DevOps-first AppSec
One tool to do all scans, without
requiring any AppSec expertise
Sken packages and manages open source scanners across all
scan types (SAST, SCA, DAST, and more), adds a SaaS
orchestration layer and automates them in CI/CD.
Try it for Free
(You can even use our sample app)
Product
Sken CLI Scanner
one tool to do all scans
Sken Security Dashboard
Packaged open source scanners,
across all scan types
Automated in CI/CD
Aggregated across
scanners
Noise reduced
Product
Sken CLI Scanner
one tool to do all scans
Packaged open source scanners,
across all scan types
Automated in CI/CD
scan data
Sken Security Dashboard
Aggregated across
scanners
Noise reduced
Benefits
AppSec for DevOps
No Security Expertise Required
Affordable, Free to Try
Easy and Manageable
One Tool to do
All Scans
AppSec for DevOps
No Security Expertise Required
Affordable, Free to Try
Easy and Manageable
One Tool to do
All Scans
Get started with
Sken in 3 easy steps
#!/bin/bashpip install --upgrade skencli ~/.local/bin/skencli
language: python python: - "3.8" services: - docker before_install: - pip install --upgrade --no-cache-dir --default-timeout=210 skencli script: - skencli
version: 2.1 jobs: scan: machine: image: circleci/classic:201808-01 steps: - checkout - run: name: Update pyenv command: | # Install pyenv-update to allow addition of python 3.7.0 git clone git://github.com/pyenv/pyenv-update.git $(pyenv root)/plugins/pyenv-update pyenv update pyenv install 3.6.9 - run: name: Set Python Version command: pyenv global 3.6.9 - run: name: Install skencli command: pip install --upgrade skencli - run: name: Scan command: skencli workflows: main: jobs: - scan
name: CI on: push: branches: [ github-action ] pull_request: branches: [ github-action ] jobs: build: runs-on: ubuntu-latest steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - uses: actions/checkout@v2 - name: Set up Python 3.x uses: actions/setup-python@v2 with: # Semantic version range syntax or exact version of a Python version python-version: '3.x' # Optional - x64 or x86 architecture, defaults to x64 architecture: 'x64' - name: Install skencli run: pip3 install --upgrade skencli - name: Run skencli run: skencli
--- version: 2 plan: project-key: MYAPP key: MYAPP name: Build the myapp stages: - Scan the myapp stage: - Scan Scan: tasks: - script: - pip3 install --user --upgrade skencli - export PATH="$HOME/.local/bin:$PATH" - skencli
orgid: your-org-id-here appid: your-app-id-here # optional Param section start buildtool: jenkins # optional param, values=jenkins|travis scanner: sast,dast,sca # optional param, default is ALL language: python,javascript # optional param, default is Auto-Detect variables: DAST_URL: https://your.url.com # optional param # optional Param section end # end of file
Based on your app’s language, architecture and settings, Sken automatically figures out which open source scanners, and which types of scans (SAST, DAST, SCA, secrets, etc) are appropriate.
Sken automatically downloads the latest docker image of those scanners, and executes the scans in a docker container on your CI/CD machine.
The scan results are uploaded to Sken cloud, and you can review them in sken.ai portal.
Why is DevOps First in AppSec?
Integrate security scan
tools into CI/CD
DevOps
Issue Triage
Automated/Security
Fix Issues
Dev
Integrate security scan
tools into CI/CD
DevOps
Issue Triage
Automated/Security
Fix Issues
Dev
Sken’s approach
Don’t wait to discover vulnerabilities at the
end of the development cycle, or worse, leave
your app insecure by not security testing
them at all.
Sken provides a SAAS orchestration layer,
that integrates continuous application security
testing into your DevOps CI/CD workflow,
using open source security scanners, across
all scan types. Discover, analyze and prioritize
what needs fixing.
Source code scanning (SAST)
Dynamic/ runtime scanning (DAST)
Third-party libraries scanning (SCA)
Mobile apps (MAST)
Container scanning
License compliance
Secrets detection
BEFORE
AFTER
DevOps
Tool Silos
Seamless Setup
Security
High Touch Cannot Scale
Easy Auto Triage
Dev
False Positives
Noise Reduction
Benefits of using Sken
for DevOps
Single CI/CD automation layer for all
app security scan types
Eliminate the need to plugin siloed open
source scanners in your CI/CD.
Unify setup and configuration for many
scanners across all scan methods using
YAML / CLI.
Remove the need to update or maintain
scanners. Our Docker images always
have the latest versions of the scanners.
for Security
AI enabled vulnerability management
Aggregate and filter test results across
many scanners and scan types.
Minimize noise with AI and granular
controls.
Auto-prioritize risks based on business
impact (OWASP risk rating).
Unify risk scoring and reporting across
applications.
for Dev
Secure and fast code development
Noise reduction leads to drastically fewer false
positives
Discover issues earlier and upstream
No security knowledge needed
Low touch. Scale up with limited
security personnel.
Reduce cost by using open source
scanner alternatives.
Benefits of using Sken
for DevOps
Single CI/CD automation layer for all app security scan types
Eliminate the need to plugin siloed open source scanners in your CI/CD.
Unify setup and configuration for many scanners across all scan methods using YAML / CLI.
Remove the need to update or maintain scanners. Our Docker images always have the latest versions of the scanners.
for Security
AI enabled vulnerability management
Aggregate and filter test results across many scanners and scan types.
Minimize noise with AI and granular controls.
Auto-prioritize risks based on business impact (OWASP risk rating).
Unify risk scoring and reporting across applications.
Low touch. Scale up with limited security personnel.
Reduce cost by using open source scanner alternatives.
for Dev
Secure and fast code development
Noise reduction leads to drastically fewer false positives
Discover issues earlier and upstream
No security knowledge needed
Pricing
Free Forever
1000 app-scans per month
$1/app-scan
After the first 1000 app-scans
in a month
News and Resources
Dev-first-AppSec Vs DevOps-First-AppSec – is there a big difference?
Nuanced or real? To some, the difference between Dev-first-AppSec and DevOps-first-AppSec feels like a nuance. After all, the line between developers and DevOps is somewhat blurry, and by extension, it may not seem like a significant difference, whether application...
How is Sken.ai different?
AST, ASOC, ??? – where does Sken fit? Application security scanners are nothing new. Gartner just released the latest magic quadrant for Application Security Testing (AST). The market is crowded with a lot of mature vendors. So what is Sken.ai doing in this seemingly...
If You are Relying on a Single Traditional Type of App-security Scanner, Dump it Now
According to research, the primary reason apps easily fall victim to cybercriminals is software weaknesses. A whopping 84 percent of software breaches take advantage of vulnerabilities at the application layer. Cybercriminals are no longer spending most of their time...