DevOps-first AppSec
One tool to do all scans, without requiring any AppSec expertise
Sken packages and manages open source scanners across all scan types (SAST, SCA, DAST, and more), adds a SaaS orchestration layer and automates them in CI/CD.
Try it for Free
(You can even use our sample app)
(You can even use our sample app)
Sken CLI Scanner
one tool to do all scans
Product
Sken Security Dashboard
Your Title Goes Here
ytfryutgcdc vy h yhfygihblt
scan data
———-
Your Title Goes Here
ytfryutgcdc vy h yhfygihblt
AppSec for DevOps
No Security Expertise Required
Affordable, Free to Try
Easy and Manageable
One Tool to do All Scans
Get started with
Sken in 3 easy steps
Paste this code segment in your Jenkins | | Configure | Add build step | Execute Shell
yaml
#!/bin/bash
pip install --upgrade skencli
~/.local/bin/skencli
Paste this code segment in your travis.yaml file
yaml
language: python
python:
- "3.8"
services:
- docker
before_install:
- pip install --upgrade --no-cache-dir --default-timeout=210 skencli
script:
- skencli
Paste this code segment in your Circle CI yaml file
yaml
version: 2.1
jobs:
scan:
machine:
image: circleci/classic:201808-01
steps:
- checkout
- run:
name: Update pyenv
command: |
# Install pyenv-update to allow addition of python 3.7.0
git clone git://github.com/pyenv/pyenv-update.git $(pyenv root)/plugins/pyenv-update
pyenv update
pyenv install 3.6.9
- run:
name: Set Python Version
command: pyenv global 3.6.9
- run:
name: Install skencli
command: pip install --upgrade skencli
- run:
name: Scan
command: skencli
workflows:
main:
jobs:
- scan
Paste this code segment in your workflow main.yml file
yaml
name: CI
on:
push:
branches: [ github-action ]
pull_request:
branches: [ github-action ]
jobs:
build:
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
- name: Set up Python 3.x
uses: actions/setup-python@v2
with:
# Semantic version range syntax or exact version of a Python version
python-version: '3.x'
# Optional - x64 or x86 architecture, defaults to x64
architecture: 'x64'
- name: Install skencli
run: pip3 install --upgrade skencli
- name: Run skencli
run: skencli
Paste this code segment in your bamboo.yml file
yaml
---
version: 2
plan:
project-key: MYAPP
key: MYAPP
name: Build the myapp
stages:
- Scan the myapp stage:
- Scan
Scan:
tasks:
- script:
- pip3 install --user --upgrade skencli
- export PATH="$HOME/.local/bin:$PATH"
- skencli
Check in this sken.yaml file in the root folder of your source code.
yaml
orgid: your-org-id-here
appid: your-app-id-here
# optional Param section start
buildtool: jenkins # optional param, values=jenkins|travis
scanner: sast,dast,sca # optional param, default is ALL
language: python,javascript # optional param, default is Auto-Detect
variables:
DAST_URL: https://your.url.com # optional param
# optional Param section end
# end of fileBased on your app’s language, architecture and settings, Sken automatically figures out which open source scanners, and which types of scans (SAST, DAST, SCA, secrets, etc) are appropriate.
Sken automatically downloads the latest docker image of those scanners, and executes the scans in a docker container on your CI/CD machine.
The scan results are uploaded to Sken cloud, and you can review them in sken.ai portal.
Why is DevOps First in AppSec?
Integrate security scan tools into CI/CD
DevOps
Issue Triage
Automated/Security
Fix Issues
Dev
Sken's approach
Don’t wait to discover vulnerabilities at the end of the development cycle, or worse, leave your app insecure by not security testing them at all.
Sken provides a SAAS orchestration layer, that integrates continuous application security testing into your DevOps CI/CD workflow, using open source security scanners, across all scan types. Discover, analyze and prioritize what needs fixing.
- Source code scanning (SAST)
Source code scanning (SAST)
Dynamic/ runtime scanning (DAST)
Third-party libraries scanning (SCA)
Mobile apps (MAST)
Container scanning
License compliance
Secrets detection
Before
Tool Silos
Tool Silos
Tool Silos
After
Tool Silos
Tool Silos
Tool Silos
Benefits of using Sken
for DevOps
Single CI/CD automation layer for all app security scan types
Eliminate the need to plugin siloed open source scanners in your CI/CD
Unify setup and configuration for many scanners across all scan methods using YAML / CLI.
Remove the need to update or maintain scanners. Our Docker images always have the latest versions of the scanners.
for Security
AI enabled vulnerability management
Aggregate and filter test results across many scanners and scan types.
Minimize noise with AI and granular controls.
Auto-prioritize risks based on business impact (OWASP risk rating).
Unify risk scoring and reporting across applications.
Low touch. Scale up with limited security personnel.
Reduce cost by using open source scanner alternatives.
for Dev
Secure and fast code development
Noise reduction leads to drastically fewer false positives
Discover issues earlier and upstream
No security knowledge needed
Pricing
Free Forever
1000 app-scans per month
$1/app-scan
After the first 1000 app-scans in a month
Integrations
Open Source
Scanners included in sken
Scanners included in sken
find-sec-bugs
NodeJsScan
brakeman
bandit
Gosec
PHP CodeSniffer
ES Lint
TSLint
SecurityCodeScan
Gitleaks
Trufflehog
OWASP dependency check
OWASP ZAP
App Languages
Java
NodeJs
Ruby
Python
Go Lang
php
NodeJs
TypeScript
.Net Core
CI/CD Tools
Jenkins
Travis CI
Circle CI
Bamboo
News and Resources
ext commonly used in the graphic, print, and publishing
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in...
