Invicti ASPM

Invicti ASPM

Category: ASPM
License: Commercial
Visit Website →

Invicti ASPM combines Invicti’s proof-based DAST with Kondukto’s security orchestration.

Unlike typical ASPM tools that struggle with false positives, Invicti ASPM uses proof-based scanning to safely validate exploitability before flagging issues—delivering 99.98% accuracy.

Key Capabilities

FeatureDescription
Proof-Based ScanningDAST engine validates exploitability before flagging issues, eliminating false positives
DeduplicationNormalizes and deduplicates findings across all tools with suppression rules
SBOM RadarTracks component vulnerabilities, license risks, and alerts for newly vulnerable dependencies
Fix RescanningAuto-verifies fixes: rescan → close ticket if fixed, reopen if not
Developer TrainingSecureCodeWarrior videos embedded in findings for in-context learning

CLI Tool (KDT)

Install via curl or download from GitHub:

curl -sSL https://cli.kondukto.io | sh
export INVICTI_ASPM_HOST=https://your-instance.invicti.com
export INVICTI_ASPM_TOKEN=your_api_token
CommandDescription
kdt scan -p Project -t semgrep -b mainTrigger scan
kdt scan ... --threshold-crit 0 --threshold-high 5With thresholds
kdt scan ... -f results.jsonImport results from file
kdt scan ... --asyncNon-blocking scan
kdt scan ... --image myapp:latestContainer scan
kdt release -p Project -b main --sast --scaCheck release criteria
kdt sbom import -f sbom.json -p Project -b mainImport SBOM

GitHub Actions Example

- name: Security Scan
  env:
    INVICTI_ASPM_HOST: ${{ secrets.INVICTI_ASPM_HOST }}
    INVICTI_ASPM_TOKEN: ${{ secrets.INVICTI_ASPM_TOKEN }}
  run: |
    curl -sSL https://cli.kondukto.io | sh
    kdt scan -p ${{ github.repository }} -t semgrep -b ${{ github.ref_name }} --threshold-crit 0

Exit codes: 0 success, 1 error, 100 unauthorized, 255 threshold exceeded.

Deployment

OptionSpecs
Cloud (SaaS)Fully managed, no infrastructure
On-Premise (PoC)4 cores, 16GB RAM, 90GB disk
On-Premise (Prod)8 cores, 64GB RAM, 250GB disk
DistributedApp: 4c/64GB, DB: 8c/64GB (MongoDB 5+)

When to Choose

Best ForConsider Alternatives If
Multiple tools with duplicate findingsOnly need basic aggregation (DefectDojo)
Teams frustrated by DAST false positivesBudget requires open-source
Proof of exploitability for complianceSingle scanner, no orchestration needs
DevSecOps automation & SBOM tracking

History

Invicti acquired Kondukto in August 2025, combining Invicti’s 15+ years in proof-based DAST with Kondukto’s ASPM orchestration expertise.

The platform represents their vision: 100% signal, 0% noise.

Note: Formed from Invicti's acquisition of Kondukto in August 2025. Combines Invicti's proof-based DAST with Kondukto's ASPM orchestration.

Other ASPM Tools

Aikido Security
Aikido Security

All-in-One AppSec with 95% Noise Reduction

Apiiro
Apiiro

#1 ASPM in Gartner Magic Quadrant 2025

ArmorCode
ArmorCode

AI-Powered Risk Correlation

Cycode
Cycode

Complete ASPM with 94% Fewer False Positives

See all ASPM tools