Getting Started
Go to https://scantist.io and sign in with any of your preferred version control services like Github, Gitlab, or Bitbucket.
Once in, click on the Projects tab, followed by Manage Projects.
You should now see a list of your repositories on the page. Click on the small green ‘plus’ icon next to the repository name to add it as a project and trigger a scan.
In a few short seconds, you should see your results. If you have vulnerabilities, click on the number to view the detailed results.
Bonus: Click on the project name, and under Scan Settings enable event-driven scan to trigger a scan every time a new Pull Request or Merge Request is created.
And there you have it. You are now covering 60-90% of your application’s total code-base against over 100,000+ known vulnerabilities affecting open-source and third-party components that are most often used to target applications. That wasn’t as hard as you thought, was it?
Next Steps
Now that you have taken the first step to DevSecOps, there are a few additional steps you can take to further improve your application security posture.
Carnegie Mellon University researcher Thomas Scanlon
Github has a few security controls that are readily available to use
open-source application security tools at OWASP
We know most organisations have only just made the exhausting transition to DevOps - or are actually still undergoing that transition. And adding another set of integrations - especially for security in a complex risk landscape - can seem daunting at first. We hope this blog helps make things a little easier and gives you that little push we all need to get started!
Related Blogs
Find out how we’ve helped organisations like you
An Empirical Study of Malicious Code In PyPI Ecosystem
How can we better identify and neutralize malicious packages in the PyPI ecosystem to safeguard our open-source software?
The RoguePuppet Lesson: Why Software Supply Chain Security Is Non-Negotiable
A critical software supply chain vulnerability was recently averted when security researcher Adnan Khan uncovered a severe flaw in the GitHub repository Puppet Forge in early July 2024. Dubbed RoguePuppet, this vulnerability would have allowed any GitHub user to push official modules to the repository of Puppet, a widely-used open-source configuration management tool.
Driving Security: The Critical Role of Binary Analysis in Automotive Cybersecurity
In the rapidly evolving automotive industry, cybersecurity has become a paramount concern. With the increasing connectivity and complexity of modern vehicles, manufacturers face unprecedented challenges in ensuring the safety and security of their products. The introduction of regulations like UN R155 and R156 has further emphasized the need for robust cybersecurity measures throughout the vehicle lifecycle.