Skip to main content

Connectors, Tools & Providers

The Connectors area lets you configure and manage all integrations with external services, including SCM providers, ticketing systems, container registries, cloud accounts, and custom security tools.

Overview

Connectors is divided into three tabs:

TabPurposeExamples
ConnectorsPre-built integrations that sync data or create artifacts (tickets, pull requests)Jira, ServiceNow, GitHub App, container registries
ToolsExternal security scanners and custom tools that Plexicus can invokeCheckmarx, Fortify, Black Duck, custom HTTP endpoints
ProvidersSource control and cloud account connectionsGitHub, GitLab, Azure DevOps, AWS, GCP, Azure

Connectors Tab

Built-in connectors

The Connectors tab shows available integrations, organized by category:

SCM & Code

  • GitHub (OAuth + Installation ID)
  • GitLab
  • Bitbucket Cloud
  • Gitea
  • Forgejo
  • Azure DevOps

Ticketing

  • Jira Cloud (OAuth)
  • ServiceNow (OAuth token)

Container & Registry

  • Docker Hub
  • Amazon ECR
  • Google Artifact Registry
  • Azure Container Registry
  • HashiCorp Artifactory

Cloud Accounts

  • AWS (IAM role or access key)
  • Google Cloud (service account)
  • Azure (subscription)
  • Oracle Cloud

Reporting

  • AI Report Import

Configure a connector

  1. Click the connector card
  2. Click Configure or Connect
  3. Follow the provider's OAuth or token flow
  4. (If applicable) Configure stage workflow, field mapping, or other settings
  5. Click Test Connection
  6. Click Save or Finalize

Disconnect a connector

  1. Click the connector card
  2. Click Disconnect or Delete
  3. Confirm the action

Tools Tab

The Tools tab lists external security scanners and custom integrations that Plexicus can invoke during scans.

Pre-built tools

Pre-configured commercial and open-source security tools:

SAST

  • Checkmarx (CxOne) — commercial
  • Fortify SSC — commercial
  • Sonarqube — commercial

SCA

  • Black Duck — commercial
  • Snyk — commercial

DAST

  • Burp Suite Professional — commercial

Cloud Security

  • Prowler — cloud compliance scanning

See Scanner Bundles for the complete catalog and parameter details.

Custom tools

Create custom tool integrations to invoke HTTP endpoints, scripts, or proprietary scanners:

  1. Click Add Custom Tool
  2. Provide:
    • Tool Name: A descriptive name (e.g., "Internal SAST Endpoint")
    • Endpoint URL: The HTTP endpoint that Plexicus will POST findings or scan requests to
    • Authentication: API key, bearer token, or basic auth
    • Parameters: Any tool-specific configuration (e.g., organization ID, workspace)
  3. Click Create

Test a tool

  1. Click the tool name
  2. Click Test
  3. Verify that the connection succeeds

Providers Tab

The Providers tab shows your connected source control and cloud account providers.

SCM providers

Plexicus supports seven source control systems:

ProviderTypeSetupPull RequestsNotes
GitHubCloud / Self-hostedOAuth + Installation IDUses GitHub App for repo access
GitLabCloud / Self-hostedToken + API URLSupports SaaS (gitlab.com) and self-hosted
Bitbucket CloudCloudOAuth tokenBitbucket Cloud only; Bitbucket Server not supported
GiteaSelf-hostedToken + URLLightweight self-hosted forge
ForgejoSelf-hostedToken + URLForgejo fork of Gitea
Azure DevOpsCloud / On-premPersonal Access Token (PAT)Supports both cloud and TFS/on-premises
TFVCOn-premShared Azure DevOps PATTeam Foundation Version Control; no PR support

Cloud account providers

Connect cloud accounts for cloud security scanning (CSPM, workload protection, entitlement management):

AWS

  • IAM Role (recommended) or access key
  • Used for cloud scans and CSPM

Google Cloud

  • Service Account JSON
  • Used for cloud scans and CSPM

Azure

  • Subscription ID + credentials
  • Used for cloud scans and CSPM

Oracle Cloud

  • Tenancy OCID + API signing key
  • Used for cloud scans

Adding a new provider

  1. Click Add Provider in the Providers tab
  2. Select the provider type (GitHub, AWS, etc.)
  3. Follow the OAuth or credential flow
  4. Confirm that repositories or cloud accounts are discovered
  5. Click Finalize

Managing providers

View provider details

  1. Click the provider name
  2. View:
    • Connected repositories or cloud accounts
    • Webhook status (for SCM)
    • Last sync time

Test provider connectivity

  1. Click the provider
  2. Click Test Connection
  3. Verify the status

Disconnect a provider

  1. Click the provider
  2. Click Disconnect
  3. Confirm; this will remove all repositories/accounts associated with it

Troubleshooting

"Connector not appearing"

  • Some connectors require a specific subscription tier (e.g., ServiceNow is Scale+)
  • Check your plan's entitlements

"Test connection failed"

  • Verify credentials are correct and not expired
  • For OAuth, re-authorize
  • For tokens, confirm the token has the necessary scopes

"Repositories/accounts not discovered"

  • Ensure the provider is fully connected and configured
  • Wait a few moments for the sync to complete
  • Refresh the page

"Custom tool endpoint timeout"

  • Verify the endpoint URL is reachable from Plexicus
  • Check firewall/network rules
  • Ensure the endpoint responds within 30 seconds

Next Steps

Once your connectors and tools are configured, you can: