Production Scan Approach and Risks


We have WebsInepct stand alone version that we use to scan our lower environments before a site/code is deployed to production. Now, we would like to scan production sites as carefully as we can.

Besides having a read-only user for authentication, I was wondering if there is any specific approach you follow  before scanning anything in production? such as using specific built-in scanning policy or create your own? the thing we are concerned about the most is WI injecting data and making changes to underlying code.

Thanks in advance.