Frequently Asked Questions
General
What is Ariftly?
Ariftly is a unified risk engine that combines accessibility, security, and AI readiness scanning into a single platform. Instead of managing separate tools for each risk domain, Ariftly gives you one API, one dashboard, and one risk score.
Do I need to install anything?
No. Ariftly is a fully managed SaaS platform. All scanning runs in Ariftly's infrastructure. You integrate via API, SDK, or CI/CD plugins — no agents or daemons required.
What types of applications can Ariftly scan?
- Web applications — any publicly or privately accessible URL
- Source code repositories — GitHub, GitLab (via access token)
- APIs — REST and GraphQL endpoints
How long does a scan take?
Scan times depend on the target size and detectors selected:
| Target size | Typical duration |
|---|---|
| Small (1–10 pages) | 30–60 seconds |
| Medium (10–50 pages) | 1–3 minutes |
| Large (50–200 pages) | 3–10 minutes |
| Repository scan | 1–5 minutes |
Running all three detectors simultaneously does not significantly increase scan time since they run in parallel.
Pricing & Plans
Is there a free tier?
Yes. The Starter plan includes a limited number of scans per month at no cost. See ariftly.io/pricing for current details.
Can I run scans on multiple projects?
Yes. All paid plans support multiple projects. The number of projects and scan frequency depends on your plan.
Security
Is my data secure?
Yes. Ariftly:
- Encrypts all data in transit (TLS 1.2+) and at rest (AES-256)
- Does not store your application's source code beyond the duration of the scan
- Provides SOC 2 Type II attestation (contact us for the report)
Does Ariftly modify my application?
No. Passive scans read-only. Active security scans (disabled by default) send test payloads, but these are non-destructive probes.
Can I run Ariftly on a private/internal application?
Yes, for repository scans (using a deploy key). URL scans require the target to be accessible from Ariftly's scan infrastructure. For fully air-gapped environments, contact us about an on-premises deployment option.
Detectors
Can I add my own custom rules?
Custom rule support is on the roadmap. Today you can exclude specific built-in rules using the rules.exclude option in detector configuration.
How up-to-date is the CVE database for the security scan?
The security scanner's CVE database is synchronized daily from NVD, GitHub Advisory Database, and OSV.
Does the accessibility scan work with single-page applications?
Yes. The accessibility scan uses a headless browser that fully executes JavaScript before analyzing the DOM, so React, Vue, Angular, and other SPA frameworks are supported.
Integrations
Which CI/CD platforms are supported?
Ariftly provides a native GitHub Actions integration. For all other CI platforms (GitLab CI, CircleCI, Jenkins, Bitbucket), use the REST API or the generic script in the CI/CD integration guide.
Can I export results to other tools?
Yes. Results can be exported in:
- SARIF (GitHub Code Scanning, VS Code)
- JSON (custom integrations)
- CSV (spreadsheets)
- PDF (reports)
Support
How do I get help?
- Documentation: you're already here
- Email: support@ariftly.io
- Dashboard: use the in-app chat widget
How do I report a false positive?
In the dashboard, click the ⋯ menu on any finding and select Mark as false positive. This suppresses the finding from future scans and sends feedback to improve the detection rules.