Core Modules
AppSec
AppSec is where ThreatWeaver tests the software you build and run — web applications, REST and GraphQL APIs, and mobile apps — for security weaknesses, and tracks the findings through to a fix. It also gives you a place to discover the AI tools in use across your organization and govern how they're used.
What it's for
- Test an app for vulnerabilities — point ThreatWeaver at a target, run an assessment, and get back a prioritized list of findings with evidence.
- Work findings to closure — confirm, accept, retest, and mark findings remediated, so nothing slips through the cracks.
- See what AI is in use — discover AI tools across your environment, flag shadow AI, and manage which tools are approved.
Come here when you want to answer "Is this app safe to ship?", "What did the last scan find?", and "Which AI tools are people using, and are they approved?"
The screens in it
When you open AppSec, you land on the AppSec dashboard — a summary of your targets, active scans, open findings, and a security-posture score. A row of tabs across the workspace takes you to each area: assessments, targets, findings, compliance, reports, and the settings that support them.
From here you can move to:
- Application security scanning — the core loop of adding targets, running assessments, and triaging findings. See Application security scanning.
- AI Security — discover and govern the AI tools in use across your organization. See AI Security.
- Scan configuration and tools — scan templates, credentials, scan agents, the CSP generator, exceptions, and compliance. See Scan configuration and tools.
Where to go next
Application security scanning
Add targets, run assessments, and triage findings — every control and the end-to-end workflow.
AI Security
Discover AI tools, spot shadow AI, approve or block tools, and set governance policies.
Scan configuration and tools
Scan templates, credentials, scan agents, the CSP generator, exceptions, and compliance.