How to Run Scans
Validated on 31 Mar 2026 • Last edited on 31 Mar 2026
Cloud Security Posture Management (CSPM) evaluates your DigitalOcean resources for misconfigurations and security risks, surfaces findings by severity, and provides guidance to help you resolve them.
CSPM uses scans to evaluate your resources against security rules and generate findings for any detected issues. Scans evaluate resource configuration only and do not modify your resources or cause downtime.
Run a Scan
-
In the Control Panel, click Security in the left navigation.
The Security page opens with the CSPM tab selected.
-
Click Run Scan (or Scan Again if you’ve already run your first scan).
CSPM identifies supported resources in your account, applies rules based on your plan and enabled coverage, and generates findings for any detected issues.
What Gets Scanned
What CSPM evaluates depends on your plan and coverage settings.
Standard resources are evaluated in all plans using standard rules. These include IAM configurations, Volumes, load balancers, firewalls, VPCs, and DigitalOcean Container Registry (DOCR) repositories.
Workloads are evaluated using workload rules and require a paid plan. Supported workloads include Droplets and Managed Databases. Only workloads with coverage enabled are included in scans.
Scan Limits
Standard resources can be scanned manually at any time in all plans.
Workload scans (paid plans with workload coverage enabled) can be scanned based on your plan limits (for example, one per day on the basic plan). Plan limits are not an automatic daily scan, they are the maximum number of times you may trigger workload evaluation yourself in a day.
View Scan Results
After a scan completes, findings appear on the CSPM page organized by severity. You can review findings and take action directly from the results view.
For details on working with findings, see How to Review Findings.