Pencheff
PricingDocs ↗Sign inOpen an account

Infrastructure and assets

ASM and assets

Discovery, exposed services, subdomains, cloud edges, certificates, and drift.

Start freeSign in
ScopeSecurity Surfaces

Run web, API, code, dependency, cloud, AI, and internal-network assessments from one queue with unified findings, evidence, remediation, and audit output.

OutputUnified evidence

Findings, reports, dashboards, exports, integrations, and retests all read from the same normalized record.

MethodDeterministic first

Pencheff favors repeatable checks, then uses AI for triage, enrichment, orchestration, and remediation where it adds signal.

Coverage

What does ASM and assets test?

  • Discovery, exposed services, subdomains, cloud edges, certificates, and drift.
  • This page is part of Platform under Security Surfaces.
  • It links back into the broader a complete adversarial security platform experience.
  • Terraform, Kubernetes YAML, Helm, Dockerfiles, CloudFormation, Trivy config, Checkov, tfsec, Kubesec, and Hadolint-style checks.
  • Container image vulnerability and misconfiguration scanning with registry and admission-control workflows.
  • Attack surface management for subdomains, exposed hosts, cloud edges, certificates, services, and drift.
  • Network VA for host CVEs, service misconfiguration, TLS, headers, and authenticated host checks.
  • Active Directory, internal network, Android/iOS static analysis, exported component checks, and mobile secret sweeps.

Execution

How does Pencheff run this?

  • Register assets directly or discover them through ASM, repository manifests, or infrastructure files.
  • Run IaC and container checks before deployment, then pair results with runtime surface discovery.
  • Use network and internal checks to identify exposed services, certificate issues, AD paths, or host CVEs.
  • Normalize infra findings with source, asset, environment, severity, remediation, and compliance mappings.
  • Gate releases, schedule recurring checks, or produce audit bundles for platform and cloud teams.

Evidence

What evidence does this produce?

  • Affected resource, manifest path, image reference, package, host, service, port, certificate, or mobile artifact.
  • Rule id, scanner provenance, misconfiguration description, exploitability notes, and remediation.
  • Cloud, Kubernetes, container, or network context needed by platform owners.
  • Compliance mapping for configuration management, technical vulnerability, and supplier controls.

Controls

How is this kept safe to run?

  • Registry and admission policies can prevent risky images or manifests from progressing.
  • ASM and network checks are scoped to authorized assets and known workspace boundaries.
  • Infrastructure findings can be tied back to repos and deployment pipelines for ownership.
  • Mobile and internal findings remain in the same evidence and reporting workflow as web findings.

Documentation

Read the full reference.

Related

Keep exploring Platform.

What Pencheff doesPlatform overviewFeatured actionExplore platform coverageFeaturedDashboardFeaturedTargetsFeaturedFindingsFeaturedReportsMethodologyMethodology v4.2MethodologyThe Adversarial Cycle