Passive Scanning · CI/CD Ready

Scan. Remediate.
Ship Secure.

Passive web security scanning with actionable 30/60/90-day remediation plans. Integrates into GitHub Actions, GitLab CI, and Bitbucket Pipelines. Mapped to SOC 2, ISO 27001, NIST, GDPR.

⟐ Scan a Website CI/CD Integration →
hackoplab — pipeline
$ hackoplab scan --threshold 70 staging.example.com
› SSL/TLS........ ✓ PASS
› Privacy Policy.. ✓ PASS
› Cookie Consent.. ✓ PASS
› GDPR Markers... ⚠ PARTIAL
› Security Hdrs.. ✗ 2/5 MISSING
› CCPA.......... ✓ PASS

Score: 78/100 Threshold: 70 ✓ PIPELINE PASS
Remediation: 3 items (30-day) | 2 items (60-day)
Report: ✓ PDF saved → hackoplab-report.pdf
$
Aligned With
🛡
SOC 2
📋
ISO 27001
🏛
NIST CSF
🇪🇺
GDPR
CI/CD
// Pricing

Pay Per Scan

No subscriptions. Every paid scan includes a full remediation plan and downloadable PDF report.

Preview
0
Free preview
  • Score out of 100
  • Pass / Warn / Fail status
  • Top-level check summary
  • Remediation plan (blurred)
  • PDF report
Try Free Preview
Per Scan
4.99
per scan
  • Full compliance score + details
  • 30/60/90 day remediation plan
  • Framework mappings (SOC2, ISO, NIST)
  • Branded PDF report download
  • CI/CD YAML snippets
⟐ Scan Now — €4.99
Bulk 10
39
10 scans (€3.90/ea)
  • Everything in Per Scan
  • 10 scans at 22% off
  • CI/CD API key
  • Priority scan queue
  • Email delivery
Buy 10 Pack
// Passive Scanner

Scan Any Website

Free preview shows your score. Unlock the full remediation plan + PDF for €4.99.

🔒 Passive scan only — zero intrusion, zero risk. See pricing

// DevSecOps

CI/CD Pipeline Integration

Add security scanning to every deploy. Set score thresholds to gate releases. Fail pipelines before insecure code hits production.

GitHub Actions

Add to any workflow. Runs on push, PR, or schedule. Fails the job if score drops below your threshold.

# .github/workflows/security-scan.yml name: HackOpLab Security Scan on: [push, pull_request] jobs: security-scan: runs-on: ubuntu-latest steps: - name: Run HackOpLab Scan run: | RESULT=$(curl -s -X POST \ ${{ secrets.HACKOPLAB_API }}/scan \ -H "Content-Type: application/json" \ -d '{"url":"${{ vars.SITE_URL }}"}') SCORE=$(echo $RESULT | jq '.results.score') echo "Score: $SCORE" if [ "$SCORE" -lt "70" ]; then echo "::error::Score $SCORE below threshold 70" exit 1 fi
🦊

GitLab CI

Integrates as a pipeline stage. Gate merge requests with a minimum compliance score.

# .gitlab-ci.yml security-scan: stage: test image: curlimages/curl:latest script: - RESULT=$(curl -s -X POST ${HACKOPLAB_API}/scan -H "Content-Type: application/json" -d "{\"url\":\"${SITE_URL}\"}") - SCORE=$(echo $RESULT | jq '.results.score') - echo "HackOpLab Score: $SCORE/100" - test "$SCORE" -ge "70" rules: - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
🪣

Bitbucket Pipelines

Run on every deployment. Block promotions to production when compliance drops.

# bitbucket-pipelines.yml pipelines: default: - step: name: HackOpLab Security Scan script: - apt-get update && apt-get install -y jq - RESULT=$(curl -s -X POST ${HACKOPLAB_API}/scan -H "Content-Type: application/json" -d "{\"url\":\"${SITE_URL}\"}") - SCORE=$(echo $RESULT | jq '.results.score') - echo "Score: $SCORE/100" - test "$SCORE" -ge "70"

Set HACKOPLAB_API as a secret in your CI/CD platform pointing to your privacy-scanner Worker URL. Adjust the threshold score to match your risk appetite.

// Capabilities

What Every Scan Includes

Comprehensive passive analysis with actionable remediation — all without touching your infrastructure.

🔐

SSL / TLS Analysis

Certificate validation, protocol checks, HSTS enforcement. Remediation: exact header config to add.

📜

Privacy Policy Detection

Policy presence, DSAR links, DPO contact. Remediation: template sections to add per GDPR Art. 13.

🍪

Cookie Consent Audit

CMP detection (OneTrust, Cookiebot), opt-in flows. Remediation: implementation steps with code snippets.

🛡

Security Headers

CSP, HSTS, X-Frame-Options, Referrer-Policy. Remediation: exact header values to deploy, per server type.

📊

Compliance Scoring

Weighted scoring mapped to SOC 2, ISO 27001, NIST CSF. Remediation: prioritised by risk impact.

🔧

30/60/90-Day Plan

Phased remediation: Stabilise (30d), Harden (60d), Mature (90d). Each task has effort, owner, and evidence output.

// Compliance Frameworks

Framework Coverage

Every finding maps to specific controls. Audit-ready, control-by-control.

🛡

SOC 2

AICPA TSC

CC6, CC7, CC8, Availability criteria mapping.

📋

ISO 27001

Annex A

A.8, A.13, A.14 system security controls.

🏛

NIST CSF

v2.0

PR.DS, DE.CM, ID.RA sub-categories.

🇪🇺

GDPR

EU Regulation

Art. 5, 12-22, 25, 32 compliance markers.

🔒

CCPA/CPRA

California

Right to Know, Right to Opt-Out verification.

💳

PCI DSS

v4.0

Req 6 Secure Dev, TLS, app protections.

🏢

Cyber Essentials

UK NCSC

Boundary, config, patching, access control.

MITRE ATT&CK

Web Tactics

T1190, T1059, T1505.003 technique mapping.

// Governance

Security & Privacy Policies

Template-driven policy guidance aligned with compliance frameworks.

📜

Privacy Policy

GDPR-compliant notice: collection, processing, retention, data subject rights.

GDPR Art. 13/14
🛡

Information Security Policy

Scope, roles, acceptable use, access control, incident management.

ISO 27001 A.5
🍪

Cookie & Tracking Policy

ePrivacy/PECR disclosure, category breakdown, consent mechanisms.

ePrivacy Directive
🚨

Incident Response Plan

Detection, triage, containment, 72-hour GDPR breach notification.

NIST SP 800-61
🔑

Access Control Policy

RBAC, least privilege, MFA, privileged access management.

SOC 2 CC6.1
📦

Data Retention & Disposal

Retention schedules, lawful basis, secure disposal, audit evidence.

GDPR Art. 5(1)(e)