search
Changelog NotificationsAPIAikido login

Continuous Pentesting

Continuous Pentesting lets you automatically retest your application after changes, so issues are caught before issues hit production.

Instead of reconfiguring a full assessment every time, Aikido reuses your project setup and continuously launches focused follow-up runs.

hashtag
Prerequisites

Before you can enable Continuous Pentesting, make sure:

  • You have the Manage Pentests permission.

  • You already completed at least one full pentest assessment with repositories connected.

  • Your wallet has a minimum balance of 10,000 credits to keep automation running.

hashtag
How to Enable Continuous Pentesting

  1. Go to Pentests and open your project.

  2. Click Continuous Testing in the project header.

  3. Choose your frequency:

    • Run on every deploy

      • Select which branch should trigger testing for each connected repository.

      • Set a Start Delay to bundle subsequent commits into one run.

    • Run on schedule:

      • Daily, Every 3 days, Weekly or Monthly.

      • Scheduled frequencies start counting from the moment you enable Continuous Pentesting.

  4. Click Enable Continuous Testing and confirm.

hashtag
How It Works

At a high level, each cycle follows this logic:

  1. Aikido checks whether your project is eligible to run.

  2. It compares the latest commits on your configured branches with the last tested baseline.

  3. If the changes should trigger a run, Aikido starts a new continuous assessment and analyzes the relevant code delta.

To avoid noisy or wasteful runs, Aikido also applies guardrails:

  • It waits for your configured Start Delay before triggering.

  • It does not start a new run while another continuous run is still active.

  • It requires the minimum wallet balance to continue automation.

hashtag
Pricing and Credit Usage

Continuous Pentesting charges per run, based on how many agents are actually launched.

  • Each agent costs 16 credits.

  • Aikido analyzes your changes and spawns the number of agents needed for that change set.

  • Larger or riskier changes can trigger more agents; smaller deltas typically trigger fewer.

  • The total run cost is calculated from the final number of launched agents.

Because this is dynamic, costs scale with change impact instead of staying fixed.

hashtag
Why a Run Might Not Start

If you expected a run but none started, check:

  • No eligible full assessment exists yet for this project.

  • Wallet balance dropped below 10,000 credits.

  • No new relevant commits were detected on configured branches.

  • Latest commit is still within your Start Delay window.

  • Another continuous run is still in progress.

Last updated

Was this helpful?