What types of licenses do we have?

Infrastructure licenses

This license allows users to scan targets (IP addresses, domain names and host names). These licenses are consumed when a scan (scheduled, ad-hoc or ETS) is carried out against an active target. These licenses are also used to scan internal devices.

Authentication licenses

The Authentication License can be used to conduct infrastructure scanning and – for targets that you have added one of more Authentications to – authenticated web-app scanning; allowing us to scan pages behind a login page.

The license permits many authentications on one target, which is very useful if you want to scan:

  • An application with different user types

  • An application with different permission levels

  • An IP address or domain hosting multiple applications

Authenticated web-app scanning is an add-on feature, available across all plans. For more information on Authentication licenses, please check the bottom of this page; and to learn more about Authenticated web-app scanning, either check out our blog, or Help Centre.

When are licenses assigned?

Infrastructure and Authentication licenses are assigned to external targets as soon as a scan (scheduled, ad-hoc or ETS) is carried out against an active target.

Licenses are ‘tentatively assigned’ to internal targets as soon as you link the agent and see it pop up on your target list. For that reason, you can only add as many internal targets as you have licenses available (which is different to how it works with external targets, please see above).

How long are licenses locked to a target?

License are deemed ‘in use’ for 30 days, only once those 30 days have elapsed is the license is released and available for use on another target.

Please note, deleting the target, cancelling the scan or removing authentications does not release the license. You can re-scan the same target(s) as many times as you like without using any additional licenses – it just resets the 30 days. Of course, if you have any questions about this or need any assistance, you’re more than welcome to reach out to a member of the team who will be happy to help.

How do I know if my target is consuming a license / has authentication provided?

The first icon shows that the target is consuming a license, the second indicates that authentication has been provided.

How do I know when my licenses are due for release?

Head to the targets page and click 'Licenses'. The ‘License release’ column is what you’re looking for.

Can I increase/decrease my license count?

We’ve written an article on exactly this topic, which you can find here.

How many licenses do I need to scan the same target internally and externally?

You would need two. The reason for this is because they scan from different perspectives: 

  • The external scan reveals what is directly accessible from the internet right now – this could be web-layer security problems; infrastructure weaknesses or security misconfigurations.

  • Whereas, the internal scan is useful for viewing the device from the perspective of an attacker who has bypassed perimeter defences (perhaps in the form of an email), and is able to exploit internal configuration weaknesses; missing patches and encryption weaknesses.

I need to add my web server as a target – should I use the hostname or IP address and how many licenses is that?

We have just the article for this, head here.


Questions about Authentication licenses

How do I add authentication to a target?

You can only add authentications to a target if you have an Authentication license available; instructions on how to add them can be found here.

Can I change from an Infrastructure license to an Authentication license?

If an Infrastructure license has been assigned to the target, but you want to run an authenticated scan, then you’ll need to make sure you have an Authentication license available. Once you have added the authentication and kicked off a scan, the regular license is released, and an authentication license is assigned.

What happens if I delete my authentications?
If you have scanned the target, the Authentication License will be released 30 days after you last scanned the target. If you haven’t scanned the target, the authentication license is released and is available for immediate use on another target.

Did this answer your question?