Getting Started
Go to https://scantist.io and sign in with any of your preferred version control services like Github, Gitlab, or Bitbucket.
Once in, click on the Projects tab, followed by Manage Projects.
You should now see a list of your repositories on the page. Click on the small green ‘plus’ icon next to the repository name to add it as a project and trigger a scan.
In a few short seconds, you should see your results. If you have vulnerabilities, click on the number to view the detailed results.
Bonus: Click on the project name, and under Scan Settings enable event-driven scan to trigger a scan every time a new Pull Request or Merge Request is created.
And there you have it. You are now covering 60-90% of your application’s total code-base against over 100,000+ known vulnerabilities affecting open-source and third-party components that are most often used to target applications. That wasn’t as hard as you thought, was it?
Next Steps
Now that you have taken the first step to DevSecOps, there are a few additional steps you can take to further improve your application security posture.
Carnegie Mellon University researcher Thomas Scanlon
Github has a few security controls that are readily available to use
open-source application security tools at OWASP
We know most organisations have only just made the exhausting transition to DevOps - or are actually still undergoing that transition. And adding another set of integrations - especially for security in a complex risk landscape - can seem daunting at first. We hope this blog helps make things a little easier and gives you that little push we all need to get started!
