Accepted scan scope

Before accepting scope

Accepted scan scope is the customer-approved boundary that later billing checks, live audits, reports, skipped-page explanations and monitoring setup must follow. It turns the selected public page groups and manual URLs into a stored approval record. Use this page after the project is supported, authorized and within the public-page plan limit. Do not accept scope while a private page, wrong domain, unsupported target or unclear manual URL is still selected.

Accept the selected scan boundary

Follow the path `Projects → Project detail → Scan scope selection → Scope acceptance → Accept scope` from `/projects/{project}`.

1. Open /projects and choose the authorized project. Result: the project detail page shows Scan scope selection and the Scope acceptance panel for that project.
2. Review the discovered pages and select the exact pages or groups to scan. Then confirm the selected discovered groups and manual URLs still fit the plan page budget. Result: the accepted record will match the public pages you expect the scanner to use.
3. Read Scope acceptance → Plan scope, Assumptions, Exclusions and legal-boundary disclaimer. Result: you know which automated workflow, authorization assumptions and exclusions are being approved.
4. Check I accept the plan scope, assumptions, exclusions, and legal-boundary disclaimer for this automated workflow. Result: the Accept scope action becomes available.
5. Click Accept scope. Result: WebRiskOps stores accepted_scan_scope with selected groups, manual URLs, plan limits and the accepting user/time.
6. Confirm the project shows Scope accepted before starting a live audit. Result: later scans, billing checks and reports use the accepted boundary instead of rediscovering an unsafe scope.

Check what the accepted record stores

The accepted record should be concrete enough that a later scan cannot widen the target silently.

• Selected discovered group keys and sample limits.
• Manual URLs that stayed on the authorized domain.
• Plan limits such as page budget, crawl depth, rate limit and timeout.
• Plan scope, assumptions, exclusions and legal-boundary disclaimer.
• Accepted timestamp and accepting user identity for the account.

Blocked states

Do not use acceptance to approve an unsafe or unclear boundary.

• Scope acceptance required means complete this page before starting a live audit, checkout or monitoring setup that depends on a project boundary.
• Package page cap reached means return to [Public-page-only limits](/docs/projects/public-page-only-limits) and reduce the selected set.
• Manual URL rejected means use [Manual URLs and path rules](/docs/projects/manual-urls-and-path-rules) before adding it again.
• Ownership proof required means finish [Ownership proof](/docs/projects/ownership-proof) before accepting the authorization assumption.
• Unsupported target means remove it; payment or acceptance must not convert it into eligible scope.

Continue to live audit setup

When the project shows Scope accepted, continue to [Scan scope and live audits](/docs/projects/scan-scope-and-live-audits). That page explains how live-audit start, skipped pages and scanner input stay inside the accepted boundary.