Configuration

After deploying the Internal Scanner, configure it to scan your applications and integrate with the Detectify platform.

Getting Your Credentials

When Internal Scanning is enabled for your account, you can find all required credentials in the Detectify web application:

1. Navigate to Settings → Internal Scanning
2. Copy the following credentials:
   • License Key - Required for scanner activation
   • API Key - Required for communication with Detectify platform
   • Docker Credentials - Required to pull scanner container images

These credentials are used during deployment in your Terraform configuration.

Verifying Connection

After deployment, verify the scanner is connected to Detectify:

kubectl logs -n scanner -l app=scan-scheduler | grep "connected"

In the Detectify web application, the scanner should appear as Connected under Settings → Internal Scanning.

Creating a Scan Profile

Internal Scanning is used to scan internal web applications. To set up a scan:

1. In Detectify, go to Scan Profiles → Create Profile
2. Select Internal Scan
3. Enter your internal application URL (e.g., https://app.internal.example.com)
4. Configure scan settings (authentication, scan depth, etc.)
5. Save the profile

The scanner deployed in your infrastructure will execute the scan and send results back to Detectify.

Network Configuration

Allowing Scanner Access

The scanner needs network access to your internal applications. Configure your network policies or firewall rules to allow traffic from the scanner’s network to your application ports.

The specific configuration depends on your cloud provider:

• AWS: Security groups - see AWS Terraform guide
• Azure: Network Security Groups (coming soon)
• GCP: Firewall rules (coming soon)

Testing Connectivity

From within the cluster, test that the scanner can reach your application:

# Exec into a scanner pod
kubectl exec -it -n scanner deploy/scan-scheduler -- /bin/sh
 
# Test connectivity
curl -v https://your-internal-app.example.com/health

If the connection fails, check:

1. Network policies allow traffic from scanner pods
2. DNS resolution works for your internal hostnames
3. TLS certificates are valid (or configure the scanner to skip verification for internal certs)

Next Steps

• Scaling & Capacity Planning - Configure resources for your concurrent scan requirements
• Troubleshooting - Monitoring, maintenance, and common issues