Platform Capabilities

Full-Stack Security: IaC · SAST · Cloud · Teams + More

VulnProScan covers your entire application and infrastructure security lifecycle — from infrastructure-as-code misconfigurations caught pre-deploy, to static code analysis in your pipeline, to live cloud configuration auditing, runtime DAST, and collaborative multi-user team workflows. One authorized platform.

Start Free Trial Compare Plans Upgrade for Teams →

New: IaC · SAST · Cloud Audit · Multi-User Teams

Four new capability areas — added without changing existing DAST, API, container, SCA, or host scanning workflows. Shift left with IaC and SAST, extend right with cloud auditing, and collaborate with your team.

Starter+

IaC Scanning

Terraform · CloudFormation · Kubernetes YAML · ARM Templates

Catch infrastructure misconfigurations before they reach production. VulnProScan runs Checkov against your infrastructure-as-code definitions and surfaces security risks with severity ratings and remediation guidance — directly in your dashboard or CI pipeline.

Supported frameworksTerraform, CloudFormation, Kubernetes YAML, ARM templates, Dockerfiles, Serverless Framework.

What it findsPublicly accessible S3 buckets, IAM wildcard permissions, missing encryption at rest/in transit, insecure security group rules, over-permissive RBAC in K8s manifests.

Tier breakdownStarter includes IaC lite (Terraform + CloudFormation). Pro+ enables the full framework set. Business+ adds drift detection — compare IaC definitions against live cloud state.

CI/CD integrationPOST to /api/ci/modular-scan-webhook with your ZIP artifact. Returns findings JSON and a pass/fail status code — gate deployments on security results.

Start Free Trial

Pro+

SAST — Static Code Analysis

JavaScript · TypeScript · Python · Go · OWASP Top 10 · CWE

Surface vulnerabilities in your source code before deployment. Semgrep OWASP pack analysis identifies injection flaws, hardcoded secrets, insecure deserialization, and more — with code-level fix guidance mapped to CWE identifiers so developers know exactly what to change.

LanguagesJavaScript, TypeScript, Python, Go. Upload a ZIP of your source or connect via the CI webhook.

Rule packSemgrep p/owasp-top-ten — covers injection (A03), insecure design patterns (A04), security misconfiguration (A05), and more.

Per-finding outputFile path, line number, CWE ID, OWASP category, severity, and an inline code-level fix recommendation.

ROITeams that catch injection and authentication flaws in code review instead of production spend 6× less on remediation (NIST estimate). SAST is the fastest payback scan type.

Try SAST on Pro

Pro+

Cloud Configuration Audit

AWS · Azure · GCP · IAM · S3 · Policies · Runtime Registries

Validate your live cloud environment against security best practices. Prowler auditing connects to AWS, Azure, and GCP to check IAM configurations, storage bucket policies, network rules, logging, and encryption — finding the gaps attackers look for.

Cloud providersAWS (IAM, S3, VPC, CloudTrail, RDS, Lambda), Azure, and GCP configuration checks.

What it auditsOver-permissive IAM roles, public-access storage buckets, missing CloudTrail logging, disabled MFA enforcement, insecure security groups, unencrypted snapshots.

Runtime registriesAudits ECR, ACR, and GCR configuration alongside your container image CVE scanning for unified cloud coverage.

Business+ drift detectionCompare your IaC definitions against live cloud state. Surface resources that were deployed outside Terraform/CloudFormation and identify configuration drift before it becomes a breach.

Try Cloud Audit on Pro

Business+

Multi-User Teams, Enterprise RBAC & Governance

Admin / Security Analyst / Viewer · SCIM + SSO/SAML · Audit Logs

Security is a team sport. VulnProScan Business introduces shared team workspaces with three-tier RBAC enforced at the API level. Enterprise extends to unlimited teams with SSO/SAML identity integration, SCIM directory sync, immutable audit logs, and compliance snapshot automation.

Three-tier RBACAdmin (full control), Security Analyst (scans, findings, cloud posture, compliance reports), and Viewer (read-only). Permissions enforced at the API level — not just in the UI.

SSO/SAML 2.0 + SCIM provisioningSP-initiated SAML 2.0 with JIT user provisioning. SCIM 2.0 (RFC 7644) for automated user and group management — compatible with Okta, Azure AD, and any compliant IdP. Deprovisioned users are automatically blocked.

Immutable audit logsEvery scan, sign-in, team change, finding update, and compliance snapshot is recorded with timestamp, user, IP, and outcome. Exportable for SOC 2 and ISO 27001 audit evidence packages.

Business vs. EnterpriseBusiness: up to 10 users with RBAC and compliance reports. Enterprise: unlimited teams, SSO/SAML, SCIM, audit logs, SLA tracking, finding governance, cloud drift detection, and procurement-ready agreements.

Upgrade for Teams

Full scanning portfolio — all scan types, one platform

IaC, SAST, and cloud auditing are additive — all existing DAST, API, container, SCA, and host scanning workflows remain unchanged. Every scan type surfaces findings in the same unified dashboard.

Web Application Scanning (DAST)

ZAP-powered · 12 OWASP domains · Authenticated scanning

XSS, SQL injection, CSRF, path traversal, open redirect detection
Authenticated scanning with session management for deeper coverage
Security headers, TLS, CORS, and session cookie analysis
Pairs with SAST to cover both source-code and runtime attack surfaces

All plans

API Security Scanning

REST · GraphQL · OpenAPI/Swagger

Import OpenAPI/Swagger specs or connect GraphQL endpoints
Authorization bypass, injection, and excessive data exposure testing
CORS misconfiguration and verbose error detection
Works alongside SAST for pre- and post-deploy API coverage

All plans

Container & Kubernetes Scanning

Docker Hub · ECR · ACR · GCR · K8s cluster workloads

CVE detection and OS package scanning across registry images
Kubernetes cluster discovery and workload security analysis
IaC scanning covers K8s YAML pre-deploy (see IaC section)
Prevent vulnerable images from reaching production registries

All plans

Dependency Scanning / SCA

SBOM · JavaScript · Python · Java · Supply chain risk

Upload manifests or connect repositories to identify vulnerable libraries
SBOM (Software Bill of Materials) export for compliance and audit
Fix recommendations mapped to published CVEs and advisories
Track supply chain risk across all your applications in one view

All plans

Host & Configuration Scanning

CIS Benchmark · OS hardening · Service exposure

Exposed service and open port analysis against baseline configurations
OS hardening checks aligned to CIS Benchmark guidance
Internal scanner connector for hosts not reachable from the public internet
Complements cloud audit for full infrastructure coverage

Pro+

Validation Mode

Proof-based verification · Confirmed exploitability · Authorized scope

Opt-in workflow for high-severity findings — generates reproducible evidence
Confirmed findings display a "Verified" badge in the unified dashboard
Operates strictly within your defined scan scope — no lateral movement
Reduces false-positive escalations before committing developer time

Pro+

How it fits your pipeline: IaC → SAST → Cloud → Runtime

VulnProScan maps to your existing delivery workflow. No agents to maintain — just upload, connect, or POST to the CI webhook at each stage.

1. Code

SAST

Semgrep

JS/TS/Python/Go · OWASP/CWE

2. IaC

IaC Scan

Checkov

Terraform · CF · K8s YAML

3. Build

Container

CVE scan

Docker · ECR · ACR · GCR

4. Deploy

Cloud Audit

Prowler

AWS · Azure · GCP

5. Runtime

DAST + API

ZAP

Web · REST · GraphQL

6. Post-Deploy

Host + SCA

CIS/SBOM

OS hardening · dependencies

All stages feed findings into the same unified dashboard — filter by scan type, assign to team members, and track remediation without switching tools.

Which features are on which plan?

Every capability above is included on the listed tier and all tiers above it.

Feature availability by plan tier
Feature	Starter	Pro	Business	Enterprise
DAST Web & API Scanning	✓	✓	✓	✓
Container & K8s Scanning	✓	✓	✓	✓
Dependency Scanning / SCA	✓	✓	✓	✓
IaC Scanning (lite: Terraform + CF)	✓	✓	✓	✓
IaC Scanning (full: all frameworks)	—	✓	✓	✓
SAST (Semgrep OWASP pack)	—	✓	✓	✓
Cloud Audit (AWS/Azure/GCP)	—	✓	✓	✓
Host & Configuration Scanning	—	✓	✓	✓
Scheduled Scans	—	✓	✓	✓
Remediation Wizards	—	✓	✓	✓
IaC ↔ Cloud Drift Detection	—	—	✓	✓
Team Workspaces (up to 10 users)	—	—	✓	✓
Admin / Member RBAC	—	—	✓	✓
Compliance-Oriented Reports	—	—	✓	✓
Audit Logs & Custom Rules	—	—	✓	✓
Unlimited Teams	—	—	—	✓
SSO / SAML	—	—	—	✓
Managed Alerts	—	—	—	✓
GSA / FedRAMP documentation	—	—	—	✓

View Full Pricing Start Free Trial Upgrade for Teams →

Ready to prevent breaches pre-deploy?

14-day free trial — no credit card required. IaC scanning, SAST, DAST, containers, and SCA from day one. Upgrade to Business to collaborate with your team.

Start Free Trial Upgrade for Teams Compare Plans Contact Sales