Retesting Findings

What Is a Retest?

After you remediate a vulnerability, you want confirmation that the fix is effective. A retest runs a focused scan that only targets the specific findings you select, rather than re-scanning the entire application.

How to Request a Retest

1. Navigate to the scan's Findings tab.
2. Select one or more findings you have fixed by checking the boxes next to them.
3. Click Retest Selected.
4. Confirm the retest. APVISO will verify the fixes.

You can also retest a single finding by clicking the Retest button on the finding detail page.

Retest Statuses

Each retested finding receives one of the following statuses:

• in_progress — the retest is currently running.
• fixed — the vulnerability could not be reproduced. The original finding status is updated to fixed.
• not_fixed — the vulnerability is still present. The finding remains in its previous status and the retest includes updated evidence.

Credit Cost

Retests consume credits separately from full scans. Because they are targeted and shorter, they cost significantly less:

• A retest of 1–5 findings costs 1 credit.
• A retest of 6–15 findings costs 2 credits.
• A retest of 16+ findings costs 3 credits.

Retest quotas are tracked separately from full scan quotas within your billing period.

Best Practices

• Fix all related findings before retesting to minimize the number of retest cycles.
• Make sure your fix is deployed to the same environment (URL) that was originally scanned.
• If using authenticated scanning, verify that the credentials are still valid before requesting a retest.
• Review the retest evidence carefully — a finding marked not_fixed includes updated request/response pairs showing what the agent observed.

Retest History

Every retest is logged on the finding detail page. You can see the full history: when each retest was run, what the result was, and what evidence was captured. This history is valuable for demonstrating remediation progress during audits.