Overview

Getting Started

Overview

Welcome to Pensar Console! This guide will walk you through creating your workspace, connecting your source code, and running your first autonomous penetration test.

Create Your Workspace

Your workspace represents your organization in Pensar Console. It’s where you’ll access the application, add repositories, run tests, and view results.

1

Sign In

Visit console.pensar.dev and sign in using Google or GitHub authentication.

2

Create Workspace

If you don’t have an existing workspace, you’ll be redirected to create one. Provide a workspace name (letters, numbers, spaces, and hyphens only, max 64 characters).

3

Connect Source Code (Optional)

After creating your workspace, you’ll be guided to optionally connect a VCS provider to enable source-code-aware testing and auto-remediation.

Once your workspace is created, you can invite team members, add repositories, and start running penetration tests.

Connect Your Source Code

During the onboarding process, you have several options for providing source code access. Source code is strongly recommended — it enables Pensar’s full hybrid testing methodology and auto-remediation capabilities.

Install the Pensar GitHub app during onboarding:

  1. Select the repository scope (all repositories or specific ones)
  2. Authorize the Pensar GitHub app
  3. Add repositories through the Pensar Console

The GitHub integration enables:

  • Automatic repository analysis
  • Event-based scanning on pull requests
  • Auto-remediation with pull request creation

Create a GitLab Personal Access Token (PAT):

  1. Navigate to your GitLab settings
  2. Create a PAT with these permissions:
    • api
    • read_api
    • read_user
    • read_repository
  3. In Pensar Console, navigate to integrations
  4. Paste your PAT and connect

For self-hosted GitLab, provide your GitLab host URL in the integration form.

Connect your Bitbucket workspace:

  1. Create a Bitbucket App Password with repository read permissions
  2. In Pensar Console, navigate to integrations
  3. Enter your credentials and connect

The Bitbucket integration enables repository analysis and automatic security scanning.

Upload source code directly as a zip file:

  1. During project creation, select “Upload Source Code”
  2. Prepare a zip file containing your application source code
  3. Upload the file through the console

This option is ideal for:

  • Testing without VCS integration
  • One-time security assessments
  • Internal applications not in version control

Create a Project

After connecting your workspace, you’ll create your first project. For the best results, provide as many sources as possible — source code, live domains, and authentication credentials — so the agent can leverage the full hybrid testing methodology.

1

Select Repository or Upload Code

Choose a connected repository from your VCS provider or upload source code as a zip file. Source code access is strongly recommended for the most comprehensive results.

2

Add Domains

Specify the domains where your application is deployed. These will need to be verified before testing begins. Domains allow the agent to validate vulnerabilities with live exploitation.

3

Configure Authentication

Provide authentication credentials (username/password or bearer tokens) so the agent can test authenticated endpoints. The agent tests with and without credentials to find authentication bypass and authorization flaws.

4

Start Testing

Launch your first penetration test! The agent will analyze your source code, map the attack surface, and test your application using the hybrid methodology.

Don’t have source code to provide? You can still create a project with just domains — the agent will perform reconnaissance-based testing. But we strongly encourage connecting your repository for maximum coverage and precision.

Understanding Test Results

Once your penetration test completes, you’ll have access to comprehensive results:

Vulnerability Reports

View detailed information about identified security issues, including severity, impact, and affected endpoints.

Proof of Concepts

Each vulnerability includes a proof-of-concept (POC) you can use to replicate the issue and verify fixes.

Remediation Guidance

Get actionable remediation advice for each vulnerability, including code examples and best practices.

Export Reports

Download comprehensive penetration test reports in various formats for compliance and documentation.

Next Steps

Now that you’ve set up your workspace and created your first project, explore these features:

Attack Surface Mapping

Learn how Pensar identifies and maps your application’s attack surface.

Hybrid Testing

Learn how hybrid pentesting combines source analysis with live exploitation.

Auto Remediation

Enable automatic vulnerability fixes with AI-generated patches.

Need Help?

If you have questions or need assistance, don’t hesitate to contact our support team.