Supported Scans
DeepTraQ supports multiple security scanning modules designed to identify vulnerabilities across infrastructure, applications, source code, and cloud environments. Each module integrates specialized security engines to provide comprehensive coverage.
Network Perimeter Scanning
Network perimeter scanning identifies exposed services, open ports, and infrastructure vulnerabilities on publicly accessible assets.
Capabilities
- Port discovery
- Service detection
- Vulnerability identification on exposed services
- Detection of misconfigured or outdated network services
Scanning Engines
| Engine | Purpose |
|---|---|
| OpenVAS | Infrastructure vulnerability scanning |
| Nmap | Port scanning and service detection |
| Nuclei | Template-based vulnerability scanning |
Supported Targets
- Public IP addresses
- Public hostnames
Web Application Scanning
Web application scanning detects vulnerabilities in web applications, APIs, and web services.
Capabilities
- Authenticated web application scanning
- Unauthenticated web application scanning
- API testing
- Automated vulnerability detection
Scanning Engines
| Engine | Purpose |
|---|---|
| ZAP | Authenticated and unauthenticated web application scanning |
| OpenAPI Fuzzer | API fuzzing and endpoint testing |
| Nuclei | Web vulnerability detection using security templates |
Supported Targets
- Web applications
- REST APIs
- OpenAPI-based services
Code Scanning
Code scanning analyzes application source code and dependencies to identify security issues, secrets, and vulnerable libraries.
Capabilities
- Secret detection in source code
- Infrastructure as Code (IaC) security checks
- Dependency vulnerability scanning
- Static code vulnerability analysis
Scanning Engines
| Engine | Purpose |
|---|---|
| Gitleaks | Secret scanning |
| KICS | Infrastructure as Code security scanning |
| OSV Scanner | Open-source dependency vulnerability detection |
| DeepTraQ Code Engine | Proprietary code vulnerability detection |
CSPM (Cloud Security Posture Management)
CSPM scans cloud environments to identify security misconfigurations and compliance violations.
Capabilities
- Cloud configuration auditing
- Security posture assessment
- Detection of insecure cloud settings
Scanning Engine
| Engine | Purpose |
|---|---|
| Prowler | Cloud configuration auditing and security checks |
Supported Cloud Providers
- AWS
- Microsoft Azure
- Google Cloud Platform
- Oracle Cloud
Cloud Workload Scanning
Cloud workload scanning identifies vulnerabilities in virtual machines running in cloud environments.
DeepTraQ synchronizes virtual machine inventories from cloud providers and performs vulnerability scanning as part of infrastructure assessments.
Capabilities
- Automatic virtual machine discovery
- Infrastructure vulnerability scanning
- Unified vulnerability reporting
Supported Cloud Providers
- AWS
- Azure
- Google Cloud Platform
Limitations
| Area | Limitation |
|---|---|
| Cloud workload sync | Currently only virtual machines can be synchronized from cloud providers. |
| Web application scanning | HAR file support for deep API discovery in SPA applications is not available yet. |
| Code scanning | C++ is not currently supported. |
| CI/CD integration | Direct CI/CD pipeline integrations are not available yet. |
| Local scanning | Local agents for scanning internal networks or development environments are not available yet. |