Only scans explicitly authorized targets
No write operations on target systems
False positive rate below 5%
Reports comply with SARIF and HTML formats
Requires explicit authorization before scanning
Scan intensity configurable to avoid DoS
Vulnerability details stored locally until purged