How-To: Starting a Scan

Last updated: June 5, 2026

Introduction

Starting or bulk-starting a scan in Astra is a straightforward process conducted directly from the dashboard to proactively identify and mitigate security vulnerabilities in your web applications, APIs, or cloud infrastructure.

Prerequisites

  • Active Target: You can only initiate a scan once you have verified target ownership and the target setup is complete and marked as Active.

  • Scan Quota: Ensure your subscription has an available scan quota for the chosen assessment type, as limits may apply per billing period.

Instructions

  1. Locate the "Start a Scan" Button: Click the Start a Scan button, which is strategically placed across the dashboard interface for quick access.

  2. Select the Scan Type: A side sheet will open presenting the following options:

    • Manual Scan: Combines advanced automated vulnerability scans with thorough manual penetration testing by security experts to uncover complex logical flaws.

    • Automated Scan (Full): A comprehensive assessment of all endpoints for a broad range of vulnerabilities, including header misconfigurations and low-level bugs like SQLi or RCE (typically takes 12–24 hours).

    • Automated Scan (Emerging Scan): Specifically designed to identify risks from newly discovered cyber threats and zero-day exploits (typically takes under 1 hour).

    • Automated Scan (Lightning): A fast, high-level scan addressing basic web application vulnerabilities (typically takes 10–15 minutes).

  3. Select Targets: Choose a single target or select multiple targets to perform bulk scans simultaneously.

  4. Initiate Scanning: Click the Start Scans button to begin the security assessment.

Expected Outcome

A success message will confirm that the scan has been initiated, and the scan will appear in the In Progress section of your Pentests/scans list page. If a selected target already has an ongoing scan, a failure message will appear, and you will have the option to click View Scan to monitor the existing progress.

Related Tasks

  • Track Progress: View real-time updates, current stages (such as Connectivity Check or CVE Scanning), and the estimated completion date on the Scan Details Page.

  • Cancel a Scan: If you need to stop a running scan to start a different one, open the scan's details view and click the Cancel button.

  • Request Vetting: For automated scans, click the Request Vetting button to have Astra’s security engineers manually validate results and eliminate false positives.

  • Schedule Scans: Use the Automations page to set up recurring scans at daily, weekly, or monthly intervals.