Manage the full collector lifecycle in the tenant console. Create, edit, delete, generate credentials, and validate SARIF files. Upload findings via API only.
The Collector can be managed through the tenant for the full collector lifecycle, creation, credential generation, SARIF validation, editing, and deletion. Finding upload is performed exclusively through the API workflow.
Navigate to Data Sources
Navigate to → .
Filter by Name = 3rd Party AppSec Collector.
The Collector instances page displays all existing 3rd Party AppSec Collector instances.
Create a collector
The collector creation wizard consists of three sequential steps: configure Collector, API Key, and validate File Format.
Step 1: Configure collector
Define the collector identity and configuration.
Select + Add New or select Add Another Instance if a collector is displayed.
Enter a Collector Name (required). Set the collector name to match the
tool.driver.namefield from the SARIF file for consistent identification across the platform.Note: The collector name is the primary identifier for the collector instance. Use a descriptive name that identifies the third-party tool.
Select .
Step 2: API Key
Copy the generated API credentials for use in the upload workflow.
Review the success message confirming the collector was created.
Copy the Token ID (first credential value), used as the
x-crtx-auth-idheader.Copy the API Token (second credential value), used as the Authorization header.
Select to copy the collector-specific upload endpoint.
Optionally select View Examples to display cURL and Python upload examples.
Select .
Important
The Token ID and API Token are displayed only once. Copy and store the credentials securely before proceeding. If the credentials are lost, edit the collector to regenerate the credentials.
Step 3: Validate file format (optional)
Validate a SARIF file to verify the format before production use.
Upload a SARIF file using the file input.
Review the validation result. Values: Valid, Partially Valid and Invalid. Refer to Technical requirements and SARIF specifications for more details about each option.
Select
Doneto complete the collector creation.
Edit a collector
Navigate to → → .
Select the collector instance to edit.
Modify the Collector Name.
Select to apply the changes.
Note
Editing a collector does not regenerate the API credentials. The existing credentials remain valid after editing the collector name.
Delete a collector
Navigate to → → .
Select the collector instance.
Select the delete action for the collector instance.
Confirm the deletion.
Caution
Deleting a collector permanently removes the collector instance and invalidates the associated API credentials. Existing findings that were previously ingested through the deleted collector remain in the platform and are not affected by the deletion.
Validate a SARIF file (post-creation)
Validate a SARIF file against an existing collector instance without uploading findings.
Navigate to → → .
Select the Test action for the collector instance.
Upload a SARIF file using the file input.
Review the validation result (VALID, PARTIALLY_VALID, or INVALID). The validation panel displays the status and any issues detected.