Getting Started MSP Scanning Workers and Agents Billing and Plans API and Webhooks Platform Administration Security

Scanning

Scanning and Results

Configure targets, select from 48 open-source engines, follow the V2 scan lifecycle, and interpret outputs.

1Scan Overview

A scan is a top-level document under /scansV2/{scanId} containing one step per engine. Status streams to Firestore in real time — the UI subscribes via snapshot listener.

V2 data model

/scansV2/{scanId}                  ← scan job document
  .orgId, .status, .engines        ← tenant scope + config
  .resolvedEngines[]               ← validated engine list
  .targetType                      ← file | directory | sbom | container | url
  /steps/{stepId}                  ← per-engine step
    .engine, .status               ← engine ID + state
    .lease.workerId                ← acquired worker
    .lease.leaseToken              ← ownership proof
    .lease.expiresAt               ← auto-reclaim deadline
    .input.storagePath             ← GCS path to target
    .output, .durationMs           ← results + timing
  /findings/{findingId}            ← engine-produced findings
    .severity, .title, .engine     ← finding details
    .cve, .package, .description   ← vulnerability context

2Supported Engines (48)

Malware

ClamAV

Free

Open-source AV engine

YARA

Free

Pattern matching rules

Loki

Pro

IOC scanner (YARA+hashes)

capa

Pro

PE capability analysis

oletools

Pro

Office malware analysis

FLOSS

Pro

String extraction (Mandiant)

Defender

Enterprise

Windows Defender AV

Triage

Detect It Easy

Free

Packer/compiler detection

ExifTool

Free

Metadata extraction

pdfid + pdf-parser

Pro

Suspicious PDF analysis

ssdeep + TLSH

Pro

Fuzzy hashing

Sysinternals Suite

Enterprise

PE string/signature tools

Vulnerability

Grype

Free

SBOM/container CVE scanner

Trivy

Free

Comprehensive vuln scanner

npm audit

Free

Node.js dependency audit

pip-audit

Free

Python dependency audit

OSV Scanner

Pro

Google OSV database

OWASP Dep-Check

Pro

NVD-based SCA

RetireJS

Pro

JS library vuln scanner

Nuclei

Enterprise

Template web scanner

Nikto

Enterprise

Web server scanner

OWASP ZAP

Enterprise

DAST proxy scanner

Supply Chain

Syft

Free

SBOM generation

cyclonedx-cli

Free

SBOM validation/merge

OSSF Scorecard

Pro

OSS project health scoring

SAST / Code

Semgrep

Pro

1000+ rules, 20+ languages

Bandit

Pro

Python security linter

ESLint Security

Pro+

JS/TS security rules

Gosec

Pro+

Go security checker

PHPStan Security

Pro+

PHP static analysis

Secrets

Gitleaks

Pro

Git credential scanner

detect-secrets

Pro

Baseline secret detection

TruffleHog

Pro+

Verified secret scanner

IaC

Checkov

Pro

Terraform/K8s misconfig

Hadolint

Pro

Dockerfile linter

Dockle

Pro

Container image checker

tfsec

Pro+

Terraform security

KICS

Pro+

IaC scanner (Checkmarx)

KubeLinter

Pro+

K8s YAML linter

Terrascan

Pro+

IaC OPA policy scanner

Compliance

chkrootkit

Free

Linux rootkit detection

rkhunter

Free

Rootkit/backdoor scanner

Lynis

Enterprise

Linux security audit

OpenSCAP

Enterprise

NIST/CIS compliance

Licensing

ScanCode Toolkit

Pro

License/IP scanner

license-checker

Pro+

Node.js license checker

Sandbox / Forensic

CAPEv2 Sandbox

Enterprise

Dynamic malware analysis

Volatility 3

Enterprise

Memory forensics

All engines are open source. No proprietary scanning engines are used.

3Scan Lifecycle

pending→running→succeeded→failed→canceled

Steps use lease-based worker assignment. Each step has an idempotency key — failing workers lose their lease and the step is automatically re-queued. Engine circuit breakers skip engines with high failure rates until recovery.

4Outputs and Logs

All scan artifacts are stored in private Cloud Storage under org+scan scope:

orgs/{orgId}/scans/{scanId}/inputs/

orgs/{orgId}/scans/{scanId}/outputs/{engine}/

orgs/{orgId}/scans/{scanId}/logs/{engine}/

orgs/{orgId}/scans/{scanId}/sbom/

Download URLs are signed and time-limited — requested via callable function, never exposed directly.

5Troubleshooting

Scan stalls in pendingCheck worker availability in Settings → Agents. Verify Cloud Tasks queue health and worker heartbeats.

Step stays in runningCheck lease expiry. Expired leases are automatically reclaimed by the stuck sweeper. Worker may have crashed.

Engine circuit-openedEngine hit failure threshold. Check engine health in /engineHealth/{engineId}. Circuit auto-closes after cooldown.

Denied by plan limitCheck entitlements and monthly scan credits in Settings → Billing.

Findings not showingV2 findings are stored per-scan under /scansV2/{id}/findings. Check the Findings page aggregates both V1 and V2.

What's Next?

Workers and Agents

How engines are executed and isolated

API and Webhooks

List scans and findings via API

MSP Management

Running scans for customer orgs

Admin Guide

Platform-wide scan management