> ## Documentation Index
> Fetch the complete documentation index at: https://hacktronai-changelog-e1a164be.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# White-box Pentest

> Run organization-scoped Whitebox Scans from Hacktron using shared scan credits.

White-box Pentests are deep, scoped assessments that go beyond day-to-day pull
request review.

They use repository context, target URLs, and access instructions to assess a
defined application or codebase. They run on a slower cadence than continuous
Code Review: some teams run one during initial rollout, while others run them
monthly, quarterly, or ahead of compliance audits.

## When to use it

White-box Pentest is a good fit when you need:

* A deep, scoped assessment of a service or application
* Coverage that includes both source code context and live target URLs
* Assessments for SOC 2, ISO 27001, vendor security reviews, or internal release gates
* A broader review than continuous PR or MR comments

## Start here

<Columns cols={2}>
  <Card title="Quickstart" icon="rocket" href="/white-box-pentest/quickstart">
    Prepare scope, create the scan, estimate credits, and start from the
    dashboard.
  </Card>

  <Card title="Credits and billing" icon="credit-card" href="/white-box-pentest/billing">
    Understand credit estimates, shared organization balances, top-ups,
    checkout, and insufficient-credit handling.
  </Card>
</Columns>

## Run status

| Status             | Meaning                                                                 |
| ------------------ | ----------------------------------------------------------------------- |
| **Draft**          | Scope is being prepared and has not been estimated or started yet.      |
| **Estimating**     | Hacktron is calculating the credit estimate.                            |
| **Ready to Start** | The estimate is complete and the scan is waiting for checkout/start.    |
| **Running**        | Hacktron is assessing the selected repository and targets.              |
| **Completed**      | The scan finished and findings are available.                           |
| **Failed**         | The scan could not complete. Review the run details or contact support. |
| **Cancelled**      | The scan was stopped before completion.                                 |

## Relationship to Code Review

Use **Code Review** when you want ongoing pull request coverage on connected
repositories.

Use **White-box Pentest** when you want a broader assessment with shared
credits and explicit scope review before the run starts.

<Columns cols={2}>
  <Card title="Connect repositories" icon="code-branch" href="/platform/repositories">
    Give Hacktron source access through GitHub, GitHub Enterprise Server, or
    GitLab.
  </Card>

  <Card title="Code Review" icon="code-pull-request" href="/code-review/overview">
    Set up ongoing pull request review coverage.
  </Card>
</Columns>
