Best Practices for Using Your Rescan Quota

Last updated: July 8, 2026

Introduction

Manual rescans are a limited resource included with your Pentest engagement. Using them strategically helps ensure you don't exhaust your available quota before all vulnerabilities have been verified.

Since Automated Rescans are unlimited, they're a great way to validate your fixes before requesting a Manual Rescan.

This article explains how to make the best use of your available rescans.

Manual Rescan Quota

The number of Manual Rescans included depends on your engagement.

Pentest Plan

Manual Rescans Included

Pentest

2 Manual Rescans

Pentest Auto

1 Manual Rescan

Express VAPT

1 Manual Rescan

Once your Manual Rescan quota has been used, additional manual verification may require purchasing additional rescans or starting a new engagement.

Note: Need additional Manual Rescans? You can purchase extra Manual Rescans as an add-on to your existing Pentest plan. To explore available options or request additional rescans, please reach out to your dedicated Customer Success Manager (CSM).

Automated Rescans Are Unlimited

Automated Rescans do not consume your Manual Rescan quota.

You can run Automated Rescans as many times as needed on eligible vulnerabilities until you're confident the issue has been resolved.

Recommended Workflow

1. Fix the reported vulnerabilities

Implement the required code or configuration changes.

2. Run an Automated Rescan first

If the vulnerability supports automated validation, run an Automated Rescan to verify your fix.

This provides immediate feedback without consuming your Manual Rescan quota.

3. Repeat if necessary

If the vulnerability is still detected, make additional changes and run another Automated Rescan.

Since Automated Rescans are unlimited, you can repeat this process as often as needed.

4. Request a Manual Rescan

Once you've completed your fixes and are confident they're ready for verification, request a Manual Rescan for the selected Pentest findings.

This ensures your Manual Rescan quota is reserved for final verification by Astra's security engineers.

Best Practices

  • Use Automated Rescans to validate fixes before requesting a Manual Rescan.

  • Save Manual Rescans for vulnerabilities that require verification by Astra's security engineers.

  • Fix multiple vulnerabilities before requesting a Manual Rescan instead of requesting one after every individual fix.

  • Ensure you've fixed at least 50% of the Critical and High severity vulnerabilities before requesting a Manual Rescan.

  • Submit your Manual Rescan request within the eligible rescan window.

Frequently Asked Questions

Does an Automated Rescan use my Manual Rescan quota?

No. Automated Rescans are unlimited and do not affect your Manual Rescan allowance.

How many Manual Rescans are included?

  • Pentest plan: 2 Manual Rescans

  • Pentest Auto: 1 Manual Rescan

  • Express VAPT: 1 Manual Rescan

Can I run Automated Rescans multiple times?

Yes. You can run Automated Rescans as many times as needed for eligible vulnerabilities.

Why should I use an Automated Rescan before a Manual Rescan?

Running an Automated Rescan helps confirm that your fixes are working before consuming one of your limited Manual Rescans. This ensures your Manual Rescan quota is used only when you're ready for final verification by Astra's security engineers.