Scopes

A scope represents a logical application or service that QuantAssure monitors. Scopes are the container for your integrations, findings, and compliance data.

What Is a Scope?

  • Represents something you're protecting (e.g., "Production API", "Corporate Devices")
  • Contains configuration for data collection (collectors, expanders, enrichers)
  • Findings, assets, and evidence are linked to scopes
  • Each scope can have multiple integrations enabled

Think of scopes as your security boundary. One scope per application or service area works well for most organisations.

Creating a Scope

  1. Navigate to Scopes → Add Scope
  2. Enter a name and optional description
  3. Set metadata:
    • Type: application, infrastructure, or service
    • Environment: production, staging, development, or test
    • Criticality: low, medium, high, or critical
    • Data Classification: unofficial through top_secret
  4. Save the scope

Set criticality and classification accurately — AI uses these when assessing finding severity.

Configuring Data Sources

Open your scope → Edit Configuration

The configuration form is organised into sections:

Collectors

Fetch raw data from external services

  • GitHub: repository inventory
  • Mosyle: device inventory
  • AWS SecurityHub: cloud findings
  • Google Drive: policy documents

Expanders

Produce findings from collected assets

  • Dependabot: vulnerability alerts from GitHub repos
  • Mosyle Compliance: compliance findings from devices
  • Policy Sync: syncs policy documents for AI context

Enrichers

Add context to findings

  • Dependency Tree: analyses transitive dependencies
  • Policy Analyzer: links findings to relevant policies

AI Triage

  • Enable AI-powered risk assessment
  • Set minimum severity threshold for AI analysis

See Integrations for setup details per integration.

Running Scans

  • Click "Run Scan" on the scope detail page
  • The scan runs the full pipeline: collect → expand → enrich → AI triage
  • View run status and history on the scope detail page
  • Findings appear in the Findings page after the scan completes

Schedule regular scans to keep evidence fresh for compliance.

Security Score

  • Each scope shows a security posture score (0–100)
  • Score is calculated from AI-adjusted finding severities:
    • Critical findings have the highest negative impact
    • Resolved findings improve the score
  • View the score breakdown on the scope detail page