FAQ
Practical answers to questions that come up often. If your question isn’t here, check the relevant page in the app or contact support.
Do I have to verify domain ownership before scanning?
Section titled “Do I have to verify domain ownership before scanning?”Yes. A target must have its domain ownership verified before it can be scanned —
typically by adding a DNS TXT record. Verification can take a few minutes to
propagate; you can keep setting things up while it finishes. See the
Quickstart.
Why don’t I see AI pen-testing or scheduling?
Section titled “Why don’t I see AI pen-testing or scheduling?”These features are unlocked by higher subscription tiers. If they aren’t visible, your current plan likely doesn’t include them. Check the plan options on your organization’s subscriptions page. See Billing & subscription tiers.
What do I need before I can use AI remediation?
Section titled “What do I need before I can use AI remediation?”Two things: a connected version-control integration (GitHub, GitLab, or Bitbucket) so BestDefense can open a pull request, and enough credits, which AI remediation pull requests consume. See Version control and AI remediation.
What’s the difference between Approve and Approve & merge?
Section titled “What’s the difference between Approve and Approve & merge?”Approving a fix marks it as accepted. Whether an approved fix is also merged automatically depends on your guardrail policy. With auto-merge off, approving is approve-only and you merge the pull request yourself; with it on, an approved fix can be merged for you. See the Remediation Queue.
Can I use BestDefense across multiple organizations?
Section titled “Can I use BestDefense across multiple organizations?”Yes. You can belong to more than one organization and switch between them from the top-bar menu. Switching changes which organization’s data and subscription you’re working in, so confirm the right one is active before you act. See Organizations & teams.
How do I stop a finding from showing up without fixing it?
Section titled “How do I stop a finding from showing up without fixing it?”Accept the risk. This records a formal decision not to remediate it now and removes it from the active pipeline. You can revoke the acceptance later to bring it back. See Accepted risks.
A teammate can’t see a button I can see. Why?
Section titled “A teammate can’t see a button I can see. Why?”Access to specific actions is gated by allow-rules on top of a member’s role. If a control is missing for someone, they’re usually missing the relevant rule — have an admin assign it. See Allow-rules.
How do I add someone to my organization?
Section titled “How do I add someone to my organization?”Invite them by email and choose a role. They receive an email, acknowledge it, and accept to join. You can resend or cancel pending invites. See Members & roles.
What happens to teams when I remove a member?
Section titled “What happens to teams when I remove a member?”Removing a member from the organization also revokes their access to every team they belonged to — you don’t need to remove them from teams separately. See Members & roles.
Can I brand BestDefense with my own logo and colors?
Section titled “Can I brand BestDefense with my own logo and colors?”Yes. Organizations can set a custom logo and brand colors, applied org-wide. Fonts, spacing, and layout aren’t customizable by design. See White-label theming.
What do credits and caps mean for my plan?
Section titled “What do credits and caps mean for my plan?”Credits are consumed by certain actions (like AI remediation pull requests) and reset on renewal. Caps limit how many of a resource you can have, such as targets or team members. Both depend on your tier. See Billing & subscription tiers.
Is my data sent anywhere when I search the docs?
Section titled “Is my data sent anywhere when I search the docs?”No. Documentation search runs entirely in your browser against this static site — your queries aren’t sent to a server.