Use Cases
Detectify supports a range of security workflows depending on your organization’s maturity, compliance requirements, and infrastructure. This section outlines common use cases and how Detectify’s products map to each.
Common Use Cases
Attack Surface Visibility
Discover and inventory your organization’s internet-facing assets, including subdomains, IP addresses, open ports, and running technologies that may not be tracked in existing asset management systems.
When to use: You need a complete picture of what your organization exposes to the internet, especially with decentralized infrastructure management.
Learn more about attack surface visibility
Continuous Security Testing
Run automated security assessments on an ongoing basis rather than relying on periodic penetration tests. Surface Monitoring watches your attack surface 24/7, while Application Scanning and API Scanning run on configurable schedules to catch new vulnerabilities as your applications change.
When to use: You ship frequently and need continuous assurance between annual penetration tests.
Learn more about continuous security testing
Pre-Production Scanning
Integrate security testing into your CI/CD pipeline to catch vulnerabilities before they reach production. Use the Detectify API to trigger scans against staging environments and set deployment gates based on scan results.
When to use: You want to catch vulnerabilities in staging before deploying to production.
Learn more about pre-production scanning
Compliance and Audit
Generate continuous evidence of vulnerability management for compliance frameworks like ISO 27001 and SOC 2. Detectify’s scan history, finding lifecycle tracking, and exportable reports provide the documentation auditors require.
When to use: You need to demonstrate ongoing vulnerability management to auditors or certification bodies.
Learn more about compliance and audit
Choosing the Right Approach
| If you need… | Start with… |
|---|---|
| Visibility into unknown assets | Surface Monitoring for discovery, then Application Scanning for deep testing |
| Security testing in CI/CD | Application Scanning or API Scanning with API-triggered scans |
| Compliance evidence | Scheduled scans with Surface Monitoring and Application Scanning |
| Internal application testing | Internal Scanning with the deployed agent |
| Full coverage | All four products working together |
Next Steps
- Get Started — Set up your account and configure your first scan
- Platform Overview — Understand the full Detectify platform