loading
Loading content
loading
Also known as vuln scanning
Vulnerability scanning checks hosts, services, and applications against a database of known issues. A scanner probes targets, compares responses and version banners to signatures, and reports matches such as missing patches, default credentials, exposed admin panels, and weak TLS settings. Most findings map to a published CVE and carry a CVSS score so teams can rank what to fix first.
Scanning matters because it scales to surface that no human could review by hand. A single run can cover thousands of hosts and flag the low-hanging issues attackers reach for early. It does not confirm exploitability the way a penetration test does, and it produces false positives, so a scan starts a triage process rather than ending one.
In an automated pipeline, scanning sits right after discovery. New assets feed into a scanner template, results land in a normalized store, and you diff against the previous run to surface only what changed. Web targets often get a dynamic application security testing pass alongside the host scan. Scheduling the whole chain keeps coverage current as the surface shifts, and routing high-severity hits to alerts shortens the window an attacker has to act.
Related terms