For AI agents: The documentation index is at https://docs.digitalocean.com/llms.txt. Markdown versions of pages use the same URL with index.html.md in place of the HTML page (for example, append index.html.md to the directory path instead of opening the HTML document).

Cloud Security Posture Management (CSPM) uses scans to evaluate your resources against security rules and generate findings. Scans analyze your environment and surface potential risks to help you understand and improve your security posture.

What Is a Scan

A scan is the process CSPM uses to evaluate your resources. When you run a scan, CSPM identifies supported resources in your account, applies applicable rules based on your plan and enabled coverage, and generates findings for any detected issues. Scans do not modify your resources, they only evaluate configuration and surface potential risks.

What Gets Scanned

What CSPM evaluates during a scan depends on your plan and coverage settings. All plans include standard resource evaluation using standard rules. Paid plans also include workload evaluation using workload rules for workloads with coverage enabled.

Standard resources are always eligible for evaluation. Only workloads with coverage enabled are evaluated.

Scan Results

After a scan completes, CSPM generates findings for any detected issues. Each finding includes the affected resource, the rule that triggered the finding, a severity level, a description and business impact, and recommended remediation steps. Results are surfaced in the security experience where you can review and take action.

How Results Differ by Plan

The free plan includes findings for standard resources only and does not support suppression. The basic plan includes findings for standard resources and for workloads with coverage enabled, supports suppression, and includes a daily limit on manual workload scans per the plan (for example, one manual workload scan per day).

Relationship to Security Advisor

Scan results are available directly in the security experience and can also be summarized using Security Advisor. Security Advisor helps prioritize findings based on severity, provides a high-level view of your security posture, and enables faster remediation through Quick Fix.