Can I run scans without permission?

question how is hexiosec asm able to legally run passive scans without a company's permission? how does hexiosec asm avoid legal issues and comply with the uk's computer misuse act (cma)? answer you do not need permission from an organisation to scan their domains and ips in building hexiosec asm , and leveraging hexiosec's experience of cyber security, we continuously review our capability to ensure that hexiosec asm does not undertake any activity regarded as an offence by the cma hexiosec asm gathers information from public data sources and will use headless web browser sessions to check a website's security we are only gathering information which is publicly available we are not undertaking any active scanning of an organisation's assets or doing anymore than a normal web browser (like chrome or edge) would do hexiosec asm does not do any active port scanning looking for services which may or may not be there the application also does not use or require any credentials, it is looking at what is publicly available to everyone unlike other active tools, hexiosec asm will not attempt any test attacks on assets benign or otherwise