How to: Request a Rescan After Fixing Vulnerabilities

Last updated: July 8, 2026

Introduction

After fixing vulnerabilities identified during a Manual Pentest or an Automated Web DAST scan, you can request a rescan to verify that your remediation has been successfully implemented.

Astra provides two types of rescans:

  • Manual Rescan – Verified by Astra's security engineers (available for Pentest findings).

  • Automated Rescan – Verified instantly by Astra's automated scanner.

Prerequisites

Before requesting a rescan, ensure that:

For Manual Scans (Pentest)

  • At least 50% of the Critical and High severity vulnerabilities have been fixed.

  • The request is made within the 30-day rescan window.

  • Your subscription includes an available Manual Rescan.

For Automated Scans (DAST)

  • The vulnerabilities were identified by Astra's automated scanner.

  • The vulnerabilities are listed under the Unsolved section.

Requesting a Rescan for Pentest Findings

Step 1

From the left navigation menu, expand Pentest (PTaaS) and select Pentests.

Step 2

Open the pentest engagement for which you'd like to request a rescan.

Step 3

Select the vulnerabilities you've fixed by checking the corresponding checkboxes.

Only vulnerabilities in the Unsolved section are eligible for rescanning.

Step 4

Click Rescan from the action bar.

Step 5

Choose one of the following options:

  • Manual Rescan – Sends the selected vulnerabilities to Astra's security engineers for verification.

  • Automated Rescan – Immediately validates eligible vulnerabilities using Astra's automated scanner.

Step 6

Confirm your request.

You can monitor the progress from the Pentest details page.

Requesting a Rescan for Web DAST Findings

Step 1

Expand Web DAST from the left navigation menu and select Scans.

Step 2

Open the completed scan containing the vulnerabilities you've fixed.

image.png

Step 3

Under the Unsolved section, select the vulnerabilities you'd like to verify.

Step 4

Click Rescan.

The automated scanner will immediately begin validating the selected vulnerabilities.

image.png

What Happens Next?

Manual Rescan

  • Reviewed by Astra's security engineers.

  • Typically completed within 3–9 business days.

  • Vulnerability statuses are updated after verification.

Automated Rescan

  • Starts immediately.

  • Completes within a short period depending on the number of vulnerabilities selected.

  • Updates the vulnerability status automatically after validation.

Important Notes

  • Only vulnerabilities in the Unsolved section can be rescanned.

  • Manual Rescans are available for Pentest findings.

  • Automated Rescans are available for eligible automated findings.

  • A vulnerability can only be part of one active rescan at a time.

  • Manual Rescans must be requested within the eligible rescan window