Stealth

Getting Started

Supported browsers

Stealth supports the latest versions of the following web browsers:

To start performing basic tasks in the Stealth application:

Create or log in to a Stealth account

To create a free account or sign up for a pricing plan, visit our website. For details about pricing plans, contact our sales team.

If your company has an existing Stealth account and uses single sign-on (SSO), use the SSO link provided by your administrators.

If your company requires an invitation to use Stealth, when you log in for the first time, you may see a list of Organizations, which in Stealth control access to Projects. To request access to an Organization, select the name of an Organization Admin in order to request access.

When you log in to the Stealth Web UI, Stealth shows your preferred (default) Organization. Stealth also uses the settings for your preferred Organization when you test a Project locally using the CLI. To change your default Organization, refer to your account preferences and settings documentation.

Set up a Stealth integration

For Stealth to know where to scan, you must provide it with access to your environment. The type of integration you need depends on what systems you use, what you want to scan, and where you want to add the integrations - Organization or Group level.

To scan your code, you must first integrate Stealth with the repository holding that code.

Guided process

After creating a Stealth account, you can follow the optional getting started walkthrough prompts to provide information and help Stealth guide your experience. This includes choosing an integration method, setting access permissions, configuring automation settings, and authenticating that integration.

Alternatively, if you want to scan your code without authenticating to your source code repository, you can select the CLI integration. This allows you to run scans from your local machine and upload results to your Organization in Stealth.

Manual process

You can add an integration to Stealth manually at any point, from the Stealth Web UI. To do this, navigate to Integrations > Source Control.

Obtain and use your Stealth API token

Your Stealth API token is a personal token available under your user profile. The Stealth API token is associated with your Stealth Account and not with a specific Organization.

Free and Team plan and trial users have access only to this personal token under the user profile. The personal token can be used to authenticate with the Stealth CLI running on a local or a build machine and an IDE when you are setting a token manually. Use a personal token with caution if you are authenticating for CI/CD or with the API, which is available for Enterprise plan users only.

To obtain your personal Stealth API token:

  1. Log in to Stealth and navigate to your personal account settings.
  2. In your General settings, under API Token, select click to show.
  3. Highlight and copy your API key.

If you want a new API token, select Revoke & Regenerate, but be aware that this will make the previous API token invalid.

For information on when to use an API token and when to use a service account token, available to Enterprise plan users only, contact our support team.

Import a Project to scan and identify issues

Stealth Projects are items that Stealth scans for issues, for example, a manifest file listing your open-source dependencies.

When you import a Project, Stealth scans that imported Project, and displays the results for you to review.

Importing a Project also does the following:

  • Sets Stealth to run a regular scan on that Project for issues.
  • Initiates some automation, especially default Stealth tests on pull and merge requests, which help prevent vulnerabilities from being added to the Project. This automation fails builds according to your conditions and can be disabled or customized in your integration settings.

Set up Stealth AppRisk

Stealth AppRisk enables Application Security teams to implement, manage, and scale a modern, high-performing, developer security program. It covers use cases under Application Security Posture Management (ASPM).

Review results and fix your issues

After you have imported a Project, and Stealth has scanned that Project for issues, you can view the results of your scan and take action to fix issues. You can see the number of issues found, grouped by severity level (Critical, High, Medium or Low).

The scan results and available actions depend on the type of Project you scan:

  • Open-source libraries
  • Application code
  • Container images
  • Infrastructure as Code (IaC), Kubernetes, Helm and Terraform configuration files and cloud misconfigurations

Previous

What is Stealth?

Next

Explore the Stealth Web UI

On this page