Docs · Tools
Scan Diff
Security is about change over time. Scan Diff compares two saved scan sessions and shows you the delta — what opened, what closed, what got patched — so a drift is obvious at a glance.
- Category
- Analysis
- Powered by
Nexus scan history (SQLite)- Edition
- Pro
- Where
- Desktop → Scan Diff tab
What it does
Every scan you run is saved to your local history. Scan Diff takes two of those sessions — a baseline and a newer one — and reports precisely what moved between them.
- Newly opened ports — services that appeared since the baseline.
- Closed ports — services that went away (a fix, or an outage to investigate).
- Service / version changes — software that was upgraded or downgraded.
- Vulnerabilities fixed or introduced — findings that resolved or newly appeared.
How to use it
1
Run a baseline scan
Scan your target once (for example with the Port Scanner) so there is a session to compare against.
2
Run it again later
After a change window or a maintenance cycle, scan the same target again.
3
Diff the two sessions
Open Scan Diff, pick the baseline and the newer session, and review the change report.
What you get
A clear before/after report — added, removed and changed — so you can confirm that a fix landed, catch an unexpected new exposure, or prove to an auditor that the surface shrank. It pairs naturally with the Security Score, which turns the same posture into a single 0–100 number you can watch trend.
Tips
- Re-scan after every deploy or firewall change and diff against the last known-good baseline.
- An unexplained newly opened port is the highest-signal finding — investigate it first.
Change is the signal. A single scan tells you the state today. Two scans tell you the trajectory — which is what actually predicts an incident.