The Integration Tax
You deploy a new security tool. It generates alerts. Now you need those alerts in your SIEM, your ticketing system, your Slack channel, and your CI/CD pipeline. The commercial vendor offers a connector — for an additional per-seat fee. Or you can use their API to build a custom integration — assuming the API documentation is accurate, which it often isn't.
This "integration tax" is one of the hidden costs of commercial security tools. The tool itself costs $X. Getting data out of it costs $Y. And $Y is often larger than $X.
Native Export Formats
1-SEC exports security data in the formats your tools already consume.
SARIF for Code Security
Static Analysis Results Interchange Format (SARIF) is the standard for code security findings. GitHub and GitLab natively display SARIF results in pull requests. `1sec export --format sarif` generates SARIF output that integrates directly with your repository's security tab.
JSON for Everything Else
Every command supports `--json` output. Structured JSON pipes into jq for filtering, into your SIEM ingestion endpoint, or into custom scripts. The schema is stable and documented — your integrations won't break when we release new versions.
CSV for Reporting
Compliance officers and managers want spreadsheets. `1sec export --format csv` gives them exactly that. Daily or weekly CSV exports feed dashboards, audit reports, and executive summaries without any middleware.
Real-Time Webhooks
For real-time integration, 1-SEC supports configurable webhook URLs. Point them at your Slack, PagerDuty, Teams, or custom endpoint. Every alert fires the webhook with the full alert payload in JSON.
The webhook configuration lives in the YAML config file — no separate integration platform, no connector marketplace, no per-integration licensing. Add a URL, restart the engine, and alerts start flowing.