Server or infrastructure device scan
Database scan
Non-production web application scan
Static application code scan
Continuous monitoring of containers
Penetration testing