How-to Request a Rescan After Fixing the Found Vulnerabilities

Last updated: June 1, 2026

Introduction

Once you have implemented fixes for vulnerabilities identified during a manual pentest or an automated scan, you can request a rescan to verify the remediations. Astra provides two ways to revalidate these issues: Manual Rescans performed by security experts and Automated Rescans performed instantly by the vulnerability scanner.

Prerequisites

  • Fix Percentage: For manual rescans, you must fix at least 50% of the critical and high-severity vulnerabilities to ensure the process is efficient.

  • Mark for Review: Every addressed vulnerability must be clicked and marked as "Ready for Review" or "Under Review" before initiating the request.

  • Rescan Window (Manual only): Manual rescan requests must be submitted within a 30-day window from the date vulnerabilities were reported.

  • Eligible Status: Only vulnerabilities in "Unsolved" or "Under Review" status can be selected for a rescan.

  • Concurrency: Only one manual rescan can be active at a time, though multiple automated rescans can run in parallel.

Instructions

Option A: Requesting a Manual Rescan (For Pentests)

  1. Log in to your Astra dashboard and navigate to the Manual Pentest section.

  2. Click the Reported tab in the pentest table and select the specific scan you wish to re-verify.

  3. Click the RE-SCAN button located on the row or within the Pentest Details page.

  4. Select Manual Rescan from the options provided.

  5. Review the Rescan Panel to ensure all your fixed vulnerabilities are included and that you meet the 50% critical/high fix requirement.

  6. Click Request Rescan to submit the request to Astra’s security engineers.

Option B: Requesting an Automated Rescan (For DAST/Bot findings)

  1. Go to the Vulnerabilities list on your dashboard.

  2. Select the check boxes next to the bot-reported vulnerabilities you have addressed.

  3. Click the Rescan button that appears in the popup at the bottom of the screen.

  4. Alternatively, open a specific vulnerability's details page and click the Rescan option available there to verify that single fix immediately.

Expected Outcome

The system or security team will perform a focused verification of the selected items. For manual rescans, you can track the status in the "Rescan in Progress" section of the Pentest Details page. Once the rescan is complete, the status will update to Passed, Failed, or Cancelled, and successful fixes will be reflected in your updated security grade.

Related Tasks & Troubleshooting

  • Rescan Timeline: Automated rescans start instantly and finish quickly. Manual rescans typically take 3–9 working days depending on the queue and number of vulnerabilities.

  • Requesting an Extension: If you cannot implement fixes within the 30-day manual rescan window, you must contact the support team before the deadline to request an extension.

  • Moving Vulnerabilities: If you move a bot-reported vulnerability from an active manual rescan to an automated one, it will be marked as "Skipped" in the manual rescan and will no longer be validated by pentesters.