Glossary
A concise reference of the terms that appear throughout BestDefense. For a gentler introduction, start with Core concepts.
Accepted risk
Section titled “Accepted risk”A formal decision not to fix a finding right now, recorded with a reason and (optionally) an expiration date and supporting document. Accepted risks are kept out of the active remediation pipeline. See Accepted risks.
Allow-rules
Section titled “Allow-rules”Fine-grained permissions that gate specific actions beyond a member’s role — for example, who can trigger remediation or manage integrations. See Allow-rules.
API token
Section titled “API token”An organization-scoped bearer credential used to authenticate to the BestDefense REST API from scripts and CI/CD. Created and revoked under Profile → API tokens. See API access & tokens.
Limits on how many of a resource your plan allows, such as targets, repository connections, or team members. See Billing & subscription tiers.
Credits
Section titled “Credits”Units consumed by certain actions, such as generating an AI remediation pull request. Credits reset on renewal. See Billing & subscription tiers.
Finding (alert)
Section titled “Finding (alert)”A single issue surfaced by a scan, such as a missing security header or an injectable parameter. You’ll also see the term alert for an individual finding.
Guardrail policy
Section titled “Guardrail policy”The set of rules that govern how approved remediations behave — including whether an approved fix is also merged automatically. See Remediation Queue.
Integrations
Section titled “Integrations”Connections to external tools: version control (GitHub, GitLab, Bitbucket), Jira, SonarQube, and SSO/OIDC. Configured per organization. See Integrations.
Maelstrom
Section titled “Maelstrom”The BestDefense load-testing product, which simulates traffic with virtual users. Has its own plans. See Products.
Members, teams, and roles
Section titled “Members, teams, and roles”People in an organization are members; they can be grouped into teams; and what each can do is governed by their role plus allow-rules. See Members & roles.
Network agent
Section titled “Network agent”A component used in network scanning to reach and assess targets on your network.
Organization
Section titled “Organization”The top-level container that owns your sites, reports, members, integrations, and billing. You can belong to several and switch between them. See Organizations & teams.
Remediation
Section titled “Remediation”The act of fixing a finding. BestDefense can generate a fix with AI and open a pull request, tracked through the Remediation Queue.
Report
Section titled “Report”The result of a scan — produced by a Vortex scan, a Maelstrom load test, or a network scan.
A URL path or endpoint on a site that BestDefense tests — for example /checkout
or an API endpoint like /users/{id}. Routes define a scan’s scope. See
Route management.
Scan configuration
Section titled “Scan configuration”A saved set of options that controls how a scan runs, so you can reuse consistent settings.
Scan intensity
Section titled “Scan intensity”How thorough and aggressive a scan is. Higher intensities probe more deeply and may require a higher tier. See Quickstart.
Severity
Section titled “Severity”How serious a finding is. Severity drives prioritization, sort order, and overview charts. See Severity & scoring.
Site / target
Section titled “Site / target”A thing you scan — usually a web application or API, identified by its URL or domain. Targets must have domain ownership verified before scanning. See Managing sites.
Test users
Section titled “Test users”Credentials BestDefense uses to authenticate during a scan so it can reach areas of a target that require sign-in.
Virtual users
Section titled “Virtual users”Simulated users that Maelstrom generates to apply load during a test.
Vortex
Section titled “Vortex”The BestDefense security-scanning product, including AI pen-testing on higher tiers. See Products.