Skip to main content Skip to section navigation
U.S. flag

An official website of the United States government

Build Scans

Builds Scans are a new experimental feature being offered by Pages.

For select site builds, users can see scan results which check their website for security vulnerabilities, accessibility violations, and other relevant information to help improve their site. These scans begin running after a build completes. When the scan finishes, the results are available as downloadable HTML files for easy sharing among team members. There are currently two scans available: ZAP Security Scan and Accessibility Scan.

ZAP Security Scan

The ZAP Security Scan tests your published website for common security vulnerabilities. It uses the Zed Attack Proxy (ZAP) software to passively scan the site for vulnerabilities but does not perform any attack or attempt to maliciously modify your site code. Example security findings include unintended exposure of sensitive data, SQL injection opportunities, cross-site scripting (XSS) flaws, and the use of components with known vulnerabilities. More details about the scan mechanisms and the resulting file output can be found at ZAP - Baseline Scan

Accessibility Scan

This scan identifies website accessibility violations from Section 508 and the latest WCAG version. The scan first crawls your website to identify all pages to test. It then uses the open source portion of axe to identify accessibility violations. The final scan is a custom report generated from the axe output.

An official website of the U.S. General Services Administration

Looking for U.S. government information and services?