This guide shows you how to integrate Kiuwan with Assembla.
Contents:
This tutorial was originally published on the Assembla blog: https://articles.assembla.com/en/articles/2863616-how-to-use-kiuwan-code-security-scanner
What is Assembla?
Assembla is a web-based version control and source code management SaaS provider for enterprise.
Assembla’s integration with the Kiuwan Code Security scanning platform allows development teams on Assembla to “shift left” and further secure their SDLC by automatically scanning code in their Assembla repositories with Kiuwan’s security engine.
Why integrate Assembla with Kiuwan Code Security?
Once you have enabled the Assembla-Kiuwan integration, your repository will automatically be scanned once per week with Kiuwan’s comprehensive static code analysis (SAST) scanning engine to identify potential vulnerabilities and security threats in your code.
Vulnerabilities flagged by Kiuwan’s scanner will automatically be highlighted and identified in your Assembla code commit history, while developers or team managers can drill deeper into each vulnerability from the Security Scan tab of their Assembla repository.
How to enable Kiuwan Code Security Scanner on your Assembla code repository
- Within the Assembla repository tool you would like to begin scanning, navigate to the Security Scan Results tab
- Check the box “Weekly code scan” to turn the Kiuwan scanner ON
The scanner will then scan the code repository contained within your repository tool once per week for potential vulnerabilities and security threats, and alert you to them right within your Assembla repository tool.
All Assembla customers will have access to five free identified vulnerabilities in each weekly scan. To receive unlimited vulnerability results, you must have an active subscription enabled with Kiuwan.
Do I need a Kiuwan account to use the Assembla-Kiuwan integration?
All users of Assembla’s Kiuwan integration get access to 5 results from the weekly Kiuwan scan for free, without needing to register for an account with Kiuwan. However, teams that are members of both Kiuwan and Assembla will receive unlimited results from the Kiuwan scanner while gaining access to Kiuwan’s powerful set of business analytics, flexible and comprehensive scanning settings, and notifications available directly from the Kiuwan dashboard.
If you have a Kiuwan account and want to enable the full Kiuwan integration with your Assembla account, navigate to the Integrations section of your project Space. Then scroll down to view the Kiuwan integration settings, and click “Enable”. You will be prompted to authorize your Kiuwan account with your Kiuwan account credentials.
Once authorised, make sure to navigate to the Security Scan tab of the repositories you would like Kiuwan to scan on a weekly basis and check the box for “Weekly code scan” to ensure Kiuwan scan runs each week. When the Kiuwan scan runs each week, you will receive an automatic email notification from Kiuwan when the scan has been completed, and can then view the results within your Kiuwan dashboard or inline with your code commits in Assembla.