How to use vulnerability audit monitoring

Vulnerability audit monitoring performs safe passive security checks on tracked URLs and stores a remediation-ready report. It detects exposed files, outdated software fingerprints, misconfigurations, and XSS warning patterns.

How to enable and schedule vulnerability audit for a site

1. Open website settings: /site/view/{site_id}.
2. Enable weekly vulnerability audit.
3. Set Vulnerability audit run time in HH:MM format.
4. Save settings.

The scheduler checks run windows frequently, but each site is guarded by a weekly rule: one automatic vulnerability run at most every 7 days.

How to open vulnerability audit reports

1. Open your project and go to Tracked URLs.
2. Click Quick menu next to a URL.
3. Select Vulnerability audit for per-URL details.
4. Use the project-level Vulnerability audit page for site-wide summary.

What the report includes

• Score and grade (A–F)
• Severity counts (high / medium / low)
• Dangerous file findings (for example /.env, backup files, logs)
• Outdated software findings based on visible version fingerprints
• Misconfiguration findings (headers, methods, HTTPS policy, directory listing)
• XSS risk findings (reflected/DOM warning patterns and CSP hardening signals)
• Owner mapping with suggested actions for each team

How to use findings safely

• Prioritize all high-severity findings first.
• Assign each item by the Owner column (DevOps, Backend, Frontend, CMS owner).
• Apply the provided Fix guide and verify with Re-check now.
• Keep weekly schedule enabled to catch regressions after deployments.