Scheduled reports
Automate recurring scans + delivery of the resulting report. Typical setups:
- Weekly perimeter re-scan of production domains, Slack alert if new HIGH+ findings appear.
- Monthly full scan with PDF delivered to a stakeholder mailing list.
- Nightly network scan against a PCI scope, JSON pushed to a GRC webhook.
Creating a schedule
Scans β Scheduled β New.
Fields:
- Target + scan types β same as a one-off scan.
- Cadence β daily / weekly / monthly / cron. Cron expressions support the standard 5-field format (
0 2 * * *= 2 AM every day, UTC). - Delivery β choose one or more of: email, Slack, webhook, platform-only.
- Diff mode β report only new findings since the last run (reduces noise), or always include full results.
Delivery options
Comma-separated recipient list. Rendered HTML is inlined + a PDF is attached.
Slack
Webhook URL from your Slack workspace. Pentestas posts a rich message with severity breakdown + link to the scan.
Webhook
POST to any HTTPS URL with the JSON schema from Report formats.
Retries
If delivery fails (network timeout, 5xx from the webhook), Pentestas retries with exponential backoff up to 3 times over 30 minutes. After that, the delivery is marked failed and you get an in-app notification.
Diffs
"New findings since last run" is computed as:
new = findings(this_run) - findings(last_run_of_same_schedule)
Matching is by (endpoint, vuln_type, parameter) tuple, not finding ID. This catches a re-appearing finding even if the DB ID changed.
Stopping
Scans β Scheduled β click the schedule β Disable (keeps history) or Delete (purges).