Skip to main content

Running Security Scans in the UI

The platform provides multiple ways to run security scans: the Scan Wizard (guided), Scan Groups (batch), and Presets (one-click).

A 4-step guided flow to configure and execute scans.

Step 1: Select Target

  1. Navigate to Security in the sidebar
  2. Click New Scan
  3. Choose target mode:
    • Standalone — enter a target URL, IP address, or hostname directly
    • Project-based — select Project → Environment → Target from dropdowns
  4. Set an optional environment label and version tag

Step 2: Select Scans

Choose which scanners to run:

Quick Profiles — pre-built bundles:

  • Quick — fast assessment (Nikto, basic Nmap)
  • Standard — comprehensive scan (Nikto + Nuclei + Nmap)
  • Deep — full security audit (all scanners, longer duration)

Browse by Category:

  • Infrastructure, Web, Network, API Security, Database, Kubernetes, Container, Reconnaissance
  • Click templates to add them to the selected panel

Search — filter templates by name, tool, or description

The Selected Scans panel on the right shows your current selection with remove buttons.

Step 3: Configure Parameters

For each selected scan, configure parameters:

  • Each scan appears as an expandable accordion
  • Fill in tool-specific parameters (ports, scan depth, timing, etc.)
  • Parameters are pre-filled with sensible defaults from the template
  • Optionally override the target per scan

Step 4: Review & Execute

  1. Review the target summary and selected scans
  2. A risk banner appears for HIGH/CRITICAL risk scans
  3. For high-risk scans, confirm by checking the acknowledgment checkbox
  4. Click Execute
  5. Scans are submitted as jobs — the scanner agent picks them up automatically

Scan Groups

Group multiple scanner templates and targets for batch execution.

Creating a Group

  1. Navigate to SecurityGroups
  2. Click New Group
  3. Fill in:
    • Group Name (required)
    • Description
    • Environment (development, staging, production)
    • Execution Mode:
      • Sequential — scans run one after another
      • Parallel — all scans run simultaneously
      • Batch — grouped execution
  4. Select templates — multi-select from available scan templates
  5. Enter targets — one per line (URLs, IPs, hostnames)
  6. Toggle Compare to Baseline to track changes between runs
  7. Click Save

The sidebar shows a summary: template count, target count, total scans (templates x targets).

Executing a Group

  1. Click Execute on any group in the list
  2. All template-target combinations run according to the execution mode
  3. Monitor progress on the Group Execution page:
    • Progress bar (completed / total scans)
    • Status summary: completed, failed, timeout, pending, running
    • Real-time grid of individual scans (auto-refreshes every 3 seconds)
  4. Click Cancel to stop the execution

Presets (One-Click Scans)

Presets are saved scan configurations for common workflows.

Built-in presets:

  • Quick Web Scan (60s Nikto)
  • Standard Security Audit (2-min Nikto)
  • ZAP Baseline (5-min passive scan)
  • ZAP Active Scan (30-min full scan)
  • ZAP API Security (15-min API-focused scan)

Using a Preset

  1. Navigate to SecurityPresets
  2. Click Execute on any preset
  3. Enter the target URL in the dialog
  4. Click Run — the scan starts immediately

Managing Presets

  • Favorite — star presets for quick access
  • Clone — duplicate a preset with a new name
  • Edit — modify name, description, tags, category, visibility (public/private)
  • Delete — remove a preset

Viewing Scan Results

Scan History

Navigate to SecurityHistory to see all past scans:

  • Filter by: tool, status, target, environment, project
  • Status indicators: Completed, Running, Pending, Failed, Cancelled
  • Each row shows: template, tool, target, duration, finding count by severity
  • Auto-refreshes every 5 seconds while scans are running

Scan Details

Click any scan to view detailed results:

Tabs:

  1. Results — tool-specific parsed output:
    • Nmap: open ports, services, OS detection
    • Nikto: web server issues, headers, misconfigurations
    • Nuclei: CVE matches with severity and references
    • ZAP: alerts grouped by risk level (High, Medium, Low, Informational)
    • SQLMap: injection points, databases, tables discovered
  2. Findings — aggregated vulnerabilities with severity, OWASP category, CWE mapping
  3. Comparison — diff against baseline (if baseline set)
  4. Raw Output — raw scanner output

Setting a Baseline

  1. Open a completed scan's results
  2. Click Set as Baseline
  3. Add optional notes
  4. Future scans of the same type and target show a comparison tab highlighting new, resolved, and unchanged findings

Findings Dashboard

Navigate to Findings to see all vulnerabilities across the project:

Summary cards at the top show counts by severity: CRITICAL, HIGH, MEDIUM, LOW, INFO

Filters:

  • Project, Environment, Target
  • Tool name
  • Severity (multi-select)
  • Text search across title and description

Finding details:

  • Severity (color-coded chip)
  • Title and description
  • Tool that found it
  • OWASP category and CWE mapping
  • Scan date

Finding lifecycle:

  • Update status: OPEN → TRIAGED → IN_PROGRESS → FIXED → VERIFIED
  • Mark as FALSE_POSITIVE or WONT_FIX
  • Status changes are tracked with timestamps

See Finding Lifecycle for details on deduplication, Jira integration, and score impact.