If there’s a good time to catch a vulnerability, it’s before it even reaches production.
Our AI Automated Pentesting was always focused on testing your external assets from the perspective of an external attacker, either in a black-box or grey-box scenario. However, the best moment to test is before the code even goes to production.
This is why we launched integrations with GitHub, GitLab, and Jenkins. In this article, we go over why these integrations matter, how they work, and how to set them up.
Our goal with launching these integrations was to enable you to create a more robust and secure pipeline. Our Artificial Hackers already prove to be extremely powerful, having less than 0.5% false positives, and detecting, on average, impactful vulnerabilities 20% of the time – that is, with a CVSS score above or equal to 4.0.
After enabling one of the integrations, you’ll have this same technology testing your code alongside all your other tests - before any new code hits production.
If vulnerabilities are found, the CI/CD pipeline will fail. Naturally, you can customize your preferences: you can let findings with a CVSS score equal to 0 pass while blocking any commits that contain vulnerabilities.
After deployment your code will still be tested in a black-box scenario and, if you enabled it in the Portal, in a grey-box scenario. This includes any new vulnerabilities we add for the Artificial Hackers to learn.
Having these integrations in place greatly improves your security posture, as attackers are using automated testing tools to detect vulnerabilities. Having vulnerabilities exposed in production means they could be found, and exploited, by them.
Set-up instructions vary depending on whether you use Github, GitLab, or Jenkins. We’ll explain the instructions for Github, but you can find detailed instructions for Gitlab and Jenkins.
As you’ve realized by now, using our Artificial Hackers to test your assets before deployment carries huge security advantages. Therefore, I’d like to lay out what you should do next:
And that’s it! Start testing for vulnerabilities before attackers even have the chance to spot them.
Stay secure!