If your business transmits, processes or stores credit card information, PCI-DSS compliance is required. Failing to do so, may result in fines and having your merchant account blocked. There are several levels of compliance, depending if you are a merchant or service provider, and how you interact with cardholder data. If you are reading this, you are probably looking for SAQ A-EP or SAQ D compliance (Merchant or Service Provider).
For public-facing web applications, PCI-DSS requires that new threats and vulnerabilities are addressed on an ongoing basis and that those applications are protected against known attacks using an automated application vulnerability scanning tool, like Probely, at least annually and after any changes. Please note that this requirement 6.6 is not achieved using an Approved Scanning Vendor (ASV ) as defined in requirement 11.2. Both are different types of scanners and their purpose is different (and so are requirements 6.6 and 11.2).
Probely provides an easy and effective way to comply with PCI, by automating and integrating scanning into your Development Processes and CI/CD pipelines. Scan reports include a PCI section with all requirements listed below and if they fail or succeed in compliance.