Technology stack and risk signals

Response headers, public HTML markers, meta generator tags, and script/style URLs.

Framework and platform hints such as Next.js, Shopify, WordPress, Cloudflare, Vercel, nginx, Apache, and PHP.

Exposed client-library versions where public assets reveal them.

Security-header posture such as HSTS and Content-Security-Policy on sampled HTTPS responses.

Optional cached enrichment from OSV.dev, CISA KEV, FIRST EPSS, and endoflife.date when enabled.

High-severity exposed-version findings require deterministic public evidence.

Unknown versions are shown as context, not as version-specific vulnerability claims.

AI-assisted review, when enabled later, must not be the sole source for critical findings.

Evidence is bounded and sensitive headers such as cookies and authorization values are redacted.

Run an on-demand scan from the Technology tab when a team has changed frameworks or frontend bundles.

Keep automatic scans enabled for client sites where stack drift or exposed old assets matter.

Disable scans per site if the customer does not want technology posture checks.

Crawle stores the current profile and finding history so agents and reports can reference it later.

Critical and high deterministic findings can notify in real time.

Warnings can roll into daily digests according to the workspace alert policy.

Weekly reports include stack context and top open technology findings.

CSV and JSON exports are available with finding state, severity, evidence, and advisory IDs.

Grant technology:read so agents can summarize stack context and open findings.

Grant technology:write only when agents should run scans, acknowledge findings, or update scan settings.

Ask agents to separate deterministic findings from general hardening recommendations.

Keep workspace context explicit when an account has multiple client workspaces.