This integration is configured through the Invicti ASPM product.
Infrastructure overview
What is infrastructure scanning?
Infrastructure scanning identifies vulnerabilities in running infrastructure, including servers, network devices, operating systems, and cloud resources. Unlike IaC scanning (which checks configuration files before deployment), infrastructure scanning assesses the actual state of deployed systems to find known vulnerabilities, missing patches, and misconfigurations.
Invicti AppSec Core includes a preconfigured Invicti SCA scanner that is automatically activated with your package. The integrations on this page are for teams using Invicti ASPM who want to connect their own SCA tools instead. See AppSec Core scanners overview for details on the built-in scanner.
How it works
Infrastructure scanners connect to your environment and assess running systems by:
- Vulnerability assessment — scans hosts and network devices for known CVEs, missing patches, and outdated software.
- Configuration auditing — checks system configurations against security benchmarks and hardening standards.
- Network scanning — discovers open ports, exposed services, and network-level vulnerabilities.
- Compliance checks — evaluates infrastructure against frameworks such as CIS Benchmarks, PCI DSS, and NIST.
What it can discover
Infrastructure scanning detects risks across the following categories:
| Category | Examples |
|---|---|
| Missing patches | Unpatched operating systems, outdated software with known CVEs |
| Exposed services | Open ports, unnecessary services running, publicly accessible management interfaces |
| Configuration weaknesses | Default credentials, weak encryption settings, disabled security features |
| Network vulnerabilities | Unencrypted protocols, insecure DNS configurations, weak firewall rules |
| Compliance gaps | Deviations from CIS Benchmarks, PCI DSS, HIPAA, and other standards |
Infrastructure scanning vs. CSPM
Infrastructure scanning and CSPM are complementary but distinct:
| Infrastructure scanning | CSPM | |
|---|---|---|
| Target | Running hosts, servers, network devices | Cloud service configurations |
| Approach | Active vulnerability scanning | Continuous configuration assessment |
| Use case | Find CVEs and missing patches on deployed systems | Find misconfigurations in cloud resources |
For cloud infrastructure coverage, consider using both infrastructure scanning and CSPM integrations together.
Supported infrastructure scanning tools
The following infrastructure scanning integrations are available through Invicti ASPM:
| Tool | Focus |
|---|---|
| Nessus Professional | Vulnerability assessment and compliance auditing |
| Tenable.io VM | Cloud-based vulnerability management |
| Tenable.sc | On-premise vulnerability management |
| Qualys VMDR | Vulnerability management and compliance |
| Rapid7 InsightVM | Vulnerability assessment and risk prioritization |
| Rapid7 InsightVM Cloud | Cloud-based vulnerability management |
| Rapid7 Nexpose | On-premise vulnerability management |
| Lacework Infra | Cloud infrastructure security |
| CrowdStrike Infra | Endpoint and infrastructure security |
Need help?
The Invicti Support team is ready to provide technical assistance. Go to Help Center