Launch a Discovery Scan 

You can launch a new discovery scan from the Scan List tab. 

Discovery Scan 

When you scan a web application for the first time, it is recommended to run a discovery scan first. A discovery scan performs information-gathering checks (forms detected, external links found, and so on) and sensitive content checks.

 No vulnerability checks are performed in a discovery scan.

The discovery scan is a good way to learn where the scan will go and whether there are URIs to be added to exclude list for a vulnerability scan. 

To launch a discovery scan,  click New ScanDiscovery Scan, and perform the following steps

  1. Add basic details. See Launch Discovery Scan - Basic Information.
  2. Configure scan settings. See Launch Discovery Scan - Scan Settings.
  3. Review the settings defined and launch the scan. See Launch Discovery Scan - Review and Confirm.

Permissions

User roles and permissions determine whether users have WAS scan permissions. Several permissions groups are available for the WAS, including 3 groups for WAS scans — WAS Scan Permissions, WAS Schedule Permissions, and Scanner Appliance Permissions. For details, Scan permissions.

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: November, 2025