How Astra OrbitX detects application changes

Last updated: June 8, 2026

Introduction

Astra OrbitX continuously monitors your application for changes to ensure security scans stay relevant and focused. Understanding how change detection works helps you get the most out of delta scans and keeps your endpoint inventory accurate.

How Change Detection Works

Change detection works differently depending on your target type.

API Targets

Astra captures real-time API traffic using lightweight instrumentation (OpenTelemetry-based tracing). As traffic flows through your application, new or modified endpoints are automatically detected and reflected in your API Inventory.

Web Targets

For web applications, Astra uses scheduled crawls to discover changes. The crawler explores your application periodically and compares findings against the existing inventory to identify what's new or modified.

What Counts as a Change

Not every request triggers a change. Astra looks for meaningful differences that could represent new attack surface or altered behavior:

Change Type

Example

New endpoint

/v2/user/settings added after a release

New input parameter

?debug=true added to an existing route

New request body field

{"admin": true} added to a POST payload

Data type change

user_id changing from integer to string

New header

X-Feature-Flag: enabled influencing behavior

Manually Marking an Endpoint as Changed

If a change isn't automatically detected — for example, a newly deployed but less accessible route — you can flag it manually to ensure it's included in the next delta scan.

  1. Go to API Security → API Endpoints in your Astra dashboard

  2. Search for the endpoint you want to flag

  3. Click the three-dot menu next to the endpoint

  4. Select Mark as Changed

The endpoint will be included in the next incremental scan.

Expected Outcome

Once a change is detected (automatically or manually marked):

  • The endpoint appears as updated in your Web or API Inventory

  • It is queued for inclusion in your next delta scan

  • Previous scan findings for that endpoint are flagged for re-evaluation

Troubleshooting

New endpoints not appearing in inventory after deployment

  • For API targets, confirm your instrumentation (OpenTelemetry/Traffic Collector) is active and sending traces. See Verifying Traces in Astra Traffic Collector.

  • For web targets, trigger a manual Web Crawl scan to force a fresh discovery pass.

Manually marked endpoints not appearing in delta scan

  • Ensure the delta scan is configured with Inventory Coverage set to Delta when starting the scan.

  • Verify the endpoint status updated to "Changed" in the API Endpoints page before triggering the scan.

Change detection seems delayed

  • API target changes depend on live traffic — endpoints only appear after real requests are traced. If your application has low traffic in staging, consider using the Astra CLI or Postman Collection import to populate the inventory directly.

Next Steps