There exists a lot of web security scanners and many are doing a descent good job. Yet there are times and genuine reasons when you wished you had your own scanning infrastructure. You perhaps wished how great it would be if you could build your own in 40 minutes. That you had more control. That you can add your custom requirements. Or may be using an existing one was not an option, from cost, scale, speed or code reuse perspective. In this talk we will demonstrate: 1. how to build a robust web security scanner that answers many questions you might have. 2. how to scale it up as an infrastructure, 3. how to integrate it into your own continuous delivery pipeline. We will also discuss the difference in the nature of this project as compared to related works such as Mozilla Minion and Netflix Monterey.