Incremental scan

This document is for:

Invicti Platform

Incremental scanning offers a faster, more efficient way to secure your APIs and web applications. Instead of scanning the entire application, it focuses only on newly discovered or modified pages—saving both time and resources.

To further streamline your workflow, minor changes such as dynamic timestamps or visitor counters are automatically ignored, ensuring scans remain focused on meaningful differences. This reduces noise, improves scan accuracy, and minimizes the workload for your team.

An incremental scan can only be configured on a recurring scan. Prior to running an incremental scan, an initial scan must be completed. The incremental scan then crawls only new or modified URLs.

This document guides you through the steps to launch an incremental scan in Invicti Platform.

Steps to set up an incremental scan

Select Scans > New scan from the left-side menu.
Select the scan target and populate the profile and report fields.
In the How would you like to scan field, select Recurring.

Specify the Start date and time and choose your scan Frequency. Add an end date if applicable.

Set the “Would you like these future scans to be incremental?” option to Yes.

Click Schedule scan.

Alternative scan schedule options

If you don't want to run an Incremental scan, the following alternative scan schedule options are available:

Instant scan - provides a quick and efficient way to detect and address potential vulnerabilities in real-time
Scheduled future scan - allows you to plan a scan for a specific date and time in advance
Recurring scan - allows you to set up automated scanning routines to execute at predefined intervals on specified days