Documentation

Explore our guides and examples to integrate Cohesion in your application.

installation
$ npm install @cohesionsh/cli -g

Introduction

Getting started

Learn how to get Cohesion set up in your project in under 5 minutes

Installation

Step-by-step guides to setting cohesion in your system.

Tools

Learn about the different security tooling.

Integrations

Integrate with your existing tools.

Manual

Learn how to start using Cohesion.


Cohesion

Cohesion is a web application security testing framework and a tool built for continuous integration pipelines. Cohesion is designed with performance and automation in mind. It is a flexible solution that fits perfectly in the DevSecOps guidelines and best-practices.

What is DevSecOps

DevSecOps aim is to embed security methodology and processes at speed and scale and in the thinking process of everyone responsible for delivering software - "everyone is responsible for security". The value of DevSecOps, in terms of engineering, is to provide the ability to continuously attack, test, monitor and determine defects before attackers do.

One of the key pillars of the DevSecOps methodology is the production pipeline for building and deploying the software but also to configure and maintain supporting infrastructure. To make the final product resilient to attack, the production pipeline is responsible for ensuring that all components are fully tested and signed off.

What Cohesion Does

Cohesion fits directly into the continuous integration/delivery cycle before, or even after, code is deployed into a production environment. Cohesion ensures that the code is fully tested against a wide range of attacks such as Cross-Site Scripting, SQL Injection, Server-side Request Forgery, Remote Code Execution and more. Cohesion can test both standard web applications and APIs. It comes with a range of built-in tools that fit into well-established penetration testing practices.

Cohesion can break the pipeline if a critical is identified thus ensuring that vulnerable code is never exposed to production environments. This type of quality assurance control enables development teams to work with high-efficiency and with confidence that bugs will be stopped early in the development cycle.