Skip to Content
SCA & DependenciesScheduled Scans

Scheduled Scans

Configure SCA scan schedules so your dependency data stays current. Scans run automatically every 5 minutes the platform checks for due schedules and dispatches them — no CI/CD templates needed.

Creating a Schedule

  1. Navigate to SCA > Schedule for the target repository.
  2. Click New Schedule.
  3. Choose a preset frequency or provide a custom cron expression.
  4. Select the branch to scan (defaults to the repository’s default branch).
  5. Click Save. The next run date is calculated immediately and displayed.

Frequency Options

PresetCron ExpressionDescription
Daily0 2 * * *Every day at 02:00 UTC
Weekly0 2 * * 1Every Monday at 02:00 UTC
Monthly0 2 1 * *First day of each month at 02:00
CustomUser-definedAny valid 5-field cron expression

Cron Expression Format

Cron expressions use five fields separated by spaces:

minute  hour  day_of_month  month  day_of_week
  0       2       *            *        *
  • minute — 0-59
  • hour — 0-23
  • day_of_month — 1-31
  • month — 1-12
  • day_of_week — 0-6 (0 = Sunday)

Use * for any value, */N for intervals, and 1,3,5 for specific values.

Viewing Schedules

The SCA > Schedule page lists all schedules across your repositories. Each entry shows:

  • Repository name and branch
  • Frequency label and raw cron expression
  • Next calculated run date
  • Last run date and status (once automatic execution is enabled)

How Execution Works

When a schedule is created or updated, the server calculates the next run date from the current UTC time using the cron expression. A polling job inside the API container ticks every 5 minutes:

  1. Find all active schedules whose next_run_at <= now()
  2. Pre-flight — confirm the repo still exists, check the org’s plan scan-limit
  3. Dispatch an SCA-only scan via the standard scan pipeline
  4. Advance the schedule: bump last_run_at to now, recompute next_run_at from the cron expression, increment run_count
  5. Disable the schedule automatically if its cron expression is invalid (so it doesn’t log-spam)

The 5-minute polling cadence means a scheduled scan fires within 5 minutes of its cron-defined target time. Configurations are persistent across API restarts — the polling job reads state directly from the database, so a deploy or container restart never loses scheduled scans.

Plan Limits and Skipped Runs

If your organization has hit its monthly scan-limit when a schedule is due, the run is skipped (not failed) and rescheduled for the next cron-defined window. Upgrade your plan to lift the limit, or remove inactive schedules to free up scan budget.

Time Zone

All cron expressions evaluate in UTC. Convert from your local timezone if you want a scan to fire at, say, 9 AM Pacific:

  • 9 AM PST → 0 17 * * * (UTC)
  • 9 AM IST → 30 3 * * * (UTC)
  • 2 AM CET → 0 1 * * * (UTC)

Enable and Disable

Toggle a schedule on or off without deleting it. Disabled schedules retain their configuration. Re-enabling a schedule recalculates the next run date from the current time.

PATCH /api/sca/schedules/{schedule_id}
{
  "enabled": false
}

Permissions

Only users with the ORG_ADMIN or ORG_OWNER role can create, modify, or delete scan schedules. Members and viewers can view existing schedules and their results.

Ignore RulesAuto-Updates & Fix PRs