Schedules
Why Schedule Pentests?
Security is not a one-time event. Your application changes with every deployment, dependency update, and infrastructure change. A pentest from three months ago does not reflect the security posture of the code you deployed yesterday. Scheduling pentests ensures continuous coverage — vulnerabilities introduced by new code are caught before they can be exploited.
TurboPentest supports two scheduling modes: one-off schedules for specific dates and recurring schedules for automated continuous testing. Both are configured per target, meaning you can have different schedules for different applications.
One-Off Schedules
A one-off schedule runs a single pentest at a specific date and time. This is useful in several scenarios:
- Deployment coordination — Schedule a pentest to run immediately after a major release window, such as "Test production at 2:00 AM after the Friday deploy."
- Change management — Some organizations require pentesting within a certain window after infrastructure changes. A one-off schedule ensures the test runs exactly when needed.
- Pre-audit preparation — Schedule a pentest before a compliance audit to get fresh results.
One-off schedules fire once and then are automatically removed. They consume one credit when they fire, just like a manually launched pentest.
Recurring Schedules
Recurring schedules automate pentesting on a regular cadence. You configure the frequency, day, and time, and TurboPentest handles the rest. Available frequencies are:
| Frequency | Description | Best for |
|---|---|---|
| Daily | Runs every day at the scheduled time | High-change environments, CI/CD pipelines |
| Weekly | Runs once per week on the scheduled day | Active development teams with weekly sprints |
| Biweekly | Runs every two weeks on the scheduled day | Teams with biweekly release cycles |
| Monthly | Runs once per month on the scheduled date | Stable applications with monthly maintenance |
| Quarterly | Runs every three months on the scheduled date | Compliance-driven testing, low-change apps |
The right frequency depends on your deployment cadence and risk tolerance. A SaaS application deploying multiple times per week benefits from weekly or even daily pentests. A stable internal tool that changes quarterly can use monthly or quarterly schedules.
Credit Consumption for Scheduled Pentests
Every scheduled pentest consumes one credit when it fires. Understanding how credits interact with schedules is critical for planning:
FIFO credit consumption — When a scheduled pentest fires, it uses the oldest available credit in your account (First In, First Out). This ensures credits purchased earlier are consumed before newer ones.
No credits available — If the schedule fires and you have no available credits, the pentest is skipped. You receive an email notification that the scheduled run was missed. The schedule is not canceled or paused — it simply skips that run and tries again at the next scheduled time.
Low credit warnings — TurboPentest sends reminder emails at 7 days and 1 day before your credits run out, giving you time to purchase more or adjust your schedules.
Credit planning — To calculate how many credits you need, multiply the number of scheduled targets by their frequency per year. For example, two targets on weekly schedules consume 2 x 52 = 104 credits per year. Subscription plans offer volume discounts that make recurring schedules more cost-effective.
Managing Schedules
Schedules can be created, paused, resumed, and deleted from the dashboard or via the Schedule API.
Pausing a schedule prevents it from firing without deleting the configuration. This is useful during maintenance windows, holiday freezes, or when you are running low on credits. When you resume a paused schedule, the next run is calculated from the current date based on the configured frequency.
Deleting a schedule removes it permanently. If you delete a schedule and later want to resume testing, you will need to create a new schedule from scratch.
Editing a schedule lets you change the frequency, day, or time without deleting and recreating it. Changes take effect starting from the next scheduled run.
Schedules and Finding Continuity
One of the most powerful benefits of recurring schedules is finding continuity tracking. When TurboPentest runs repeat pentests against the same target, it uses vulnerability fingerprints to track findings across runs. You can see whether a vulnerability found last month has been fixed, still persists, or if new vulnerabilities have appeared.
This creates a security posture timeline. Over weeks and months of recurring pentests, you build a clear picture of how your application's security is trending. Stakeholders can see progress — "We had 12 high-severity findings in January, fixed 10, and only 1 new one appeared in February."
Without recurring schedules, you lose this continuity. Each manual pentest is a point-in-time snapshot with no automatic connection to previous results. Scheduling is what turns pentesting from a periodic checkbox into an ongoing security program.
Best Practices
Start with weekly schedules for your most critical targets and monthly for secondary ones. Monitor your credit consumption for the first month and adjust frequencies as needed. Always maintain a buffer of credits beyond what your schedules require — you want room for on-demand pentests when urgent testing is needed outside the regular cadence.