Frequently asked
questions.

Vornin is an enterprise vulnerability management platform: continuous security scanning, vulnerability tracking, compliance reporting, and team collaboration in one pane. It scans your websites, servers, networks, APIs, and code repositories and helps you manage the entire remediation lifecycle.

Sign up for a free account, no credit card required. Add a target, run a scan, review the results. The onboarding wizard handles the rest. Your first results arrive in under five minutes.

No. Vornin runs in your browser. The only exception is scanning internal networks, which uses a lightweight .NET scan agent deployed on your network. The agent is a single executable that connects outbound to your Vornin account.

Yes. 14 days of full Team or Business access, no credit card required. After the trial, continue on the Free plan (3 targets, all 15 scanners) or upgrade. Scale is request-based. Contact us for a Scale trial. No automatic charge, ever.

Fifteen native engines: Port Scanner, SSL/TLS, Web Vulnerability Scanner, API Security, Nuclei Templates (opt-in), DNS Security, Subdomain Discovery, Subdomain Takeover, SAST, Secret Scanning, Dependency Scanning, WordPress Scanner, Container Image Scanner, Kubernetes Posture, and Cloud Security Posture (AWS / Azure / GCP).

Plus import-only support for Nessus (.nessus), OpenVAS (.xml), CSV, and JSON. External reports land in the same tracking, evidence chain, and compliance pipeline.

Depends on scope. SSL/TLS and DNS: under 30 seconds. Port scan: 1–3 minutes typical. Full web vulnerability scan with crawling: 5–15 minutes. Code scans depend on repo size.

Yes, from Team onward. Up to 5 scheduled scans on Team, 15 on Business, unlimited on Scale. Save scan profiles to re-run identical configurations.

Yes. Deploy a Vornin scan agent inside your network. The agent polls for tasks, executes scans locally, and reports back over HTTPS. Targets on private IPs (10/8, 172.16/12, 192.168/16) route to available agents automatically.

Cloud-originated scans run from our EU infrastructure. Contact support for the current IP list if you need to allow-list our scanners. Internal scans run from your agents, no firewall changes needed.

Vornin scans are designed non-destructive. Port and SSL checks are passive. The web vulnerability scanner uses safe payloads that don't modify data. Max Parallel and Crawler Depth controls let you throttle intensity for sensitive environments.

Every finding gets a SHA-256 fingerprint based on host + scan type + title + URL. Subsequent scans match to the existing record instead of duplicating. When a previously-open finding is not detected, it auto-closes as Resolved.

Per-severity remediation deadlines. Example: Critical within 1 day, High within 7 days. When a deadline is missed the finding is flagged SLA Breached and escalation emails fire to the configured recipients (or tenant owners by default).

Yes. Suppression rules match by fingerprint, title pattern, host pattern, or scanner type. Suppressed findings are tracked as Dismissed with a reason for audit.

Yes. One-click assignment with email notification. Comments, activity timeline, and assignment history are all tracked on the finding.

Yes. CSV for spreadsheets, branded PDF reports, or the REST API for programmatic access. Full findings export including evidence URLs.

Nine frameworks with auto-mapping: CIS Controls v8, NIST 800-53 Rev 5, ISO 27001:2022, SOC 2, PCI DSS, HIPAA, GDPR, DORA (EU 2022/2554), and NIS2 (EU 2022/2555). Each framework maps relevant controls to vulnerability findings. Tenant-wide auditor pack PDF available from Business onward.

Yes. Configure company name, logo, brand color, report title, and footer in Settings. All PDF reports (scan, compliance, scheduled) use your branding.

Yes. Report schedules email PDFs to specified recipients at configurable intervals (weekly summary, monthly compliance, etc.).

Yes. Continuous scanning, documented remediation timelines, SLA tracking, audit logs, and compliance reports give auditors exactly what they need. The compliance dashboard shows real-time posture across supported frameworks.

Slack, Microsoft Teams, Jira, generic HMAC-signed webhooks, Azure DevOps (for code scanning). More on the roadmap. Request one.

Yes. Create scans, list findings, query targets, retrieve status. Authenticate with scoped API keys (Bearer token). Full OpenAPI docs at /api-docs in your Vornin instance.

Yes. Trigger scans via API from GitHub Actions, Azure Pipelines, Jenkins, or any CI tool. Gate deployments on scan results.

Encrypted PostgreSQL with tenant-level row isolation. Sensitive fields (tokens, credentials) encrypted at rest with AES-256-GCM. All connections TLS 1.2+. Immutable audit logs of every access and modification.

Yes. Every query is automatically scoped by tenant ID via EF Core global query filters, enforced at the database layer, not just the app. No tenant can see another tenant's data.

Passwordless magic links by default, TOTP MFA (Google Authenticator, Authy, etc.), per-tenant SAML SSO and SCIM 2.0 from Business onward (no SSO tax). Tenant admins can enforce MFA for all members.

Yes. EU-hosted. Article 20 data export. Article 17 account deletion. Configurable retention. Essential cookies only. Zero third-party tracking.

Yes, from Business onward. Allow-list specific IPs or CIDR ranges per tenant. Access from any other IP is blocked.

Four tiers in EUR: Free (€0, 3 targets), Team (€129/mo), Business (€299/mo), and Scale (€699/mo). Paid tiers include 5 base targets plus a slider for more, with volume discounts after 50 and 100 targets. Annual billing saves 20%. See the pricing page.

Yes. Cancel from account settings. Data stays available for 30 days post-cancellation for export, then it's deleted.

You can add the targets, but they won't scan until you upgrade or remove others. Zero automatic overage billing, ever.

Yes. Contact sales for custom pricing on large deployments, MSP partnerships, or annual billing.