Overview

Security vulnerabilities hide in complex codebases and evolve with new threats. Zenable provides continuous security scanning with context-aware vulnerability detection and remediation, delivering a proactive security posture with significant reduction in vulnerabilities reaching production.

Out-of-the-Box Protection

Zenable automatically detects these security vulnerabilities:

Standard Security Checks

  • OWASP Top 10 - SQL injection, XSS, broken auth, etc.
  • Cryptographic Weaknesses - Weak algorithms, poor randomness
  • Hardcoded Secrets - API keys, passwords, tokens
  • Injection Attacks - Command, LDAP, XML injection
  • Insecure Deserialization - Unsafe object handling
  • Known CVEs - Checks against vulnerability databases

Custom Security Requirements

Enforce your organization’s specific security policies:
“All financial transactions must use our SecurePayment service with dual-approval workflow, all PII must be encrypted with AES-256-GCM, and all external APIs must use mTLS with certificate pinning.”

In Action

# Run comprehensive security scan with both standard and custom checks
uvx zenable-mcp check '**/*.{py,js,ts,go,java}'

Custom Security Examples

Example: Financial Services Requirements

Your Policy: “All payment processing must use tokenization and include fraud detection scoring” 
# ❌ AI/developer might write
def process_payment(card_number, amount):
    charge_card(card_number, amount)
    return "success"

# ✅ Zenable enforces your requirements
def process_payment(payment_token, amount, user_context):
    fraud_score = fraud_detection.analyze(user_context, amount)
    if fraud_score > 0.7:
        security_team.alert(user_context, fraud_score)
        return "requires_review"

    result = tokenized_payment.process(payment_token, amount)
    audit_log.record_payment(result, fraud_score)
    return result

Example: Healthcare Data Protection

Your Policy: “All PHI must be encrypted at field level with key rotation every 30 days” 
# ❌ Standard encryption
def store_patient_data(patient_data):
    encrypted = encrypt(json.dumps(patient_data))
    db.save(encrypted)

# ✅ Zenable enforces field-level encryption
def store_patient_data(patient_data):
    encrypted_fields = {}
    for field, value in patient_data.items():
        if field in PHI_FIELDS:
            key = key_manager.get_current_key(field)
            encrypted_fields[field] = field_encrypt(value, key)
        else:
            encrypted_fields[field] = value

    db.save(encrypted_fields)
    key_manager.schedule_rotation()

Example: Zero Trust Architecture

Your Policy: “All internal service calls must use mutual TLS with service mesh integration” 
# ❌ Direct service calls
def get_user_profile(user_id):
    response = requests.get(f"http://user-service/users/{user_id}")
    return response.json()

# ✅ Zenable enforces zero trust
def get_user_profile(user_id):
    response = service_mesh.call(
        service="user-service",
        endpoint=f"/users/{user_id}",
        mtls_cert=get_service_certificate(),
        verify_peer=True,
        timeout=5000
    )
    return response.json()

Benefits

  • Proactive Security Posture - Find vulnerabilities before attackers do
  • Custom Policy Enforcement - Ensure your specific security requirements are met
  • Reduced Security Debt - Prevent vulnerabilities from accumulating
  • Compliance Ready - Meet regulatory security requirements