Large organizations manage a complex web of internet exposures, spanning subsidiaries, multi-cloud environments, and distributed deployments. Security teams need visibility, collaboration, and control to manage their digital footprint at scale.
With this launch, we’re introducing a suite of new enterprise-focused features: an improved free experience, streamlined onboarding, advanced reporting, and essential controls like SAML SSO and audit logs. These updates make it easier for enterprises to adopt ProjectDiscovery, collaborate together, and communicate risk effectively.
Our goal is simple: simple, actionable security at scale, so enterprises can stay ahead of their fast-evolving infrastructure and address risks the minute they emerge.
TL;DR
- New free experience – Sign up with a business email to unlock a monthly vulnerability scan of your organization’s assets.
- Improved onboarding – Automatically map your organization and subsidiaries to streamline asset discovery.
- Transparent and customizable reporting – Security scores, vulnerability trends, remediation tracking, and custom risk weighting (coming soon).
- Fine-tuned discovery and scanning – Granular filters, exclusions, and bulk asset management for customized workflows.
- Fixed and dedicated scan IPs – Whitelist scan traffic to prevent WAF blocks and ensure full assessment coverage.
- Enterprise access controls – SAML SSO, role-based access control (RBAC), audit logs, and multiple workspaces to meet security requirements.
- Trust Center – On-demand security documentation for faster vendor onboarding and compliance reviews.
If you’re ready to deploy ProjectDiscovery Cloud for the enterprise, contact us to get started.
New free experience for businesses
Security tools have long been locked behind sales meetings and paywalls. We’re taking a different approach to make security accessible, simple, and frictionless for teams of all sizes.
With our new free experience for businesses, teams can start getting real security insights without credit card or hopping on a sales call.
- Monthly vulnerability scans – Signing up with a business email unlocks a complimentary monthly vulnerability scan of all assets under your company’s domain. For example, if you sign up with john.smith@uber.com, we’ll automatically scan uber.com once a month for exploitable vulnerabilities or misconfigurations.
- Invite your team – Security is a team effort. Free users can now invite up to 10 team members to collaborate and view results.
- Streamlined onboarding – A new, improved onboarding experience designed to get your team up and running in minutes (see more below).
We believe security should be simple, accessible, and easy to adopt. This is just the beginning.
New onboarding for organizations
Getting started with a security platform should be effortless. We’ve redesigned our onboarding experience to help organizations set up their workspace quickly and start seeing value immediately.
- Automatic domain correlation – When users sign up with a business email, we automatically link their domain to their organization and pull in subsidiaries and related domains.
- Pre-scheduled vulnerability scans – A complimentary monthly vulnerability scan is automatically scheduled for the root email domain, with no limits on the number of assets in this scan.
- Email notifications by default – Users are now automatically notified when scan results are ready or when new exposures are detected.
These updates remove the friction of manual setup, so teams can spend less time configuring and more time securing their assets.
Advanced reporting
Security teams do more than just detect and fix vulnerabilities. They need to communicate their work to leadership and other stakeholders. We’re launching advanced reporting to help teams better showcase their organization’s security posture and track progress over time.
- Security score – A new overall security score factors open vulnerabilities, their severity, and the percentage of affected assets across an organization.
- Vulnerability totals over time – Track the total vulnerabilities and how this total is changing over time, helping teams visualize changes in risk posture
- Time to remediation – Measure remediation speed based on severity-based SLAs, ensuring that higher severity vulnerabilities are prioritized appropriately.
- Regression efficiency – Monitor the rate at which previously fixed vulnerabilities reappear, helping teams identify recurring security gaps.
- Transparent scoring engines – We’re tired of black-box security products too. Our scoring methodology is fully transparent. And soon, it will be customizable too — see below.
- Custom risk weighting (coming soon) – Teams will soon be able to customize how different risk factors are weighted, recognizing that every organization has unique threat models and risk tolerances.
Our goal with advanced reporting is to make it easier for teams to convey their current risk posture to leadership while also showcasing the hard work they put into securing their organizations.
Fine-tuned control for discovery and scanning workflows
The more complex an organization’s assets, the more control security teams need to ensure their workflows surface only the most relevant findings.
For many organizations, running our recommended templates across all assets is sufficient. But for larger enterprises with diverse infrastructures, tailored discovery and scanning workflows are essential. Unlike traditional scanners that operate as rigid, black box products, we’ve built ProjectDiscovery to provide full transparency and granular control over every step of the exposure management process.
- Precise filters — Apply fine-grained filters on discovered assets and save them as subgroups for targeted vulnerability scanning.
- Target and template exclusions — Exclude specific targets or Nuclei templates at both the scan level and workspace level to refine detection. This can be applied in Settings or directly in the results page
- Accepted risk and false positives — Mark findings as accepted risk or false positive to ensure risk scores accurately reflect real security threats.
With these capabilities, security teams can build customized, automated risk detection workflows that align with their organization’s unique needs—ensuring more relevant results and reducing unnecessary noise.
Fixed scan IPs for whitelisting
The high volume of network traffic generated by Nuclei scans can sometimes trigger security controls, causing SOCs to flag activity as suspicious. In some cases, WAFs may block our scan traffic entirely, preventing assessments from reaching their intended targets.
To address this, we now offer fixed scan IPs for enterprises that need to whitelist our traffic with their WAF, ensuring full scan coverage without disruptions.
- Fixed scan IPs – Allow organizations to whitelist ProjectDiscovery scan traffic from a group of static IPs, preventing WAF interference and ensuring complete asset assessments.
- Dedicated scan IPs – Available for organizations that require IP addresses exclusive to their use, providing an added layer of security and control.
Fixed and dedicated scan IPs are available in the Enterprise plan, giving security teams confidence that ProjectDiscovery Cloud can reach and assess all intended assets without obstruction.
Enterprise access controls
Enterprises have strict security, compliance, and access management requirements when adopting new solutions. To ensure ProjectDiscovery Cloud meets these standards, we’ve introduced key enterprise-grade controls that align with industry expectations.
- SAML SSO – Integrate with identity providers like Okta and Microsoft Entra to enforce corporate login policies, MFA, and automated user provisioning.
- Audit logs – Maintain a detailed activity log for compliance and internal security reviews. Logs track key actions like scan updates, data deletions, and configuration changes, with support for exporting logs to SIEM platforms.
- Role-based access control (RBAC) – Assign users to view-only, contributor, or admin roles, ensuring the right level of access without over-permissioning.
- Multiple workspaces – Large organizations can now separate environments by department, subsidiary, or region, keeping assets, scans, and reports organized based on team structures.
These updates ensure ProjectDiscovery Cloud meets the standard security and compliance requirements enterprises expect, making it easier for security teams to adopt and integrate into existing workflows.
Trust center for streamlined vendor onboarding
In the spirit of transparency, we now have a public Trust Center to simplify security reviews and vendor onboarding.
- Organizations can request access to download key security and compliance documents, including our latest SOC 2 report, security policies, and pentest report.
- A centralized hub for all security-related information, ensuring customers and partners have easy access to the documentation they need.
- Streamlines the vendor security review process, reducing back-and-forth and accelerating adoption for enterprises with strict compliance requirements.
By making this information readily available, we aim to build trust and remove friction for organizations evaluating ProjectDiscovery Cloud.
Wrapping up
As companies grow, so does the complexity: expanding asset sprawl, evolving threat surfaces, and increasing compliance requirements. With these new features, we’re ensuring ProjectDiscovery Cloud meets enterprise security standards while remaining easy to adopt at any scale.
We couldn’t have built this without the feedback and support of our users. If there’s something that would help streamline your workflows, we’d love to hear from you.
If you’re ready to deploy ProjectDiscovery Cloud at scale, contact us to get started.