queried separately.

Unscanned Applications

Unscanned applications will lack key data, including Language, Platform, and Last Seen information.

Limitations for Large Clients

Clients with over 13,500 code projects (approximately 10MB per request page) cannot integrate this connector due to the absence of pagination in the Apps request.

Missing branch details in scanned repositories

  • Sometimes, Qwiet.AI cannot retrieve detailed information about the scanned branch. As a result, findings from scanned applications without branch details cannot be ingested into the Vulcan platform.

  • This ensures consistent vulnerability data, as scans from different branches could otherwise introduce conflicting information.

API Endpoints in Use

API version: 4.0

API

Use in Vulcan

Permissions required

Test connection call

https://app.shiftleft.io/api/v4/orgs/{orgID}/apps

Assets

apps:list

Apps

https://app.shiftleft.io/api/v4/orgs/{orgID}/apps/{appID}/findings

Vulnerability Instance
Unique Vulnerability

findings:list

AppFindings

https://app.shiftleft.io/api/v4/orgs/{orgID}/my_scopes

Check required permissions

Permissions

https://app.shiftleft.io/api/v4/orgs/{orgID}/rbac/teams

Assets - Team name

teams:list

AppsTeam

https://app.shiftleft.io/api/v4/orgs/{orgID}/apps/{appID}/scanbranches

Assets - scanned branches

scans:read

AppBranches

Data Validation

This section shows how to validate and compare data between Vulcan and the Qwiet.AI platform.

Asset count validation

In Qwiet.AI UI:

  1. Navigate to the Applications tab in the Qwiet.AI UI.

  2. In the top left window, note the number of applications (both scanned and unscanned).

In Vulcan Platform:

  1. Go to the Assets tab in Vulcan.

  2. Click on the Filter button and set the condition as Assets > Connector is Qwiet AI.

  3. Click Apply to filter assets from the Qwiet AI connector.

  4. Note the filtered number of assets.

Note: Qwiet API may return data about apps not shown on the UI. Those apps have the same data (Findings) as others, but their ID is different.

Validation if an asset isn't present in Vulcan

  1. Archive according to date: Check the last_seen field to ensure it matches the archiving settings.

  2. Archive according to status: If an asset is absent, consider deletion based on its status.

  3. Loader/Checkbox: Ensure the loader/checkbox settings are correct.

Vulnerability count validation

In Qwiet.AI

Unique vulnerability counts are not displayed in the vendor's UI. Instead, the vendor presents connections between the app, findings, and default branch.

  • For Vulnerabilities and Secrets, the category is used to define uniqueness.

  • For OSS Vulnerabilities and Containers, the PURL (as shown in the Qwiet AI UI) is considered unique.

  1. Go to the Findings tab inside a scanned app. Ensure you are viewing results from the default branch and the latest available scan.

  2. In the Vulnerabilities tab, filter for unique vulnerabilities of the Qwiet AI connector.

  3. Select the ‘All’ tab to see the total number of unique vulnerabilities synced to Vulcan.

In Vulcan Platform

In Vulcan, vulnerabilities are aggregated based on their properties, depending on the type of vulnerability.

  1. Go to the Vulnerabilities tab in Vulcan.

  2. Click on the Filter button and set the conditions to filter the unique vulnerabilities of the Qwiet AI connector.

  3. Select the All tab to get the number of unique vulnerabilities synced to Vulcan.

Qwiet.AI Aggregation

  1. For Vulnerabilities and Secrets, categorize them as unique based on their properties.

  2. Use the Purl (Package URL) as a unique identifier for OSS vulnerabilities and containers.

Validation of vulnerability not present in Vulcan

  1. No asset has this vulnerability: Verify the asset-vulnerability mapping.

  2. If Qwiet.AI shows a finding that is not on the default branch or on the latest scan of the default branch, it will not be presented in Vulcan.

Vulnerability instance count validation

In Qwiet.AI

  1. Navigate to the Applications tab in the Qwiet.AI UI.

  2. Click on the application name from the list.

  3. Ensure the selected branch is the default branch, and the latest scan is selected.

  4. Sum the number of findings presented beside the Findings tab.

In Vulcan Platform

  1. Go to the Vulnerabilities tab in Vulcan.

  2. Click on the Filter button and filter vulnerabilities from the Qwiet AI connector.

  3. Switch on the Vulnerability Instance Mode.

  4. Note the total count of vulnerability instances.

Validation if a connection isn't present in Vulcan

  1. If the connection moves to fix or ignore status, you can see it in the Fixed and Acknowledged screens in Vulcan.

  2. If Qwiet.AI shows a finding that is not on the default branch or not on the latest scan of the default branch, it will not be presented in Vulcan.

Related Articles
Snyk Connector (new revision)
Checkmarx One Connector
GitLab Connector
Checkmarx CxSAST Connector (Rev. February 2024)
Veracode SAST Connector (new revision)
Did this answer your question?