Overview
Asynchronous codebase scans give you continuous, broad security coverage across your entire repository — not just the lines changed in a given PR or deployment. Scans run independently of your deployment pipeline, on demand or on a configured schedule.How It Works
- Trigger a scan manually from the Asymptote dashboard or CLI, or configure a recurring schedule
- Asymptote sweeps the full codebase against all active security policies
- Findings are prioritized and surfaced in the dashboard with context, severity, and recommended remediations
- A timestamped report is generated for audit and compliance purposes
What Gets Scanned
- Code vulnerabilities — insecure patterns, injection risks, unsafe APIs, and policy violations across the entire repo
- Secrets — API keys, tokens, passwords, and credentials committed anywhere in the codebase
- Dependencies — supply chain risks, known CVEs, typosquatting, and dependency confusion in package manifests
- Custom policies — any natural language policies defined in your Asymptote dashboard
When to Use Async Scans
- After onboarding a new repository to get a full baseline security picture
- Before a major release to catch anything that accumulated across many PRs
- On a recurring schedule to maintain continuous visibility into your security posture
- After updating security policies to find existing violations in code that predates the new rule
Questions about async scans? Contact us at support@asymptotelabs.ai.