WASViking Docs
⌘K
Getting Started

Activate your modules

One checklist that takes your organization from the first scan to every purchased module running, with the portal path and the verification step for each.

Your first scan proves the platform works. This page covers everything after that: each WASViking® module, where to turn it on, and how to confirm it is producing results. Work top to bottom; every row links to the page with the full detail.

You need the Admin role for most of the steps below. Module availability depends on your plan; anything your plan does not include appears locked in the portal.

Runs on every scan, nothing to switch on

These capabilities are part of the scan engine itself. If your first scan completed, they are already active.

Module Where results appear Detail
External DAST Findings and the scan report. External DAST
Modern API Security (GraphQL, SOAP, WebSocket, JWT) Findings, when the scan profile covers APIs. Modern API Security
Out-of-Band Validation (OAST) Inventory → Out-of-Band (OAST), plus the findings it confirms. Out-of-Band Validation
Component detection (cloud side) Inventory → Software Bill of Materials. Software Supply Chain
Sensitive port baseline Findings, category exposed_port. Sensitive Port Monitoring
Exploit Paths Exploit Paths page, once findings exist. Exploit Path Graph
Compliance mapping The Compliance tab on every scan report. Framework mapping

To widen API coverage, pick the right scan profile (api_jwt for REST, GraphQL, and JWT work; soap for SOAP services) and attach your OpenAPI or WSDL document to the target. See Scan profiles and templates.

Switch on per asset or per domain

Module Turn it on Confirm it works
Certificate Monitoring Assets Inventory → Add New Asset (or edit an existing asset) and toggle Monitor SSL. Alert thresholds live under Settings → System Settings → Notifications & Alerts. The asset appears under Certificates → Certificate Monitoring with a Last Checked timestamp. Detail
Exposure Intelligence Settings → System Settings → Add Monitored Domain, then complete the consent checkboxes and the DNS TXT verification. The domain shows as verified and matches surface under Cyber Risk → Exposure Intelligence. Detail
Edge Threat Radar Connect your Cloudflare zone following the Cloudflare integration guide. Events appear on the Edge Intelligence dashboard within a few polling cycles. Detail
Custom sensitive ports Settings → System Settings → Notifications & Alerts, add your ports to the monitored list. The next scan raises findings for any of those ports found open. Detail

Deploy something on your side

These modules need a component running inside your environment.

Module Turn it on Confirm it works
Internal scanning (Sentinel agent) Register an agent in the portal and install it on a host that can reach your internal targets. Follow WASViking Sentinel Tunnel. The agent shows Active on the Sentinel Agents page, and an internal target scan completes. Detail
SBOM from your repositories Run wasviking-sentinel sbom against your projects and submit. Submissions appear under Inventory → Software Bill of Materials.
Hard-coded secrets on disk Run wasviking-sentinel secrets against your repositories. Submissions appear under Inventory → Secrets, with verified-live flags where applicable. Detail
CI/CD gates (DAST, SCA, secrets) Add the binary to your pipeline. Start from wasviking-sentinel in CI/CD, or use the GitHub recipes for DAST and SCA, SBOM and secrets. The pipeline run exits with the documented gate codes and the results land in the portal.
AI Guardian on employee devices Follow Set up WASViking AI Guardian: enable the feature, mint the install key, run the installer per device. Devices report under Cyber Risk → AI Guardian and a test event is classified. Detail

Watch what you shipped

Once SBOMs are flowing, two supply chain layers start working for you.

Module Turn it on Confirm it works
Supply Chain Intel Nothing to configure. Every submitted SBOM is re-checked daily against new advisories (Pro plan and above). Matches appear under Inventory → Supply Chain Intel. Detail
Supply-chain IOC Inventory → SBOM → Supply-chain IOC: enter an indicator, dry-run, then apply. The dry-run preview lists affected components before any finding is created. Detail

Automate the operation

What Where Detail
Alert routing Create channels first: Slack, Teams, email, or webhook. Notification Channels
Recurring scans Scans → Scan Schedules: pick a target, a template, and a cadence. Scan Schedules
Autonomous planning Scans → AI Scan Planner: turn on the Enabled toggle and review the daily decisions. AI Scan Planner
Ticketing Connect Jira for two-way finding sync. Jira
SIEM and automation Ship events to your SIEM or your own consumers. SIEM, Webhooks
Single sign-on Enforce your identity provider for portal access. SAML 2.0 SSO

Prove it

When an auditor, a customer, or a prospect asks for evidence, three surfaces answer without giving anyone portal access:

  • The Compliance tab and PDF report per scan, mapped across PCI DSS, LGPD, GDPR, BACEN, and ISO 27001. See Framework mapping.
  • A read-only snapshot of your posture via a Posture Share. The click-by-click flow is in Posture Shares; the recipient visibility contract lives in the reference page.
  • A signed, verifiable SBOM Evidence Bundle. The click-by-click flow is in SBOM Evidence Bundles; the package contents and verification live in SBOM Evidence Bundle.

Where next