Requirements
Before deploying the Internal Scanner, ensure your environment meets the following requirements.
Infrastructure Requirements
Kubernetes Cluster
The Internal Scanner runs on Kubernetes. You need:
| Requirement | Details |
|---|---|
| Kubernetes Version | >= 1.28 |
| Node Autoscaling | Recommended for dynamic workloads |
| Persistent Storage | Required for Redis (8+ Gi) |
| Load Balancer | Internal load balancer for scanner endpoint |
Minimum Resources
For a minimal deployment supporting 5 concurrent scans:
| Resource | Minimum |
|---|---|
| Total CPU | 2 vCPU |
| Total Memory | 8 Gi |
| Storage (Redis) | 8 Gi |
For detailed capacity planning, see Scaling & Capacity Planning.
Network Requirements
Outbound Connectivity
The scanner requires outbound-only internet access:
| Destination | Port | Purpose |
|---|---|---|
| Detectify Platform | 443 (HTTPS) | API communication, job retrieval, results upload |
| Container Registry | 443 (HTTPS) | Pull scanner container images |
No inbound internet access is required. The scanner is deployed with an internal load balancer accessible only from within your private network.
Internal Access
The scanner needs network access to your internal applications:
Scanner (Private Network) → Your Applications (Private Network)Ensure your network policies or security groups allow traffic from the scanner’s network to your application ports (typically 80, 443, or custom ports).
Software Requirements
| Tool | Version | Purpose |
|---|---|---|
| Terraform | >= 1.5.0 | Infrastructure provisioning |
| kubectl | >= 1.28 | Kubernetes management |
| Helm | >= 3.0 | Application deployment (managed by Terraform) |
Additional tools depend on your cloud provider:
- AWS: AWS CLI >= 2.0
- Azure: Azure CLI (coming soon)
- GCP: gcloud CLI (coming soon)
Container Images
Detectify provides container images for:
- Scan Scheduler
- Scan Manager
- Chrome Controller
- Pushgateway (optional, for metrics)
Images are distributed via a private container registry. Your Detectify account team will provide access credentials.
Detectify Account Requirements
A Detectify account with Internal Scanning enabled is required. Once enabled, you can find all credentials in the Detectify web application under Settings → Internal Scanning:
- License Key - Activates the scanner
- API Key - Enables communication with Detectify
- Docker Credentials - Access to pull container images
Deployment Options
| Cloud Provider | Status | Guide |
|---|---|---|
| AWS | Available | Terraform |
| Azure | Coming Soon | Terraform |
| Google Cloud | Coming Soon | Terraform |
Next Steps
Choose your deployment target:
- Deployment Options - Overview of all methods
- AWS with Terraform - EKS deployment
- Azure with Terraform - AKS (coming soon)
- GCP with Terraform - GKE (coming soon)