Sken is an application security scanning tool that packages and manages all open source scanners across all the scan types (SAST, DAST, SCA, and more), and automates them for you in CI/CD.

Getting Started Steps

The three core steps are:
1. As DevOps, you get started by running Sken on the command line

2. As DevOps, you write Sken.yaml code

3. See scan findings and security gaps in portal

Once you see it working for your first app, set up Sken CI/CD.

Related article: Quickly get started with Sken

The Sken Value

Sken integrates continuous application security testing into the DevOps' CI/CD environment. It helps you discover, prioritize, and fix the application security issues for an immediate and improved ROI, The benefits are:

For DevOps

  • No need to set up siloed open source scanners in CI/CD

  • Unified experience to see findings for multiple apps, for all scan types

  • No need to update or maintain scanners; Sken's docker images always have latest versions of all open source scanners

How It Works

  1. Every time your CI/CD runs a build, it calls Sken CLI.

  2. Based on your app’s language, architecture, and settings, Sken automatically figures out which open source scanners and which types of scans (SAST, DAST, SCA, secrets, etc) are appropriate.

  3. Sken automatically downloads the latest docker image of those scanners and executes the scans in a docker container on your CI/CD machine.

  4. The scan results are uploaded to the Sken cloud, and you can review them in your Sken portal.

Did this answer your question?