Getting Started
Overview
Welcome to Pensar Console! This guide will walk you through creating your workspace, connecting your source code, and running your first autonomous penetration test.
Create Your Workspace
Your workspace represents your organization in Pensar Console. It’s where you’ll access the application, add repositories, run tests, and view results.
Once your workspace is created, you can invite team members, add repositories, and start running penetration tests.
Connect Your Source Code
During the onboarding process, you have several options for providing source code access. Source code is optional but enables more powerful whitebox testing and auto-remediation capabilities.
Connect GitHub
Install the Pensar GitHub app during onboarding:
- Select the repository scope (all repositories or specific ones)
- Authorize the Pensar GitHub app
- Add repositories through the Pensar Console
The GitHub integration enables:
- Automatic repository analysis
- Event-based scanning on pull requests
- Auto-remediation with pull request creation
Connect GitLab
Create a GitLab Personal Access Token (PAT):
- Navigate to your GitLab settings
- Create a PAT with these permissions:
apiread_apiread_userread_repository
- In Pensar Console, navigate to integrations
- Paste your PAT and connect
For self-hosted GitLab, provide your GitLab host URL in the integration form.
Connect Bitbucket
Connect your Bitbucket workspace:
- Create a Bitbucket App Password with repository read permissions
- In Pensar Console, navigate to integrations
- Enter your credentials and connect
The Bitbucket integration enables repository analysis and automatic security scanning.
Upload Zip File
Upload source code directly as a zip file:
- During project creation, select “Upload Source Code”
- Prepare a zip file containing your application source code
- Upload the file through the console
This option is ideal for:
- Testing without VCS integration
- One-time security assessments
- Internal applications not in version control
Create a Project
After connecting your workspace, you’ll create your first project. Projects can be configured for either blackbox or whitebox testing.
Whitebox Project (with Source Code)
Select Repository or Upload Code
Choose a connected repository from your VCS provider or upload source code as a zip file.
Add Domains
Specify the domains where your application is deployed. These will need to be verified before testing begins.
Configure Authentication
Optionally provide authentication credentials (username/password or bearer tokens) so the agent can test authenticated endpoints.
Blackbox Project (without Source Code)
Add Context
Provide any context about your domains to help guide the reconnaissance process (e.g., “E-commerce platform with admin portal at /admin”).
Configure Authentication
Optionally provide authentication credentials for testing authenticated areas of your application.
Understanding Test Results
Once your penetration test completes, you’ll have access to comprehensive results:
View detailed information about identified security issues, including severity, impact, and affected endpoints.
Each vulnerability includes a proof-of-concept (POC) you can use to replicate the issue and verify fixes.
Get actionable remediation advice for each vulnerability, including code examples and best practices.
Download comprehensive penetration test reports in various formats for compliance and documentation.
Next Steps
Now that you’ve set up your workspace and created your first project, explore these features:
Learn how Pensar identifies and maps your application’s attack surface.
Understand the benefits of whitebox testing with source code access.
Discover how blackbox testing works without source code.
Enable automatic vulnerability fixes with AI-generated patches.
Need Help?
If you have questions or need assistance, don’t hesitate to contact our support team.
