Skip to main content
Scheduled scans run a full scan on a recurring cadence so your security baseline stays current as the codebase changes.

How they work

Each scheduled run is a full scan and updates the repository’s baseline commit. Comparing against the baseline is how Gecko separates genuinely new issues from pre-existing ones between runs.
1

Pick a cadence

Choose a schedule that matches how fast the repository changes: daily for active services, weekly for slower-moving code.
2

Let it establish a baseline

The first scheduled run sets the baseline. Subsequent runs highlight what’s new since then.
3

Route the results

Combine scheduled scans with Slack notifications or issue-tracker auto-create so new findings reach the right people automatically.
Pair scheduled scans (full-codebase coverage over time) with PR checks (catch issues before merge) for full coverage.