Welcome to the Ostorlab documentation! These pages cover what Ostorlab is, how to get started using it, and reference materials for its features.
Ostorlab is a security testing tool for Mobile (Android and IOS), Web and Attack Surface powered by an Open-Source engine. Ostorlab addresses the full cycle of vulnerability management, from inventory, asset discovery, scanning, monitoring, policy definition and enforcement up to remediation.
Get startedOstorlab helps through the whole journey. Start by discovering and managing your infrastructure and external assets. Run scans for the critical ones and analyze and aggregate the vulnerabilities.
Integrate with your CI/CD pipelines, and finally set monitoring rules to trigger scans with every change.
Manage your attack surface and discover all of your assets, especially those you don't know about.
Run scans on your Mobile Applications, Web Applications & APIs, and Networks, All in the same platform.
Follow your code Call Traces, API calls, and traffic. Get into the Attacker's shoes and see exactly what they would see.
Aggregate vulnerabilities into tickets, assign them to developers, set timelines, and let Ostorlab verify the fixes.
Effortlessly & automatically trigger a scan with every change, from a new application release to an API schema change.
Integrate Ostorlab to your CI/CD pipeline in Jenkins, Github, or GitLab and make sure your applications are secure before being shipped.