Direct Platform Licensing — Powered by Invicti
True Positives delivers direct licensing access to Invicti's proof-based DAST and API application security testing platform for in-house AppSec programs. Security teams gain autonomous control of the industry's most accurate vulnerability detection engine, supported by a partnership grounded in two decades of application security automation experience.
Unlimited scanning, comprehensive access controls, and native CI/CD integration accommodate cloud, on-premises, and hybrid infrastructures. Standard Invicti support is included with all tiers.
What Direct Licensing Provides
Invicti's proof-based scanning engine confirms exploitable vulnerabilities with 99.98% accuracy, eliminating the false-positive noise that consumes security team capacity. Direct licensing places that technology under your team's operational control, with True Positives available as a licensing partner and optional expert resource.
Your team operates the Invicti platform with full configuration authority over scan targets, schedules, and reporting outputs. True Positives handles licensing, procurement, and contract management, eliminating the overhead of a direct vendor relationship while preserving complete operational autonomy.
Cloud-hosted deployment is standard. On-premises deployment is available as a Professional tier add-on for organizations with network segmentation or data-handling requirements that preclude third-party scan access. The optional Guided Success upgrade delivers dedicated implementation support from experienced AppSec practitioners to accelerate platform adoption and optimize scanning outcomes.
Platform Tiers
Both tiers deliver Invicti’s proof-based scanning foundation. The selection between them is determined by integration requirements, workflow automation needs, and compliance obligations rather than scan accuracy, which is consistent across both.
The foundation for a strong AppSec program. Core DAST, web application and API scanning, risk scoring, and runtime SCA in a deployment that delivers structured vulnerability detection from day one without requiring CI/CD integration.
The appropriate tier for scaling programs that require DevSecOps pipeline integration, workflow automation, SSO, and compliance reporting. All Essentials capabilities are included alongside material additions for larger application portfolios and regulated environments.
Capabilities unlocked when upgrading to the Professional tier.
* Coming Soon per Invicti platform roadmap
Tier Comparison
Items marked * are designated coming soon on the Invicti platform roadmap.
| Feature | Essentials | Professional |
|---|---|---|
| Scanning Capabilities | ||
| DAST | ✓ | ✓ |
| AI-Powered DAST | — | ✓ |
| Web Application Scanning | ✓ | ✓ |
| Standard API Scanning | ✓ | ✓ |
| LLM Scanning | ✓ | ✓ |
| Predictive Risk Scoring | ✓ | ✓ |
| Runtime SCA | ✓ | ✓ |
| Dynamic URL Scanning | — | ✓ |
| PCI ASV * | — | ✓ |
| Access & Administration | ||
| Standard RBAC | ✓ | ✓ |
| Single Sign-On (SSO) | — | ✓ |
| Dashboards & Reporting | ||
| Standard Dashboards | ✓ | ✓ |
| Standard Reports | ✓ | — |
| Advanced Reports | — | ✓ |
| Personal Email Notifications | ✓ | — |
| Automations & Workflows | ||
| Advanced Automations | — | ✓ |
| Integrations | ||
| Ticketing | — | ✓ |
| CI/CD | — | ✓ |
| Communications * | — | ✓ |
| AST Connectors | — | ✓ |
| Internal App Scanning (Agents) | ✓ | ✓ |
| Support | ||
| Standard Support | ✓ | ✓ |
| Deployment | ||
| Cloud Hosting | ✓ | ✓ |
| On-Premises (Add-On) | — | ✓ |
T+ Service Add-Ons
True Positives offers two practitioner-delivered service add-ons for organizations that require structured onboarding support or deeper manual validation beyond what automated scanning provides.
Implementation Service
For organizations that require structured platform onboarding rather than self-directed deployment, Guided Success delivers dedicated implementation support from a seasoned AppSec practitioner. Engagement scope covers scan configuration, target prioritization, workflow setup, and outcome baseline establishment. Eligibility is determined by FQDN tier.
Security Assessment Service
Automated scanning addresses the majority of detectable vulnerabilities efficiently and continuously. Organizations managing business-critical applications or operating under regulatory obligations may require manual coverage that extends beyond automated detection boundaries. Expert penetration testers address business logic vulnerabilities, authentication bypass scenarios, and complex attack chains that automated tools cannot reliably identify.
Why License Through True Positives
True Positives holds an exclusive Invicti MSSP and AppSec VAR partnership. Licensing through T+ provides access to platform expertise accumulated through direct deployment experience, not solely through vendor certification.
T+ founders helped establish application security automation at @stake, NTObjectives, and Veracode, then advanced the discipline at Cisco, Microsoft, Intel, and Rapid7. Platform recommendations reflect deployment experience, not vendor positioning.
As Invicti's exclusive SMB MSSP and VAR partner, True Positives receives direct platform training, early feature access, and escalation paths that standard reseller relationships do not provide.
True Positives manages the licensing relationship, renewal cycles, add-on procurement, and vendor coordination. Your team operates the platform while T+ manages the commercial overhead.
Next Step
Schedule a no-cost licensing consultation with True Positives. Our team will evaluate your application portfolio, integration requirements, and compliance obligations, then recommend the tier and add-on configuration most appropriate for your program.
