How-To: Rescanning Vulnerabilities

Last updated: June 1, 2026

Introduction

Astra provides two primary methods to revalidate security issues once fixes have been applied: Manual Rescans and Automated Rescans. This process ensures that implemented remediations are verified by either security experts or the automated scanner to confirm the vulnerabilities are fully resolved.

Prerequisites

For Manual Rescans (Pentests):

  • Fix Percentage: You must implement fixes for at least 50% of the critical and high-severity vulnerabilities reported.

  • Ready for Review: Every addressed vulnerability must be manually marked as "Ready for Review" or "Under Review" within the dashboard.

  • Validity Period: Manual rescan requests must be submitted within a 30-day window from the date vulnerabilities were first reported.

  • Quota: Ensure your current plan has a valid manual rescan quota available.

For Automated Rescans (DAST Scans):

  • Eligible Findings: Only Bot-reported vulnerabilities can be re-scanned automatically; pentester-reported issues require a manual rescan.

  • Vulnerability Status: Only vulnerabilities in "Unsolved" or "Under Review" status are eligible for selection.

Instructions

Option A: Requesting a Manual Rescan

  1. Log in to your Astra dashboard and navigate to the Manual Pentest section.

  2. Select the Reported tab in the pentest table and click on the specific scan you wish to verify.

  3. Click the RE-SCAN button located on the scan row or within the Pentest Details page.

  4. Choose the Manual Rescan option from the selection panel.

  5. Review the Rescan Panel to confirm that all addressed vulnerabilities are included and that you meet the 50% critical/high fix requirement.

  6. Click Request Rescan to initiate the verification process by Astra's security engineers.

Option B: Requesting an Automated Rescan

  1. Navigate to the Vulnerabilities list on your main dashboard.

  2. Select the check boxes next to the specific bot-reported vulnerabilities you have addressed.

  3. Click the Rescan button that appears in the popup at the bottom of your screen.

  4. Alternatively, you can open a specific vulnerability's details page and click the Rescan option available there to verify that single fix immediately.

Expected Outcome

The system or security team will perform a focused verification of the selected items. Automated rescans start instantly, while manual rescans typically take 3–9 working days depending on the queue. You can track the real-time status (In Progress, Passed, Failed, or Cancelled) in the Progress Section of the Audit Details page.

Related Tasks & Troubleshooting

  • Concurrency Rules: Only one manual rescan can be active at a time for a target, but multiple automated rescans can run simultaneously.

  • Status Restrictions: You cannot manually change a vulnerability's status while it is part of an active automated rescan.

  • Moving Vulnerabilities: If you move a bot-reported finding from an active manual rescan to an automated one, it will be marked as "Skipped" in the manual rescan and will no longer be validated by pentesters.

  • Extending Deadlines: If you cannot implement fixes within the 30-day manual rescan window, you must contact the support team for an extension before the deadline expires.