Scan
Pick where the code lives, what to scan it with, and start. Two flows below — pick one.
{{ mode_descriptions[mode] }}
{# ---- DAST safety banner: persistent, can't be dismissed within a session ---- #} {% if mode == 'dast' %}
These run alongside whichever mode you chose. manifest_validator and threat_model_check are policy gates (the latter applies to Tier 1/2 design-stage runs); intel_match cross-references manifest assets against the CVE/threat intel feeds. None require any operator action.