Consent before checks
QScout Free starts only after requester authorization and business-email verification. The website snapshot is capped at the submitted domain and any verified same-domain public hosts.
Loading page content
Security and scan safety
Enterprise buyers can review how QScout separates the Free website snapshot, Surface/Silver/Gold assessment depth, Pulse continuity, governed artifacts, and procurement.
Frameworks mapped and Zoho Corporation-held inherited controls
QScout Free starts only after requester authorization and business-email verification. The website snapshot is capped at the submitted domain and any verified same-domain public hosts.
The browser path runs public HTTP, TLS, DNS, certificate, email-crypto, and observable exposure checks. It does not exploit, authenticate, enumerate private assets, or behave like Surface.
Raw findings, CBOM output, signed bundles, and privileged evidence stay in operator-led scoped assessment lanes after buyer approval.
Azure Marketplace is a governed procurement path after scope alignment, not a self-serve scan catalog or public rate card.
Assessment boundary
QScout Free stays browser-safe and capped. Surface, Silver, and Gold add all-domain public validation, credentials, and privileged evidence only when approved; QScout Pulse keeps the baseline current afterward.
24 public-surface modules across up to 10 total authorized same-domain public hosts.
All approved public domains and exposed assets, using consented unauthenticated external validation to check locks, doors, services, panels, cryptographic controls, and paths an outsider could use before credentials are introduced.
Surface plus approved credentials through application, source, build, dependency, authenticated workflow, and integration evidence.
Silver plus approved privileged infrastructure, runtime, telemetry, CBOM, cryptographic inventory, and governed evidence packaging.
Continuous cryptographic risk intelligence after a governed QScout baseline: scheduled reassessment, event-triggered updates, drift reporting, and exposure-regression monitoring.