NullSquare
referencebeginnerReviewed May 18, 2026

Reference

The lookup page for everything you might need to recognize in the UI — statuses, supported providers, role boundaries, plan limits.

This is the lookup page. Statuses you might see in the UI, the integration providers currently supported, the boundaries between roles, and the limits the plan layer enforces — all written densely so you can scan instead of read.

For narrative explanations of any of these, follow the related article links at the bottom.

Status labels you might see

  • Run — queued, running, paused, completed, failed, cancelled.
  • Pause reason — approval (Safe Mode), manual, credits, runner unavailable, system.
  • Asset — candidate, validated, managed.
  • Finding validation — unvalidated, under review, validated, false positive, inconclusive.
  • Finding lifecycle — open, in remediation, retest requested, resolved, accepted risk.
  • Runner — online, busy, offline, quarantined.
  • Automation — active, paused, archived.
  • Compliance control — covered, partial, gap, accepted risk, out of scope.

Supported target types

  • Public domain — e.g., example.com, app.example.com. Cloud execution. DNS or HTTP verification.
  • Public host — fully-qualified hostname or IPv4/IPv6 address with public reachability. Cloud execution. Verification when applicable.
  • Public CIDR — public address range. Cloud execution. May require admin review for large ranges.
  • Internal CIDR — RFC1918, link-local, or other private ranges. Private runner execution only. Customer-owned authorization.
  • Internal host — single internal hostname or IP. Private runner execution.

Supported access material types

  • Login credentials — username and password, optionally with a login-flow description.
  • Bearer tokens — Authorization: Bearer ... headers.
  • Custom headers — arbitrary key/value pairs.
  • Cookie sessions — captured session cookies for cookie-based auth.

Supported integration providers

  • GitHub — repository sync, white-box context, PR review, branch protection evidence.
  • Microsoft Entra — identity posture evidence sync.
  • Google Workspace — identity posture evidence sync.
  • Coming — Slack notifications, Jira ticket sync, additional identity and source providers.

Supported compliance frameworks

Framework selection is per-organization in Settings → Organization. The currently supported set is shown in the picker.

  • SOC 2 (Type I and Type II readiness).
  • ISO 27001.
  • PCI DSS.
  • NIST CSF.
  • Additional frameworks are added over time; the picker is the source of truth.

Roles and permissions

  • Owner — full control of the organization, including billing and ownership transfer. One per organization.
  • Admin — manages organization settings, members, integrations, runners, and billing.
  • Lead — manages scopes, runs, automations, repository mappings, and evidence review.
  • Member — triages assigned findings and reviews run outputs.

Plan limits at a glance

Specific numbers vary by plan. Open Settings → Billing or the Pricing page for current values.

  • Concurrent runs — how many assessments can execute simultaneously.
  • Active scopes — how many scopes can exist in parallel.
  • Automations — whether automations are enabled and any per-org cap.
  • Private runners — whether private runners are included and how many can be deployed.
  • Members — how many users the organization may invite.

Related articles