Pentesting

Starting a Pentest

How to initiate a pentest, choose a pentest package, and understand what each package means for depth and runtime.

Initiating a Pentest

  1. Navigate to the target you want to pentest.
  2. Click Start Pentest.
  3. Select a pentest package (see below).
  4. Optionally configure advanced settings, with credentials stored in your runner-local auth file.
  5. Click Confirm.

The pentest is added to the self-hosted runner job queue and begins when an eligible runner claims it. You can monitor status from the target detail page or the Pentests list.

Pentest Packages

Pentest packages control the depth of analysis, the number of tests performed, and the runtime profile:

  • Demo / First Check — controlled demo or eligible first self-hosted check.
  • Quick Check — fast security review covering common vulnerability classes.
  • Launch Review — balanced launch-readiness review across major attack vectors.
  • Full Pentest — deeper authenticated, API, and business-logic assessment.
  • Compliance Evidence — maximum-depth assessment with the strongest report and retest evidence.

Deeper packages give agents more time and token budget to reason about the application, resulting in broader coverage and more complex findings.

What Happens After You Click Confirm

  1. License check — APVISO verifies your self-hosted license, target allowance, runner heartbeat, and concurrency.
  2. Runner job — APVISO creates a pending_runner scan job.
  3. Runner preflight — your runner checks Docker, BYOK provider credentials, image digest/signature, and target reachability.
  4. Execution — your runner launches the scan image locally; four AI agents stream findings to your dashboard in real time.
  5. Completion — the reporter agent produces the final report and the pentest status moves to completed.

Concurrent Pentests

The number of pentests you can run simultaneously depends on your tier and configured runner concurrency:

  • Pay per pentest — 1 concurrent pentest, with no subscription and no monthly start cap; you pay $19 per pentest (fully refunded if a pentest finds nothing or errors out).
  • Launch — 3 concurrent pentests with unlimited scans.
  • Team — 10 concurrent pentests.
  • Enterprise — custom limits through sales-managed terms.

If you exceed your concurrent limit, additional pentests remain pending until runner capacity opens.

Back to Knowledge Base