Sken is an application security scanning tool that packages and manages all open source scanners across all the scan types (SAST, DAST, SCA, and more), and automates them for you in CI/CD.
Getting Started Steps
The three core steps are:
1. As DevOps, you get started by running Sken on the command line
2. As DevOps, you write Sken.yaml code
3. See scan findings and security gaps in Sken.ai portal
Once you see it working for your first app, set up Sken CI/CD.
Related article: Quickly get started with Sken
The Sken Value
Sken integrates continuous application security testing into the DevOps' CI/CD environment. It helps you discover, prioritize, and fix the application security issues for an immediate and improved ROI, The benefits are:
- No need to set up siloed open source scanners in CI/CD
- Unified experience to see findings for multiple apps, for all scan types
- No need to update or maintain scanners; Sken's docker images always have latest versions of all open source scanners
How It Works
- Every time your CI/CD runs a build, it calls Sken CLI.
- Based on your app’s language, architecture, and settings, Sken automatically figures out which open source scanners and which types of scans (SAST, DAST, SCA, secrets, etc) are appropriate.
- Sken automatically downloads the latest docker image of those scanners and executes the scans in a docker container on your CI/CD machine.
- The scan results are uploaded to the Sken cloud, and you can review them in your Sken portal.