Mastering
VU Scanner
Your comprehensive guide to the platform's capabilities. Learn how to interpret security metrics, leverage AI for remediation, and configure advanced scanning modules.
SAST (Static Application Security Testing)
Analyze your source code for logic flaws, injection vulnerabilities, and hardcoded secrets without executing the code.
Engine
Advanced Static Analysis.
Visualization
Code snippet highlighting and data flow traces.
Linting
Security best-practice enforcement.
DAST (Dynamic Analysis)
Dynamic Application Security Testing interacts with your running application to find vulnerabilities like XSS, SQL Injection, and misconfigurations.
How it works
We launch a headless browser and proxy to fuzz your endpoints.
Best for
Finding runtime bugs in web apps and APIs.
Key Capabilities
OWASP Top 10 coverage, Auth testing, API fuzzing.
SCA (Dependency Analysis)
Software Composition Analysis scans your package manifests (package.json, requirements.txt) to find known vulnerabilities in open-source libraries.
Supported Ecosystems
NPM (Node), PyPI (Python), Maven (Java), RubyGems.
Database
Google OSV, GitHub Advisory, NVD.
Auto-Fix
AI suggests non-breaking version upgrades.
Container Security
Scans Docker images and OCI archives for OS-level vulnerabilities (CVEs) in packages like curl, openssl, and glibc.
Scanners
Industry-standard scanners.
Layers
Analyzes base images and application layers separately.
Registries
DockerHub, ACR, ECR, GCR support.
IaC (Infrastructure as Code)
Scans Terraform, Kubernetes, and CloudFormation files to detect misconfigurations before they are deployed to the cloud.
Policy Engine
Policy-as-Code Engine.
Rules
Checks for public buckets, unencrypted databases, loose IAM roles.
Shift Left
Catch issues in PRs before merge.