Application Security Platform
Manage targets

Add dynamic URL target

This document is for:
Invicti Platform

In CI/CD workflows, you may need to run DAST scans on environments that are created temporarily during pipeline execution. To support this use case more effectively, the Invicti Platform introduces Dynamic URL targets (also known as ephemeral targets) — a streamlined solution for scanning short-lived environments.

Previously, you had to create a new target for each URL, which could lead to unnecessary license usage, a cluttered target list, or even loss of scan results when temporary targets were deleted. With dynamic URL targets, you can initiate scans directly from your CI/CD pipeline without having to configure or manage persistent targets in the UI, making the process simpler and more efficient.

Ephemeral targets are designed specifically for scans triggered from CI/CD workflows and are ideal for integrating seamlessly into temporary environments spun up during pipeline execution.

When you create a target, even if it's ephemeral, it uses a single FQDN. As long as the URL belongs to the same application, you can change it in the script as often as needed without using another FQDN. 

This document describes how to create an ephemeral development target in Invicti Platform.

Steps to add an ephemeral target

  1. Select Inventory > Targets from the left-side menu.
  2. Click Add new target.
  3. Enter the name of the target and select the Is this an ephemeral (short-lived) development target? checkbox.

The URL is not needed for ephemeral targets. Instead, the Dynamically generated by API text, is used.

  1. By default, new targets use the Invicti Cloud Agent, which can scan any publicly available site without additional configuration. Choose the agent that best matches your scan environment and security requirements.
  • Invicti Cloud agent (default): This is Invicti’s managed cloud-based agent, suitable for scanning publicly accessible websites. It requires no setup and is ideal for most internet-facing applications.
  • Private agent: You can also use your own installed scan agent to scan internal or restricted environments not accessible from the public internet.
  1. Assign the target to an environment (e.g., development, staging, production) to help organize and manage scans. Environments are defined in Settings > Environments and must be created there before use.
  2. Select a parent application to group the target with related assets. Applications serve as central units for managing vulnerabilities and improving analysis across connected targets.

We recommend always linking an ephemeral target to an application. This ensures you can easily identify which application the CI process is associated with. Associating ephemeral targets with applications adds structure, clarity, and accountability to your security testing process.

  1. Choose a collection to organize the target based on business context or custom criteria. Collections support tailored security management and reporting.
  2. Add tags to further group and filter targets. After typing, submit each tag by pressing Enter. Tags assist with quick identification, categorization, and filtering in reports and views.
  3. Confirm the target creation by pressing Add target.

  1. The targets page is updated with your new target.

Scans can only be triggered via the API or during CI/CD. They cannot be initiated from the UI with the dynamic URL. For information on how to scan dynamic URL targets, refer to the linked document.


Share This Article