Targets & Scope

Adding Pentest Targets

How to add a domain or IP address as a pentest target, including validation rules and what happens after creation.

What Is a Target?

A target is the domain name, IP address, internal hostname, or local URL you want APVISO to test through your self-hosted runner.

Adding a Target

  1. Navigate to Targets in the left sidebar.
  2. Click Add Target.
  3. Enter the target (e.g., app.example.com or http://localhost:3000).
  4. Choose the correct visibility for public, staging, private/internal, localhost, or partner-client scope.
  5. Click Save.

Validation Rules

APVISO enforces rules based on target visibility:

  • Public targets must not be internal or loopback addresses and must resolve to public IP addresses.
  • Private/internal and localhost targets are allowed for self-hosted runners that can reach those environments.
  • Partner-client targets require a partner plan and a partner client record.
  • Duplicate check — you cannot add the same target twice within your organization.

What Happens After Adding

The target is ready for self-hosted pentesting once an eligible runner can reach it. Authenticated pentesting credentials are configured on the runner host with APVISO_TARGET_AUTH_CONFIG_FILE; they are not entered in the APVISO dashboard.

Editing and Removing Targets

Click a target to open its detail page. From there you can:

  • Review runner-local authentication setup guidance.
  • Adjust governance settings.
  • Delete the target if it has no pentest history.

Target Limits

Each self-hosted plan includes a maximum number of targets:

  • Pay per pentest — up to 3 active targets.
  • Launch — up to 10 targets.
  • Team — up to 25 targets.
  • Partner and Enterprise — custom or unlimited target limits by agreement.

If you reach your limit, remove an existing target or upgrade your plan to add more.

Back to Knowledge Base