Centralize findings from supported third-party or SARIF-compatible scanners into Cortex Cloud. Unified triage, Urgency-based priority, and policy enforcement in one view.
Cortex Cloud third-party ingestion centralizes security findings from external scanners into a unified data model. By normalizing data from supported vendors and SARIF-compatible tools, the platform provides a single interface for triage, Urgency-based prioritization, and Unified Application Security Policy enforcement. This ensures that external findings are treated with the same consistency and code-to-cloud traceability as native Cortex Cloud detections.
The scope of this integration includes onboarding recognized vendors and ingesting custom findings through the generic 3rd Party AppSec Collector. Once ingested, these findings populate the standard Code Weaknesses and SCA CVE tables, allowing organizations to maintain global governance and remediate critical risks without switching between disparate vendor dashboards.
License miscompliance not supported
Third-party SCA ingestion covers CVE vulnerabilities only. The License Miscompliance and Package Operational Risk issue types are produced exclusively by the native Cortex Cloud SCA scanners and are out of scope for third-party ingestion, even when the source vendor emits license or operational-risk data in its native API.
Core achievements:
Unified policy governance (strategic): Every ingested finding becomes subject to the same Unified Application Security Policies, Urgency classification, and SBAC scope as native Cortex Cloud scanner findings
Shift-left enforcement via push (proactive): Third-party SARIF pushed from CI/CD pipelines is evaluated by CI Scan policies and can block the build before deployment
Continuous backlog detection via pull (reactive): Native integrations with supported vendors surface findings that already exist in the codebase, feeding Urgency-based prioritization and SLA tracking
Single-pane triage (tactical): All findings appear in the Code Weaknesses and SCA CVE tables with consistent Urgency-based prioritization, eliminating context-switching across vendor dashboards
Code to Cloud trace integrity (enabler): Repository mapping connects every ingested finding to deployment signals (such as Is Deployed, Internet Exposed) that drive Urgency classification
Supported integrations
Cortex Cloud Application Security supports the following third party ingestions:
Repository mapping
Every ingested finding must map to a Cortex Cloud repository asset. For native vendor integrations, mapping is performed during the wizards Map Repositories step. For the generic SARIF collector, the mapping is supplied at upload time.
Note
Only onboarded and scanned repositories can be mapped.
Policy enforcement on ingested findings
Ingested third-party findings are evaluated by Unified Application Security Policies during periodic scans. Policies with a Periodic Scan trigger can create issues, send notifications, or trigger remediation actions on ingested findings. Policies with PR Scan or CI Scan triggers also evaluate ingested findings when the findings are pushed through the generic SARIF collector at the corresponding SDLC stage. For policy configuration, refer to Unified Application Security policies.
View ingested data
SAST findings and issues:
Code Weaknesses issues page: View dedicated SAST issues on the SAST code weaknesses (CWEs) page
Asset inventories Code Weaknesses tab for repositories: Refer to Repository as an asset and review the relevant tab for more information
Asset inventories Code Weaknesses tab for applications: Refer to Business application assets for more information
CVE vulnerabilities findings and issues:
Vulnerabilities issues page: View CVE vulnerabilities on the Software Composition Analysis (SCA) vulnerability issues page
Asset inventories Vulnerabilities tab for repositories: Refer to Repository as an asset and review the relevant tab for more information
Asset inventories Vulnerabilities tab for applications: Refer to Repository as an asset and review the relevant tab for more information