Choose your scan type
| Type | What it tests | Best for |
|---|---|---|
| White-box | Source code (SAST, SCA, secrets) | Finding code-level vulnerabilities |
| Black-box | Running application (DAST, fuzzing) | Finding runtime and API vulnerabilities |
| Full (Hybrid) | Both source code and running app | Maximum coverage |
Launch the scan
After onboarding and payment, your first scan launches automatically. For subsequent scans:- Click New Scan in the sidebar
- Select your target
- Choose scan type and configuration
- Click Launch
Monitor progress
The scan detail page shows real-time progress:- Progress bar — current scan phase (reconnaissance → vulnerability analysis → report generation)
- Terminal — live output from the scan engine
- Sandbox — CPU, memory, and network metrics of your dedicated Kali Linux instance
- Findings — vulnerabilities appear as they’re discovered
Scans run in an isolated Kali Linux sandbox. Each scan gets its own dedicated instance that’s destroyed after completion.
Scan phases
- Provisioning — spinning up your dedicated sandbox (1–3 min)
- Cloning — pulling your source code
- Reconnaissance — mapping the application surface
- Vulnerability analysis — testing for security issues
- Verification — confirming findings are real
- Report generation — producing your results
Next step
Understanding Results
Learn how to read and act on your scan findings.