Where to physically locate vulnerability scanner to scan DMZ resource?

We are looking at a hybrid vulnerability scanning solution (web UI for ingesting results and on-premise scanners to perform the scanning). I'm trying to understand best practices in regards to capturing the most possible data about vulnerabilities on DMZ resources. It seems there are two potentially viable approaches (though please correct me if I'm missing any):

1. Deploy a scanner into the DMZ to scan DMZ resources. The scanner will have unrestricted access to DMZ resources and then 443 outbound …

best practices cybersecurity data dmz hybrid practices premise resources results scan scanner scanners scanning solution understand vulnerabilities vulnerability vulnerability scanner vulnerability scanning web