Skip to main content
PR-triggered reviews catch security issues at the moment code changes. Scheduled assessments cover everything else: infrastructure drift, newly disclosed CVEs, configuration changes, exposed services, and regressions that appear between code changes. Together, they give you continuous security coverage across your entire stack.

How Scheduled Assessments Work

When a scheduled assessment runs, Neo brings everything it knows about your environment into the session. It references findings from previous runs, focuses on areas that have changed since the last assessment, and deepens testing in areas where it previously identified risk. Each run builds on the last. A weekly assessment in week one might map your full attack surface and identify a set of initial findings. By week four, Neo already knows your architecture, skips redundant discovery, focuses on what’s changed, and tests deeper into areas where it found interesting behavior before. By week ten, you have a continuously updated picture of your security posture that no point-in-time pentest can match.

What Happens During a Scheduled Run

1

Neo loads context from previous runs

Before testing begins, Neo pulls in its accumulated knowledge of your environment: services, architecture, naming conventions, previous findings, and areas flagged for follow-up. This means every scheduled run starts where the last one left off.
2

Neo identifies what's changed

Neo compares the current state of your attack surface against what it knew from previous assessments. New endpoints, changed configurations, updated dependencies, and recently deployed code are prioritized for testing.
3

Neo tests and validates

The assessment runs using Neo’s full range of capabilities: terminal access, browser automation, API testing, code analysis, and more. All execution happens inside isolated sandboxes. Every finding is validated with a working exploit before it’s reported.
4

Neo checks for regressions

Previously fixed vulnerabilities are automatically retested to confirm they remain resolved. If a regression appears — a vulnerability that was fixed but has resurfaced — Neo flags it immediately with updated evidence.
5

Neo delivers results

Validated findings are delivered with full evidence. Depending on your configuration, Neo creates issues in Linear or Jira, sends a summary to Slack, and updates the status of any previously tracked findings.

Setting Up a Schedule

1

Navigate to Schedules

In the Neo dashboard, go to Automations.
2

Define the scope

Tell Neo what to assess. This can be as broad as your entire staging environment or as focused as a single API or service. You can also provide specific instructions, such as focusing on authentication flows, testing recently changed endpoints, or running a full pentest.Example instructions:
Run a comprehensive security assessment of https://staging.yourapp.com
focusing on any changes since the last assessment. Test authentication,
authorization, injection points, and business logic vulnerabilities.

Scan our external infrastructure for exposed services,
misconfigurations, and known CVEs. Compare results against 
the previous run and flag anything new.
3

Set the cadence

Choose how often the assessment runs:
CadenceBest for
DailyLightweight reconnaissance, infrastructure monitoring, exposed service detection
WeeklyComprehensive application assessments, full stack pentesting, compliance checks
On deployTriggered automatically when new code deploys to a connected environment
Custom intervalAny cadence you define — every 6 hours during a rollout, biweekly deep assessments, or continuous with a configurable delay between runs
4

Configure notifications

Choose where results are delivered:
  • Slack — assessment summaries, critical findings, and regression alerts sent to your configured channels
  • Linear or Jira — findings created as trackable issues with full evidence attached
  • Email — summary reports delivered to your team on completion

Scheduling Patterns

Application Pentesting on a Weekly Cadence

The most common pattern. Neo runs a comprehensive assessment of your staging or QA environment every week, testing across all vulnerability classes. Each run builds on previous context, so coverage deepens and findings become more targeted over time. This replaces the quarterly pentest cycle with continuous, compounding security coverage.

Daily Infrastructure Monitoring

Neo scans your external infrastructure daily for newly exposed services, configuration drift, and known CVEs in your deployed software. Because Neo remembers the baseline from previous runs, it surfaces only what’s new or changed — your team sees signal, not a repeated inventory of known state.

Post-Deploy Assessment

Triggered automatically when new code deploys to a connected environment. Neo focuses on the changes introduced by the deployment: new endpoints, modified flows, updated dependencies. This catches issues that PR reviews might miss — vulnerabilities that only manifest when code runs in the context of the full application.

Continuous Reconnaissance

For teams that want maximum coverage, Neo runs lightweight reconnaissance continuously with a configurable delay between runs. This pattern is ideal for fast-moving environments where the attack surface changes multiple times per day.