Documentation

Scans And Depths

Understand how depth selection changes coverage breadth, runtime, and operational confidence.

Who This Topic Is For

Operators deciding which level of scan coverage to run for a target and change window.

Before You Start

Use this checklist to make sure the workflow guidance applies cleanly to your current task.

  • Target scope and release context are known.
  • You understand whether this is a fast check or a release-gating decision.
  • You know if the run must be tracked in an account-backed workflow.
  • You know whether you are evaluating a website target or importing an API specification.

Step-By-Step Guidance

Follow these steps in order for a reliable and repeatable outcome.

  1. Map business urgency to validation confidence.

    Fast triage can start with Quick. Production readiness and broader risk checks should use Standard or deeper.

  2. Choose depth intentionally.

    Use Quick for baseline checks, Standard for default production review, Deep for higher-risk windows, and Comprehensive for widest automated coverage where account-backed continuity matters. Keep public tool-suite quick/comprehensive modes separate in your mind from full platform scan-depth choices.

  3. Treat API spec scanning as a separate workflow.

    API Spec Scan is not another depth option for website crawling. It is a dedicated workflow for importing OpenAPI, Swagger, or Postman JSON so Vulnify can build endpoint inventory, run deterministic API checks, and optionally layer headless crawl enrichment where relevant.

  4. Run, compare, and adjust.

    If findings are incomplete for decision confidence, rerun at a deeper tier. Keep historical comparison to track posture improvements over time.

Validation Checklist

Use this checklist to confirm the workflow was completed correctly.

  • Quick Scan: ~2-3 minutes | ~40 checks | $4.50
  • Standard Scan: ~5-7 minutes | ~80 checks | $9.00
  • Deep Scan: ~12-15 minutes | ~120 checks | $18.00
  • Comprehensive Scan: ~15-20 minutes | ~140+ checks | $36.00

Common Problems And Fixes

If something does not match expectation, check these common failure modes first.

Common failure mode

Depth mismatch with release risk

Increase depth when release context or external exposure risk justifies broader validation before deployment.

Common failure mode

Confusing tool checks with platform depth

Public tools, platform-specific profiles, and the one-domain tool suite solve different workflow problems. Depth selection applies to broader scan workflows, while public tool quick/comprehensive modes and stack presets are part of the tool experience.

Common failure mode

Expecting Quick, Standard, Deep, or Comprehensive inside API spec import

API Spec Scan uses its own import workflow rather than website depth labels. Choose the API spec path when you need specification-driven endpoint review, then use website scan depths separately for browser-facing surface validation.

Related Pages

Use these links to continue your workflow without losing context.

Getting Started

Open Getting Started to continue this workflow.

Reports And Exports

Open Reports And Exports to continue this workflow.

Pricing

Open Pricing to continue this workflow.

Help: Running Scans

Open Help: Running Scans to continue this workflow.

Scans And Depths FAQs

Yes. Standard is the default production-oriented option and is often the best first run when broader confidence is needed.

Next Recommended Action

Continue to the best next page based on where you are in your workflow.