Running Security Scans in the UI
The platform provides multiple ways to run security scans: the Scan Wizard (guided), Scan Groups (batch), and Presets (one-click).
Scan Wizard (Recommended)
A 4-step guided flow to configure and execute scans.
Step 1: Select Target
- Navigate to Security in the sidebar
- Click New Scan
- Choose target mode:
- Standalone — enter a target URL, IP address, or hostname directly
- Project-based — select Project → Environment → Target from dropdowns
- Set an optional environment label and version tag
Step 2: Select Scans
Choose which scanners to run:
Quick Profiles — pre-built bundles:
- Quick — fast assessment (Nikto, basic Nmap)
- Standard — comprehensive scan (Nikto + Nuclei + Nmap)
- Deep — full security audit (all scanners, longer duration)
Browse by Category:
- Infrastructure, Web, Network, API Security, Database, Kubernetes, Container, Reconnaissance
- Click templates to add them to the selected panel
Search — filter templates by name, tool, or description
The Selected Scans panel on the right shows your current selection with remove buttons.
Step 3: Configure Parameters
For each selected scan, configure parameters:
- Each scan appears as an expandable accordion
- Fill in tool-specific parameters (ports, scan depth, timing, etc.)
- Parameters are pre-filled with sensible defaults from the template
- Optionally override the target per scan
Step 4: Review & Execute
- Review the target summary and selected scans
- A risk banner appears for HIGH/CRITICAL risk scans
- For high-risk scans, confirm by checking the acknowledgment checkbox
- Click Execute
- Scans are submitted as jobs — the scanner agent picks them up automatically
Scan Groups
Group multiple scanner templates and targets for batch execution.
Creating a Group
- Navigate to Security → Groups
- Click New Group
- Fill in:
- Group Name (required)
- Description
- Environment (development, staging, production)
- Execution Mode:
- Sequential — scans run one after another
- Parallel — all scans run simultaneously
- Batch — grouped execution
- Select templates — multi-select from available scan templates
- Enter targets — one per line (URLs, IPs, hostnames)
- Toggle Compare to Baseline to track changes between runs
- Click Save
The sidebar shows a summary: template count, target count, total scans (templates x targets).
Executing a Group
- Click Execute on any group in the list
- All template-target combinations run according to the execution mode
- Monitor progress on the Group Execution page:
- Progress bar (completed / total scans)
- Status summary: completed, failed, timeout, pending, running
- Real-time grid of individual scans (auto-refreshes every 3 seconds)
- Click Cancel to stop the execution
Presets (One-Click Scans)
Presets are saved scan configurations for common workflows.
Built-in presets:
- Quick Web Scan (60s Nikto)
- Standard Security Audit (2-min Nikto)
- ZAP Baseline (5-min passive scan)
- ZAP Active Scan (30-min full scan)
- ZAP API Security (15-min API-focused scan)
Using a Preset
- Navigate to Security → Presets
- Click Execute on any preset
- Enter the target URL in the dialog
- Click Run — the scan starts immediately
Managing Presets
- Favorite — star presets for quick access
- Clone — duplicate a preset with a new name
- Edit — modify name, description, tags, category, visibility (public/private)
- Delete — remove a preset
Viewing Scan Results
Scan History
Navigate to Security → History to see all past scans:
- Filter by: tool, status, target, environment, project
- Status indicators: Completed, Running, Pending, Failed, Cancelled
- Each row shows: template, tool, target, duration, finding count by severity
- Auto-refreshes every 5 seconds while scans are running
Scan Details
Click any scan to view detailed results:
Tabs:
- Results — tool-specific parsed output:
- Nmap: open ports, services, OS detection
- Nikto: web server issues, headers, misconfigurations
- Nuclei: CVE matches with severity and references
- ZAP: alerts grouped by risk level (High, Medium, Low, Informational)
- SQLMap: injection points, databases, tables discovered
- Findings — aggregated vulnerabilities with severity, OWASP category, CWE mapping
- Comparison — diff against baseline (if baseline set)
- Raw Output — raw scanner output
Setting a Baseline
- Open a completed scan's results
- Click Set as Baseline
- Add optional notes
- Future scans of the same type and target show a comparison tab highlighting new, resolved, and unchanged findings
Findings Dashboard
Navigate to Findings to see all vulnerabilities across the project:
Summary cards at the top show counts by severity: CRITICAL, HIGH, MEDIUM, LOW, INFO
Filters:
- Project, Environment, Target
- Tool name
- Severity (multi-select)
- Text search across title and description
Finding details:
- Severity (color-coded chip)
- Title and description
- Tool that found it
- OWASP category and CWE mapping
- Scan date
Finding lifecycle:
- Update status: OPEN → TRIAGED → IN_PROGRESS → FIXED → VERIFIED
- Mark as FALSE_POSITIVE or WONT_FIX
- Status changes are tracked with timestamps
See Finding Lifecycle for details on deduplication, Jira integration, and score impact.