Assembla’s integration with the Kiuwan™ code security scanning platform allows development teams on Assembla to “shift left” and further secure their SDLC by automatically scanning code in their Assembla repositories with Kiuwan’s™ enterprise-grade application security engine.
Automatically Scan Your Repositories with Kiuwan™ Code Security Scanner (SAST)
Kiuwan™ enables a robust DevSecOps approach by silently adding security without the need to analyze on central servers, thanks to its distributed engine and the speed of its analysis.
Once you have enabled the Assembla-Kiuwan™ integration, your repository will automatically be scanned once per week with Kiuwan’s comprehensive static code analysis (SAST) scanning engine to identify potential vulnerabilities and security threats in your code.
Vulnerabilities flagged by Kiuwan’s™ scanner will automatically be highlighted and identified in your Assembla code commit history, while developers or team managers can drill deeper into each vulnerability from the Security Scan tab of their Assembla repository.
How do I enable Kiuwan™ Code Security Scanner on my repository?
To enable Kiuwan™ SAST scanning on your repository, navigate to the Security Scan Results tab within the Assembla repository tool you would like to begin scanning. Check the box “Weekly code scan” to turn the Kiuwan™ scanner ON. The scanner will then scan the code repository contained within your repository tool once per week for potential vulnerabilities and security threats, and alert you to them right within your Assembla repository tool.
All Assembla customers will have access to five free identified vulnerabilities in each weekly scan. To receive unlimited vulnerability results, you must have an active subscription enabled with Kiuwan™.
What type of security scanning does Kiuwan™ code security scan support?
Kiuwan™ provides an enterprise-grade, end-to-end, non-localized static code analysis (SAST) and code quality analysis (QA) platform. The Assembla-Kiuwan integration leverages Kiuwan’s SAST scanning engine to identify potential vulnerabilities and security threats in your code based on SAST scanning, with the capability to scan more than 30+ languages/technologies/frameworks. Learn more.
Do I need a Kiuwan account to use the Assembla-Kiuwan integration?
All users of Assembla’s Kiuwan integration get access to 5 results from the weekly Kiuwan scan for free, without needing to register for an account with Kiuwan. However, teams that are members of both Kiuwan and Assembla will receive unlimited results from the Kiuwan scanner while gaining access to Kiuwan’s powerful set of business analytics, flexible and comprehensive scanning settings, and notifications available directly from the Kiuwan dashboard.
If you have a Kiuwan account and want to enable the full Kiuwan integration with your Assembla account, navigate to the Integrations section of your project Space. Then scroll down to view the Kiuwan integration settings, and click “Enable”. You will be prompted to authorize your Kiuwan account with your Kiuwan account credentials.
Once authorised, make sure to navigate to the Security Scan tab of the repositories you would like Kiuwan to scan on a weekly basis and check the box for “Weekly code scan” to ensure Kiuwan scan runs each week. When the Kiuwan scan runs each week, you will receive an automatic email notification from Kiuwan when the scan has been completed, and can then view the results within your Kiuwan dashboard or inline with your code commits in Assembla.
If you have any questions or need assistance. Please email us at support@assembla.com