ShakerScanRun Public DAST Preview

Public DAST Preview

Run a public DAST preview before you wire the gate into CI.

Use the unauthenticated preview to test an authorized public web or API target, review evidence, and understand the release decision loop. Logged-in workspaces can also run Shaker-owned unsafe and safe AI Gate demo targets.

Run Public DAST PreviewTry AI Gate demo

Sample gate decision

allow

Preview passed current policy

No policy-blocking findings were detected in the configured scope. The paid gate path can verify the same class of decision in CI.

target:https://preview.example.com
scan profile:public-preview
policy:preview-basic
evidence:redacted report summary
1

Submit an authorized public web or API target.

2

ShakerScan runs a bounded DAST preview and records evidence.

3

Review findings, scope, limitations, and the resulting decision.

4

Create a workspace to run AI Gate demos, save evidence, install the GitHub App, or add a real target.

Why ShakerScan

The output is a release control, not just a report.

ShakerScan is built around release evidence: a tested target, a policy result, a verifier command, and an approval path when risk needs human review.

Bounded public DAST

The unauthenticated preview runs a lightweight DAST pass against an authorized public web or API target, not arbitrary AI Gate scans.

Redacted report evidence

Preview reports show findings, scope, limitations, and a decision summary without exposing private workspace artifacts.

Clear upgrade path

Create a workspace to run unsafe and safe AI demos, save evidence history, install the GitHub App, and add real gate targets.

Checklist

Before you scan

Confirm you own or are authorized to test the target.

Prefer staging or preview targets for first runs.

Avoid destructive checks unless you explicitly approve them.

Use the report to decide whether the target should become a CI gate.

Use logged-in AI Gate demos for AI allow/block examples; the public unauthenticated preview is DAST-oriented.

Limitations

What this page does not claim

ShakerScan does not replace human security review, threat modeling, or a scoped penetration test.

AI Gate decisions depend on the configured target, probe pack, policy, scan profile, and available evidence.

Production targets require authorization, safe scope, rate limits, and operational approval.

FAQ

Is ShakerScan an AI pentesting replacement?

No. ShakerScan is a verifiable security gate for release workflows. It complements deeper manual testing by producing repeatable runtime evidence and CI-verifiable allow, block, or needs_approval decisions.

Can ShakerScan scan any target?

No. Targets must be owned by the customer or explicitly authorized. Production scans should use safe profiles, rate limits, and defined scope.

Does Free Preview run arbitrary AI Gate scans?

No. The public unauthenticated scan is DAST-oriented. Logged-in workspaces can run Shaker-owned unsafe and safe AI Gate demo targets, while general saved or inline AI target scans require the appropriate AI Gate entitlement.