Each target type has its pros and cons, and it's all about what suits your needs best.
- Under the Free option, you can run what we call Lightning scans. They are free and very fast scans (take less than a minute), so we’d suggest you include it into your CI pipeline or schedule a periodic scan. However, they only scan for a small subset of the vulnerabilities we find in other scanning profiles. Its value is to allow you to increase the security posture of your site and to show that you take security into account while developing your app.
- The Single Environment option allows you to run full scans. These scans take a bit longer but are more thorough and cover a bigger spectrum of vulnerability types than the free scan. We recommend this option if you want to have a more serious security solution that will scan your site in detail.
- The API Target option allows you to scan standalone APIs without a supporting web application. If you want to assess the security of your API in detail, you should choose this option.
- And lastly, the Multiple Environment option. When you're adding a multiple environment target, you will be able to define both the production and testing environment URLs. More thorough and intrusive scans are performed against your testing environment, and lighter scans are performed against your production environment.