Cyver Core is a pentest collaboration and management platform offering pentest as a service delivery, pentest report automation, and a full suite of work management tools. With the Continuous Assessments + Integrated Scanner Add-On, you get added capabilities to deliver scanning to your customers – with everything integrated directly into the platform. 

That means a seamless service where you run scans and deliver results automatically upload to the platform – with your choice of automatically publishing findings and reports or reviewing them first. 

Of course, Cyver Core’s API means you can build an integration for any scanner you like. However, our integrated scanner means everything is handled for you and you can deliver scanning, DAST, surface management, and more to your clients at the push of a button.  

What are Continuous Assessments? 

Cyver Core’s Continuous Assessments feature is a pentest reporting framework designed around delivering results for ongoing pentests and scans. You set up a pentest or scan in the Cyver Core portal. Then you create instances or “runs”. These runs automatically upload to the same project in the portal, with vulnerabilities per instance, repeat vulnerabilities, and in which run the vulnerability was found. That makes it easier for dev teams to act on findings, to see if findings are fixed, and to trace reoccurrences to specific updates or changes. 

It’s also ideal for delivering repeated pentest or scan results. And, it supports any frequency of scans. For example, you can schedule scans daily, weekly, monthly, or even quarterly. The results will upload to the same place either way. 

Cyver Core’s Scanner 

You can choose to integrate your own scanner into Continuous Assessments. However, with the integrated scanner, you get access to an integration, so everything is handled smoothly and automatically. That means you can: 

  • Schedule scans and have them run automatically on a specific date
  • Automatically upload findings and map them to your vulnerability library 
  • Automatically deliver findings and results to the client 

In short, with the integrated scanner, you get the option to fully automate scan delivery. That works if you already have your vulnerability library in place and largely just have to import findings and send them to the client. 

You can also manually edit the findings, use our generative AI to generate findings remediation recommendations, and add your own manual insights to every finding before you submit to the client. It’s also up to you whether you generate a report for each run or simply deliver findings as tickets. 

Using the reNgine Scanner 

Cyver Core works with top-rated open source scanners to deliver a selection of scanners. Our most popular is reNgine, which offers: 

  • Reconnaissance including subdomain discovery, IP/Open Port identification, Endpoint discovery, fuzzing, Screenshot gathering, 
  • Vulnerability scan with Nuclei/WHOIS, WAF Detection
  • YAML-based scan engines
  • Parallel and subscanning
  • OSINT
  • Periodic or timed scheduling 
  •  Screenshot gallery
  • Automatic recon data updates 

You can also learn more at reNgine’s official site https://rengine.wiki/

Why Use Cyver Core’s Integrated Scanner? 

Adding Cyver Core’s integrated scanner into your toolkit means you can seamlessly offer scans, DAST, and attack surface management as part of your services, without adding on real additional work for your firm. 

  • Fully integrated into the platform. Push a button and it’s ready to go. That means no maintenance for your team to worry about or keep up with 
  • Automate as much as you want, with scheduling, automatic finding generation, and automatic report generation  
  • Automatically track findings to runs so you can see reoccurrences, remediation, and time-to-fix right in the portal 
  • Go as hands on as you want, with options to fully customize content before delivery
  • Automatically upload findings and add information from your vulnerability library or generate custom content with our AI integration  
  • Deliver centralized vulnerability management with everything in the Cyver Core portal 
  • Automatically compare and consolidate findings across the same project so clients can get real vulnerability insights 
  • Connect API and deliver automatic compliance services such as SOC, PCI DSS, and more. 

Whether your firm is looking to deliver scans as part of compliance, DAST, attack surface management, or to add scanning to your manual pentest services, Cyver’s Integrated Scanner offers a solution. 

If you’d like to learn more, contact us for a demo or reach out to your customer success manager to learn more.