this document is for:
Deployment: Invicti Platform on-premises
Invicti Platform on-premises trustlist requirements
To ensure the proper functioning of internal agents and integrations, configure inbound and outbound traffic rules to allow access to the URLs specified in this document. Correctly configuring network access is a prerequisite for successful and accurate scans of your targets.
Registry access requirements
- Primary registry:
platform-registry.invicti.com(requires an active internet connection). - Additional sources: Some images are pulled from Docker Hub (
registry-1.docker.io). - Trustlist guidance for Docker: You can allow access to Docker Hub by following the Docker allowlist guide.
Inbound and outbound connections
| Scope | Source | Destination |
|---|---|---|
| Using Invicti Platform GUI | Your browser | IP address or URL of your Invicti Platform main installation on (default) port |
| Using Invicti Platform API | Your API client | IP address or URL of your Invicti Platform main installation on (default) port |
| DAST scans | The main installation scan engines | Your target |
| Zero configuration API discovery | The main installation scan engines | IP address/URL for your targets including ports being checked (the default port list is: 80, 81, 443, 3000, 5000, 7000, 8000, 8008, 8080, 8081, 8083, 8088, 8090, 8181, 8443, 8888) |
| Engine calls to the Invicti OOB service for out-of-band vulnerability checking | IP address of your Invicti Platform main installation | https://bxss.me |
| Engine calls to the safe browsing service | IP address of your Invicti Platform main installation or Invicti Internal Scanning Agent | https://sb.bxss.me (port 443) |
| Engine calls to the software composition analysis service | IP address of your Invicti Platform main installation or Invicti Internal Scanning Agent | sca.invicti.com |
| Invicti OOB S3 bucket for out-of-band vulnerability checking | IP address of your Invicti Platform main installation or Invicti Internal Scanning Agent | https://poll.bxss.me |
| Access Token for the Invicti Discovery Service | IP address of your Invicti Platform main installation | https://jwtsigner.invicti.com |
| API calls to the Invicti Discovery Service | IP address of your Invicti Platform main installation | https://discovery-service.invicti.com |
| Check for software updates | IP address of your Invicti Platform main installation | https://static-platform.invicti.com |
| License activation and license updates | IP address of your Invicti Platform main installation | https://activation.invicti.com |
| API discovery for Apigee API hub, Mulesoft, AWS API Gateway, etc | IP address of your Invicti Platform main installation | IP ranges or URLs for your target API integrations (including port number) |
| Using IAST |
| IP address or URL of your Invicti IAST Bridge. If using IAST Bridge in your installation the default port is 7880. If using online IAST bridge, https://iast.invicti.com |
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center
Was this page useful?