DevOps-first AppSec

One tool to do all scans, without

requiring any AppSec expertise

Sken packages and manages open source scanners across all
scan types (SAST, SCA, DAST, and more), adds a SaaS
orchestration layer and automates them in CI/CD.

Product

Sken CLI Scanner
one tool to do all scans

Sken Security Dashboard

Packaged open source scanners,
across all scan types

Automated in CI/CD

scan data

Aggregated across
scanners

Noise reduced

Product

Sken CLI Scanner
one tool to do all scans

Packaged open source scanners,
across all scan types

Automated in CI/CD

scan data

Sken Security Dashboard

Aggregated across
scanners

Noise reduced

Benefits

AppSec for DevOps

No Security Expertise Required

Affordable, Free to Try

Easy and Manageable

One Tool to do
All Scans

AppSec for DevOps

No Security Expertise Required

Affordable, Free to Try

Easy and Manageable

One Tool to do
All Scans


Get started with
Sken in 3 easy steps

#!/bin/bash
pip install --upgrade skencli ~/.local/bin/skencli

language: python
python:
  - "3.8"
services:
  - docker
before_install:
  - pip install --upgrade --no-cache-dir --default-timeout=210 skencli
script:
  - skencli

version: 2.1
jobs:
  scan:
    machine:
      image: circleci/classic:201808-01
    steps:

      - checkout

      - run:
          name: Update pyenv
          command: |
            # Install pyenv-update to allow addition of python 3.7.0
            git clone git://github.com/pyenv/pyenv-update.git $(pyenv root)/plugins/pyenv-update
            pyenv update
            pyenv install 3.6.9

      - run:
          name: Set Python Version
          command: pyenv global 3.6.9

      - run:
          name: Install skencli
          command: pip install --upgrade skencli

      - run:
          name: Scan
          command: skencli

workflows:
  main:
    jobs:
      - scan
name: CI
on:
  push:
    branches: [ github-action ]
  pull_request:
    branches: [ github-action ]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
    - uses: actions/checkout@v2

    - name: Set up Python 3.x
      uses: actions/setup-python@v2
      with:
        # Semantic version range syntax or exact version of a Python version
        python-version: '3.x'
        # Optional - x64 or x86 architecture, defaults to x64
        architecture: 'x64'

    - name: Install skencli
      run: pip3 install --upgrade skencli

    - name: Run skencli
      run: skencli
---
version: 2
plan:
  project-key: MYAPP
  key: MYAPP
  name: Build the myapp

stages:
  - Scan the myapp stage:
    - Scan

Scan:
  tasks:
    - script:
        - pip3 install --user --upgrade skencli
        - export PATH="$HOME/.local/bin:$PATH"
        - skencli
                                                    
orgid: your-org-id-here
appid: your-app-id-here

# optional Param section start

buildtool: jenkins                # optional param, values=jenkins|travis
scanner: sast,dast,sca            # optional param, default is ALL
language: python,javascript        # optional param, default is Auto-Detect

variables:
  DAST_URL: https://your.url.com  # optional param

# optional Param section end

# end of file

Based on your app’s language, architecture and settings, Sken automatically figures out which open source scanners, and which types of scans (SAST, DAST, SCA, secrets, etc) are appropriate.

Sken automatically downloads the latest docker image of those scanners, and executes the scans in a docker container on your CI/CD machine.

The scan results are uploaded to Sken cloud, and you can review them in sken.ai portal.

Girl in a jacket

Why is DevOps First in AppSec?

Integrate security scan
tools into CI/CD

DevOps

Issue Triage

 Automated/Security

Fix Issues

Dev

Integrate security scan
tools into CI/CD

DevOps

Issue Triage

 Automated/Security

Fix Issues

Dev

Sken’s approach

Don’t wait to discover vulnerabilities at the
end of the development cycle, or worse, leave
your app insecure by not security testing
them at all.

Sken provides a SAAS orchestration layer,
that integrates continuous application security
testing into your DevOps CI/CD workflow,
using open source security scanners, across
all scan types. Discover, analyze and prioritize
what needs fixing.

R

Source code scanning (SAST)

R

Dynamic/ runtime scanning (DAST)

R

Third-party libraries scanning (SCA)

R

Mobile apps (MAST)

R

Container scanning

R

License compliance

R

Secrets detection

BEFORE

AFTER

DevOps

Tool Silos

Seamless Setup

Security

High Touch Cannot Scale

Easy Auto Triage

Dev

False Positives

Noise Reduction

Benefits of using Sken

for DevOps

Single CI/CD automation layer for all
app security scan types

R

Eliminate the need to plugin siloed open
source scanners in your CI/CD.

R

Unify setup and configuration for many
scanners across all scan methods using
YAML / CLI.

R

Remove the need to update or maintain
scanners. Our Docker images always
have the latest versions of the scanners.

for Security

AI enabled vulnerability management

R

Aggregate and filter test results across
many scanners and scan types.

R

Minimize noise with AI and granular
controls.

R

Auto-prioritize risks based on business
impact (OWASP risk rating).

R

Unify risk scoring and reporting across
applications.

for Dev

Secure and fast code development

R

Noise reduction leads to drastically fewer false
positives

R

Discover issues earlier and upstream

R

No security knowledge needed

R

Low touch. Scale up with limited
security personnel.

R

Reduce cost by using open source
scanner alternatives.

Benefits of using Sken

for DevOps

Single CI/CD automation layer for all app security scan types

R

Eliminate the need to plugin siloed open source scanners in your CI/CD.

R

Unify setup and configuration for many scanners across all scan methods using YAML / CLI.

R

Remove the need to update or maintain scanners. Our Docker images always have the latest versions of the scanners.

for Security

AI enabled vulnerability management

R

Aggregate and filter test results across many scanners and scan types.

R

Minimize noise with AI and granular controls.

R

Auto-prioritize risks based on business impact (OWASP risk rating).

R

Unify risk scoring and reporting across applications.

R

Low touch. Scale up with limited security personnel.

R

Reduce cost by using open source scanner alternatives.

for Dev

Secure and fast code development

R

Noise reduction leads to drastically fewer false positives

R

Discover issues earlier and upstream

R

No security knowledge needed

Pricing

R

Free Forever

1000 app-scans per month

R

$1/app-scan

After the first 1000 app-scans
in a month


Integrations

Open Source
Scanners included in sken

App Languages

CI/CD Tools

News and Resources

How is Sken.ai different?

How is Sken.ai different?

AST, ASOC, ??? – where does Sken fit? Application security scanners are nothing new. Gartner just released the latest magic quadrant for Application Security Testing (AST). The market is crowded with a lot of mature vendors. So what is Sken.ai doing in this seemingly...