Skip to main content

Pillar Security

Visualize your Pillar Security AI-asset inventory and findings in the JupiterOne graph. Map the AI coding assistants, agents, tools, and MCP clients Pillar discovers across your developer endpoints and source-control repositories, relate them to the users and repositories that own them, and monitor Pillar's security findings — secret leaks, sensitive data in metaprompts, and prompt-injection risks — through custom queries and alerts.

Installation

The Pillar integration ingests your Pillar Security AI-asset inventory and findings using the Pillar API (https://api.pillar.security). It reads the endpoint inventory (/api/v1/inventory/endpoints), the repository inventory (/api/v1/inventory/repositories), and security issues (/api/v1/issues) to build a graph of the AI coding assistants, agents, tools, and MCP clients discovered across your developer machines and source-control repositories, along with the users and repositories that own them. Before setting up the integration in JupiterOne, you will need to create an API key in the Pillar dashboard.

Prerequisites

  • A Pillar Security account with at least one application configured in the Inventory.
  • Permission in the Pillar dashboard to create an API key for that application.
  • Access to JupiterOne with permission to configure integrations.

Creating an API key in Pillar

  1. Log in to the Pillar Security dashboard.
  2. Navigate to Inventory and select the application you want JupiterOne to ingest.
  3. Open Settings > API Keys.
  4. Create a new API key and give it a recognizable name (for example, JupiterOne Integration).
  5. Copy the generated key — it is used as a bearer token and is shown only once.
note

The integration only reads from Pillar. The API key is used as a Bearer token against the inventory and issues endpoints — no write scopes are required. If your Pillar API key serves multiple applications (for example, gateway integrations such as LiteLLM, Kong, or ngrok), note the Application ID you want to scope ingestion to; you can supply it during configuration below. Most installs leave this unset.

Configuration in JupiterOne

To install the Pillar integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Pillar. Click New Instance to begin configuring your integration.

Creating an instance requires the following:

  • The Account Name used to identify the Pillar account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.

  • Description to assist in identifying the integration instance, if desired.

  • Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

  • Your Pillar API Key — the key created above. This field is required.

  • Optionally, an API Base URL to override the Pillar API endpoint. Leave blank to use the default https://api.pillar.security. Only override this for self-hosted Pillar Stack deployments.

  • Optionally, an Application ID — the x-plr-app-id value used to scope requests to a specific Pillar application when a single API key serves multiple applications. Most installs leave this unset.

Click Create once all values are provided to finalize the integration.

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.