Your First Scan
This guide walks through running a complete scan and interpreting the results.
Choosing your detectors
You don't have to run all detectors on every scan. Choose based on what you're trying to validate:
| Goal | Recommended detectors |
|---|---|
| Accessibility audit | accessibility |
| Security review | security |
| AI integration readiness | ai_readiness |
| Full risk baseline | All three |
| CI/CD gate | security (at minimum) |
Running a scan via the dashboard
- Open your project in the dashboard
- Click New Scan
- Select your detectors
- Click Run Scan
The scan status updates in real time. Most scans complete within 1–3 minutes depending on the target size.
Running a scan via API
curl -X POST https://api.ariftly.io/v1/projects/{project_id}/scans \
-H "Authorization: Bearer $ARIFTLY_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"detectors": ["accessibility", "security"]
}'
Understanding the results
A completed scan returns a risk report with:
Overall risk score
A number from 0 to 100:
| Score | Level | Meaning |
|---|---|---|
| 0–25 | 🟢 Low | Minimal issues found |
| 26–50 | 🟡 Medium | Notable issues requiring attention |
| 51–75 | 🟠 High | Significant risk, prioritize remediation |
| 76–100 | 🔴 Critical | Immediate action required |
A higher score means more risk. The goal is to drive it toward 0.
Per-detector breakdown
Each detector reports independently with its own score, issue count, and findings list. See the individual detector docs for details on what each one checks:
Issue severity
Every issue has a severity:
| Severity | Description |
|---|---|
| Critical | Must fix immediately — direct security or compliance breach |
| High | Fix in the current sprint |
| Medium | Schedule for upcoming work |
| Low | Best practice or minor improvement |
| Info | Informational, no action required |
Next steps
- Set up webhooks to get notified when scans complete
- Add to CI/CD to scan on every pull request
- Understand risk scoring in depth