Quickstart
Start detecting and fixing security vulnerabilities in your codebase in under 5 minutes.
Getting started
Welcome! Follow the instructions below to learn how to setup Pensar and automatically find and fix security vulnerabilites in your codebase.
Setup your workspace
Pensar is managed through our web console. From there you can add your repositories, configure our system’s behavior and manage the security frameworks or policies you want Pensar to scan against.
Create your workspace through our web console here to get started.
Providing access to your codebase
Install our GitHub app
Install our GitHub app
During the onboarding process, you will be prompted to install our GitHub app. Ensure you select correct repository scope - either all repositories or select repositories that you want Pensar to scan.
You must then add this repository through the Pensar Console (you will be prompted to do so during onboarding but can also click the Add repository button found at the top of the left sidebar).
Remember, the Pro Plan includes a single repository. Each additional repository will cost an extra $200/month.
If you have any questions check out our pricing page or contact us.
Connect to GitLab
Connect to GitLab
Head over to your GitLab user settings page to create a Personal Access Token (PAT) with api, read_api, read_user, and read_repositorypermissions.
Navigate to https://console.pensar.dev/integrations/gitlab.
Paste your PAT in the bottom of this form and click Connect GitLab .
You are all set and ready to use Pensar with GitLab! Click on Add repository found at the top of the left sidebar in the Pensar Console to add your GitLab repository.
If you’re using a self-hosted version of GitLab, please paste your GitLab host in the first field of the GitLab integration form on the Pensar Console.
Remember, the Pro Plan includes one repository. Each additional repository added will cost an extra $200/month.
If you have any questions check out our pricing page or contact us.
Setup event-based scans
Setup event-based scans with GitHub
Setup event-based scans with GitHub
Once you have installed our GitHub app and added a repository to the Pensar Console, you will be prompted to setup event-based scans.
This will enable Pensar to run a scan on every pull request or commit made to your repository.
You will see a status check in GitHub when a pull request is opened that will display the state of a Pensar scan on this pull request. Event-based scans only focus on files that were changed in the target pull request or commit.
Event-based scans can also be configured from your project settings page in the Pensar Console.
Enabling Create PR Comments will give Pensar permission to suggest inline changes via pull request comments in GitHub to fix any vulerabilities found.
You may set a severity filter here to determine at which minimum vulnerability severity level Pensar should add inline changes/patches.
Integration with GitLab CI/CD
Integration with GitLab CI/CD
TODO
Learn more about Pensar code security
Pensar detects vulnerabilities in your business logic/codebase, ensures you are not using any vulnerable dependencies, and prevents coding agents like Cursor or Copilot from injecting security risks with our MCP server.
Detecting vulnerabilities with AI
Learn how Pensar uses AI to find vulnerabilities in your code.
Auto-fix vulnerabilities
Learn how to take advantage of Pensar’s auto-generated security patches.
Model context protocol
Connect your coding agent to Pensar’s MCP to protect against insecure AI-generated code.
Dependency scanning
Continuously ensure your dependencies are using secure versions.