Skip to Content
Detectify for CompliancePCI ASV ScanningScan Results & Compliance

Scan Results & Compliance

After each scan completes, a compliance result is determined based on the vulnerabilities found. This page explains how to interpret results and maintain compliance.

Understanding Pass and Fail

Each completed scan receives a compliance result:

  • Pass — No vulnerabilities were found that would cause a PCI DSS compliance failure. An Attestation of Scan Compliance (AoSC) is issued.
  • Fail / Non-Compliant — One or more vulnerabilities were identified that require remediation, or an active security system (such as a WAF or IPS) was detected interfering with the scan. Per PCI SSC mandates, scanners must have unimpeded access to the target to provide a valid compliance report.

The result is based on the compliance assessment performed by Clone Systems, the certified ASV powering the scans.

Compliance Dashboard

The ASV Scanning page provides two summary cards at the top:

Used Profiles

Shows how many scan profiles you have created out of your total purchased capacity. For example, “2/3” means 2 profiles are in use out of 3 available slots.

  • If capacity is available, the card shows how many profiles remain
  • If all slots are used, it displays “Max capacity reached”

Compliant Profiles

Shows how many of your profiles have passing scan results.

  • All profiles passed — Displayed when every profile with scan results has a passing status
  • X failed compliance — Displayed when one or more scanned profiles have failing results
  • X passed, Y profiles not scanned — Displayed when some profiles have passing results but others haven’t been scanned yet

Scan History

Click on a profile name to view its detail page, which includes:

  • Latest Scan Results — The compliance result and vulnerability breakdown (High, Medium, Low) from the most recent completed scan with a report
  • Overview — Target information, scan schedule, and last scanned date
  • Scan History table — A complete list of all scans for this profile, showing the scan date, status, compliance result, vulnerability counts, and report download

Scan Statuses

StatusDescription
QueuedScan is scheduled and waiting to start
RunningScan is currently in progress
DoneScan has completed
StoppedScan was stopped before completion
FailedScan encountered an error during execution

Remediation Workflow

When a scan fails:

  1. Review the Detailed Report — Download the detailed report to understand which vulnerabilities were found and their severity
  2. Remediate vulnerabilities — Address the identified issues in your infrastructure
  3. Re-scan — Wait for the next scheduled scan or contact support to trigger a re-scan. New reports are generated quickly after a re-test
  4. Verify compliance — Confirm that the new scan result shows “Pass”

Maintaining Compliance

To stay PCI DSS compliant:

  • Scan at least every 90 days — This is the minimum requirement. Monthly scanning is recommended.
  • Maintain a four-scan trail — Keep records of at least four consecutive quarterly scans (one year of history)
  • Remediate failures promptly — Address any failed scans before the next quarterly deadline
  • Download and store reports — Reports are retained for 3 years, but we recommend downloading and storing them in a secure location for longer retention
Last updated on
Managing Scan ProfilesReports & Evidence