Connect and launch
Connect a scanner from the marketplace, then launch, schedule, or import from one console. Cron scheduling and campaign grouping cover recurring assessments, with one scan run per selected integration.
Scan and ingest
Multi-Vendor Scan Orchestration
Launch, schedule and import every scanner from a single console instead of stitching vendor dashboards together by hand. PMAP turns 30 connected tools into one governed pipeline, so your team works from a single source of truth rather than nine separate consoles.
One console for every scanner, instead of nine consoles for one program
Mature security programs do not run a single scanner. They run infrastructure VM tools, DAST, SAST, and SCA side by side, each with its own dashboard, its own export format, and its own severity scale. Coordinating scan runs across those tools means logging into every console, launching jobs by hand, and reconciling state across windows that never agree. Coverage gaps appear the moment a scan finishes in a vendor portal but never makes it back into your program of record.
PMAP collapses that fragmentation into one orchestration layer. From a single screen you launch, schedule, and import scans across infrastructure, DAST, SAST, and SCA tools spanning 30 vendors and 9 scanner categories. Live status synchronization keeps every running job current, remote controls let you act on the vendor directly, and every result lands in one normalized finding model.
Inside multi-vendor scan orchestration
Single-console launch, schedule, and import
Drive scan execution across infrastructure, DAST, SAST, and SCA tools without leaving PMAP. Trigger one-off imports, set recurring schedules, or pull a completed vendor scan into a specific project, all from the same workspace.
- Launch, schedule, and import from one screen across every connected scanner
- 30 vendor connectors spanning vulnerability, DAST, SAST, SCA, ITSM, CI/CD, and network discovery
- Route a platform-level scan into a chosen company and project at import time
Live status sync with no manual refresh
A background poller mirrors the state of every running vendor scan into PMAP automatically. Status, progress, and per-severity counts stay current without anyone clicking refresh or switching to a vendor portal.
- Running, queued, paused, and importing scans poll on a continuous cadence
- Status, progress, and severity counts refresh in the background
- Watch live execution state without opening the vendor console
Remote scan controls on the vendor
Act on the scanner directly from PMAP rather than alt-tabbing into its dashboard. Engineers launch, pause, resume, or stop an integration-backed scan from the action bar, and the control flows through to the vendor.
- Launch, pause, resume, and stop available on integration-backed scans
- Controls operate on the vendor side directly from the console
- Cron scheduling plus assessment-run grouping for repeatable campaigns
Orphan adoption keeps PMAP in step with every vendor
Scans started outside PMAP do not stay invisible. Every five minutes PMAP queries each connected vendor for its full scan list and mirrors any scan it does not yet have, so the platform never falls behind the tools it orchestrates.
- Vendor-side scans mirror into PMAP automatically every five minutes
- Completed adopted scans trigger import and enrichment on their own
- Deleted scans stay deleted thanks to the blocklist guard
How orchestration works end to end
Connectivity flows in one direction, from a connected vendor to a single governed finding queue.
Sync and control
PMAP polls every running vendor scan and reflects live status without a manual refresh. Remote controls let you launch, pause, resume, or stop the scan on the vendor from the same screen.
Adopt and ingest
Vendor-side scans mirror into PMAP every five minutes through orphan adoption, so scans started outside the platform never go missing. Completed results then flow into the ingest pipeline on their own.
Filter and govern
A configurable threshold filter and an optional rule override decide what actually gets persisted at ingest. The blocklist guard keeps deleted scans deleted, so noise never re-enters the program of record.
Correlate to one model
Results land in a single finding model where a reference key resolves first and a SHA-1 fingerprint resolves next, so the same issue from different scanners becomes one record. PMAP never trusts vendor severity blindly.
Route to the queue
Normalized findings flow into a single governed queue with a consistent risk view across every connected vendor. From there each issue is ready for ownership, triage, and lifecycle tracking in one place.
What your team gets
Hours back for the people who fix things
Your engineers run the whole estate from one operating layer instead of logging into a dozen vendor consoles and reconciling them by hand. The time you reclaim from coordination overhead is time your team spends closing real vulnerabilities.
Coverage you can actually trust
No scan slips through the cracks, even the ones a teammate kicks off straight in a vendor portal. PMAP mirrors every connected tool on its own, so the program of record stays complete and current and the board sees coverage as it is right now, not a stale export.
One ranked queue, not nine vendor opinions
The same weakness flagged by two scanners resolves to a single finding instead of two tickets chasing the same fix. Severity follows your standard rather than whichever vendor shouted loudest, so the team works the issues that carry the most risk first.
Frequently asked questions
Do we have to replace our existing scanners to use PMAP?
No. PMAP orchestrates the tools you already run rather than competing with them. It connects to 30 vendors across 9 categories and brings their scans and results into one console, so your investments stay in place and your team gains a single operating layer on top.
What happens to a scan someone launches directly in the vendor portal?
PMAP picks it up automatically. The orphan adoption sweep queries each connected vendor every five minutes and mirrors any scan that is not yet present, so the platform stays in step with the tools it orchestrates without anyone re-entering scans by hand.
If two scanners report the same vulnerability, do we triage it twice?
No. Every result lands in one finding model where a reference key matches first and a SHA-1 fingerprint matches next, so the same issue from different scanners resolves to a single record. PMAP also applies a configurable threshold filter at ingest and does not trust vendor severity blindly.
Run every scanner from one place
See how PMAP orchestrates 30 vendors into a single governed pipeline across launch, sync, and ingest.