Assets 0
Scans 0
Findings 0
Critical / High / Medium / Low 0 / 0 / 0 / 0

Get started

Let's connect your site to the platform

A short three-step guide: tell us your site, confirm you're authorized, prove ownership. Then you can scan.

  1. 1 Paste your site URL and give it a name
  2. 2 Confirm you're authorized to assess it
  3. 3 Add a DNS record or upload a small file to prove ownership

Authorized Scan

Queue a security assessment

Controls which tools and modes are allowed to run — gated by verification status.

Select an asset and scanner. Unavailable tools stay visible so you can tell what still needs to be installed.

Safe Validation

Run an authorized validation check

Assets

Inventory and verification state

Tracks verified ownership and the legal scan boundary for each target hostname.

Select any row to open asset detail and verification instructions.

Asset Scope Verification Latest Scan Scanner Findings

Asset Detail

Verified asset and scope controls

🔒

Select an asset from the table to view its verification status, ownership proof instructions, and scan controls.

Verified assets unlock quick and full scan modes.

OWASP ZAP

Import a JSON report

Ingests findings from an external ZAP scan — labeled as imported, not natively observed.

Authentication

Auth profiles

Credential sets used to reach authenticated surfaces — requires a verified asset before attachment.

Authentication

Create an auth profile

Authorized Scans

Scan history & status

Full operational audit trail of every scan job — status, runtime, findings count, and change-tracking across runs.

Search Findings

Drill into individual findings

Filter across every scan by asset, severity, remediation status, or keyword.

Remediation Tasks

Open work across every asset

Every open, in-progress, or regressed finding shows up here. Update status without leaving the table.

Active Defense

Protection & attack visibility

SiteWatch's in-process defense engine blocks brute-force, scanner UAs, and path probing on this control plane in real time. Per-asset protection flags below are informational — toggle them on once you've installed CrowdSec / Cloudflare / a WAF on the asset itself.

Active blocks

IPs the engine is currently rejecting. Admins can release.

Recent events

Last 20 detections — blocked or low-severity flags.

Top source IPs (24h)

Top reasons (24h)

Recommendations from your findings

Concrete protection actions derived from open findings across all assets.

Manual block

Add an IP to the blocklist. Useful for known abusers.

Security Proof

Trust scorecard & client-shareable snapshot

A decision-maker view of your security posture: an overall A–F grade, a compliance-style summary, a 7-day rollup, and a clean snapshot you can share with a client without leaking technical detail.

Compliance summary

Each category is PASS / WARNING / FAIL based on what's currently open.

Weekly summary

What changed in the last 7 days.

Per-asset trust

Pick an asset to capture a snapshot or generate a public, client-safe share link.

Remediation Report

Security assessment findings, outputs, and exports

Translates raw scan output into prioritized guidance — and into client-ready deliverables.

📋

Select a completed scan from the list above to load its full report, findings breakdown, and comparison diff.

Use "Generate Client Report" to transform any scan into a shareable, professional deliverable.

Scan Schedules

Recurring assessments

Set up automatic scan scheduling for continuous security monitoring of your assets.

Active Schedules

Manage recurring scans

Security Alerts

Finding changes and notifications

Tracks new findings detected and previously reported findings that are now resolved.

Ticketing Integrations

Connect to your issue tracker

Link findings to Jira or GitHub Issues to track remediation work. Tokens are stored server-side and never exposed to the browser.

Notification Channels

Alert delivery

Send alerts to Slack, Microsoft Teams, or a custom webhook when critical findings are detected, findings are resolved, or scans fail.