Use Cases
The Internal Scanning Agent enables two primary use cases that help organizations secure their applications throughout the development lifecycle.
Internal Network Vulnerability Scanning
Scan web applications inside your private network without opening your firewall to external scanners.
How It Works
- Deploy the agent in the same network as the applications to scan, or in a network that has access to them
- Configure scan targets and schedules through the Detectify Platform UI
- Agent polls Detectify Platform for scheduled scans and configuration settings
- Scanner executes scans against your internal applications when scheduled
- Findings are pushed to Detectify Platform and displayed in the unified dashboard
Benefits
| Benefit | Description |
|---|---|
| No firewall changes | The scanner initiates all connections outbound - no inbound rules required |
| Unified visibility | View internal and external scan results in a single dashboard |
| Distinguish attack surfaces | Results are clearly labeled as internal or external in the UI |
| Same scanning engine | Internal scans use the same DAST engine as external scans |
| Centralized management | Configure, schedule, and manage all scans from Detectify Cloud |
Typical Environments
- Internal APIs and microservices
- Admin panels and back-office applications
- Staging environments that mirror production
- Applications in private VPCs or on-premises data centers
Pre-Production Pipeline Scanning
Integrate vulnerability scanning into your CI/CD pipeline to catch security issues before they reach production.
How It Works
- Set up the Internal Scanning Agent in your pre-production environment
- Trigger scans from your CI/CD pipeline when deploying to staging
- Scanner executes DAST tests against your staged application
- Results are sent to both destinations:
- Detectify Platform - for centralized visibility, tracking, and reporting
- CI/CD Pipeline - for immediate developer feedback and deployment gates
- Pass/fail gates can block deployment if critical vulnerabilities are found
Benefits
| Benefit | Description |
|---|---|
| Shift-left security | Find vulnerabilities before they reach production |
| Fast feedback loop | Developers get scan results directly in the pipeline |
| Centralized results | All findings are still visible in Detectify UI for tracking |
| Automated quality gates | Block deployments based on vulnerability severity |
| Consistent testing | Every deployment gets the same security checks |
Integration Guides
Ready to set up CI/CD integration? See our detailed guides:
- GitLab CI/CD - Complete setup guide with examples
- GitHub Actions - Coming soon
- Jenkins - Coming soon
- Azure DevOps - Coming soon
Or see the CI/CD Integrations overview for all options.
Example Workflow
Multiple Agents
You can deploy multiple Internal Scanning Agents across different networks or environments. All agents report to the same Detectify Platform, giving you:
- Unified visibility - Results from all agents appear in one dashboard
- Network isolation - Each agent scans only the networks it can access
- Regional coverage - Deploy agents in different data centers or cloud regions
- Environment separation - Separate agents for development, staging, and production
This applies to both use cases - whether you’re scanning internal networks or integrating with CI/CD pipelines, you can scale with multiple agents while maintaining a single view of your security posture.
Comparing Use Cases
| Aspect | Internal Network Scanning | Pipeline Scanning |
|---|---|---|
| Primary goal | Ongoing security monitoring | Pre-deployment validation |
| Scan trigger | Scheduled via Detectify UI | Triggered by CI/CD pipeline |
| Results destination | Detectify Platform | Detectify Platform + CI/CD pipeline |
| Feedback speed | Results available in Detectify | Immediate pipeline feedback + Detectify |
| Target environment | Production-like internal apps | Staging/pre-production |
| Typical frequency | Daily/weekly scheduled scans | Every deployment |
Getting Started
Both use cases use the same Internal Scanning Agent. Choose your path:
- Requirements - Infrastructure prerequisites
- Deploy - Set up the agent in your environment
- Configuration - Configure scan targets
- CI/CD Integrations - Set up pipeline-triggered scans