For compliance & security teams

Replace your compliance scanner.
Keep more of your budget.

Teams using AppCheck, Qualys, or Tenable for monthly SOC2 and ISO 27001 evidence pay thousands per year for reports that still need a pentester to interpret. Decloak maps findings to compliance controls, tracks remediation, and adds Enterprise-tier active security testing (DAST) - at a fraction of the cost.

Features for compliance & security teams

Audit evidence, active testing, and a paper trail.

Free

Scanning

Server software CVE detection

Web server software disclosed in response headers (Apache, nginx, IIS, PHP, and more) is matched against the National Vulnerability Database, with the exact version and CVE ID shown for anything found.

Free

Scanning

CMS & platform fingerprinting

Detects the CMS or e-commerce platform a site runs on - WordPress, Joomla, Drupal, Magento, Shopify, Wix, Squarespace, Webflow, and more - and checks any self-hosted, version-disclosed platform against the National Vulnerability Database.

Enterprise

Active Testing

Active Security Testing (DAST)

Enterprise scans go beyond passive observation with safe, non-destructive active probes - forced browsing, reflected-input canaries, CORS and HTTP-method checks, postMessage handler auditing, and more.

Enterprise

Active Testing

Independent Active Testing Score

Active-testing checks are scored separately from your overall report - a dedicated grade for what was actively probed, alongside your regular security score.

Enterprise

Active Testing

Authenticated scan mode

Capture a logged-in session via our browser extension and the agent crawls behind your login - the only mechanism that works for passkey/WebAuthn auth, since there is no credential to script or store.

Enterprise

Active Testing

Executive DAST report (PDF)

A standalone, boardroom-ready PDF scoped to Active Testing results only - severity donut, a full "what we tested" checklist, and remediation excerpts.

Starter

Reports

PDF evidence export

Timestamped, formatted PDF with your scan details, findings, and an attestation block. Accepted by auditors for SOC2 and ISO 27001 evidence.

Starter

Reports

Comparison reports

Side-by-side diff between any two scans of the same site. See exactly what findings are new, what has been resolved, and what has changed severity.

Pro

Reports

Evidence packages

Export a date-range ZIP of all scan history - formatted for auditor handoff. Includes all PDFs, finding logs, and scan attestation metadata.

Pro

Compliance

ISO 27001 control mapping

Every finding is automatically tagged to the relevant ISO 27001 Annex A controls. Filter your report to show only findings relevant to a specific control.

Pro

Compliance

SOC2 criteria mapping

Findings tagged to SOC2 Trust Services Criteria (Security, Availability, Confidentiality). Makes it straightforward to respond to auditor questions by control.

Pro

Compliance

Remediation tracking

Mark each finding as Open, In Progress, Resolved, or Accepted Risk. Auditors need to see that findings are being acted on - this closes that loop.

Pro

Compliance

Audit trail

Every scan is stamped with who triggered it, when, from where, and with which configuration. Full chain of custody for compliance evidence.

Pro

Compliance

Audit activity log

A per-domain log of every scan, deletion, and finding change - who did it and when. Recorded from day one, so it’s already there the moment you upgrade to Pro.

Pricing

Pro for compliance mapping. Enterprise for DAST.

Both at a fraction of what AppCheck, Qualys, or Tenable charge for the same evidence.

Free

£0
  • 1-page scan per submission
  • All 8 scan layers
  • Vibe-coded platform security scan (Supabase, Lovable, Base44 & more)
  • AI executive summary
  • Scan history in your account
  • Re-scan and delete anytime
  • Shareable public link
Create free account

Starter

Popular
£29/ month
  • Full AI agent investigation
  • Up to 50 pages per scan
  • Per-finding remediation guidance
  • DNS & SSL/TLS security analysis
  • PDF evidence export
  • Scheduled recurring scans
  • Scan comparison reports
  • Email alerts for new criticals
Get started

Pro

£79/ month
  • Everything in Starter
  • Up to 200 pages per scan
  • ISO 27001 / SOC2 control mapping
  • Remediation tracking
  • Team access and finding assignment
  • Slack and webhook notifications
  • API access
  • Audit evidence packages
  • Audit activity log
Get started

Enterprise

Full DAST
£99/ month
  • Everything in Pro
  • Active Security Testing (DAST)
  • Independent Active Testing Score
  • Forced browsing, CORS, reflected-input probes
  • Authenticated scan mode (session capture)
  • Enable active testing via API / MCP
  • Priority support
Get started