Issue replay¶
Issue replay automatically re-checks existing open findings seen in previous scans on the target profile. It uses different agents to plan, reproduce and validate the existence of different vulnerabilities. When the vulnerability still appears reproducible, the scan emits updated evidence linked to the original finding.
This is separate from the Regression Testing Agent, which replays vulnerabilities described in uploaded third-party pentest reports (for example PDFs).
Supported assets¶
Issue replay is currently supported for both AI Pentesting & DAST profiles for the following assets:
- Frontend web applications
- REST API services
- GraphQL API services
Execution respects the same authentication and scope settings as your normal DAST configuration for that asset (including allowlists and blocklists merged across frontend and API scopes).
What issues are replayed¶
Escape will replay all MEDIUM and HIGH open findings from previous scans that were not automatically re-detected in the current scan. This may result in longer scans.
Related documentation¶
- Regression Testing Agent: replay from uploaded pentest reports
- Authentication: configuring login for scans
- API testing scope and Frontend DAST scope: where allowlists apply during replay