Rescan Vulnerability

AppCheck provides the ability to rescan some individual vulnerabilities, without running the entire scan in which they were found.  This can provide a faster way of verifying that these vulnerabilities are still present.

What Exactly Happens When I Rescan a Vulnerability?

A new scan instance is created.  This scan will imports configuration items such as authentication settings, maximum allowed threads, watchers and integrations from the parent scan (the scan which originally found the vulnerability).

The new scan will be shown as a running instance of the parent scan.

The new scan will not crawl your application, and most plugins will be disabled - only those required to detect the chosen vulnerability will run.  Due to dependencies this may still involve a substantial number of plugins, so these scans can still take some time to complete.

Which Vulnerabilities Can Be Rescanned?

A sub-set of Web Application vulnerabilities can be re-scanned.

No Infrastructure vulnerabilities can be re-scanned at present.

If the "Rescan" button is not shown for a given vulnerability then that vulnerability does not currently support individual rescanning.  In this case you will need to re-run the entire scan in which the vulnerability was found.

Auto rescan a vulnerability when fixed

The following option triggers the above automatically when a user marks a rescannable vulnerability as Fixed:

• Scan Settings
  • Auto rescan a vulnerability when fixed

What Happens if the Vulnerability Rescan is Still Running when the Parent Scan is Scheduled to Start?

In this situation the scheduled run of the parent scan will be skipped.  If a scheduled run is due to start soon then it may be advisable not to rescan a vulnerability and instead to wait for the full scheduled scan.