Scan schedule Growth+¶
By default, CredWatch scans your sources on a fixed cadence — every 4 hours, anchored to UTC wall-clock (00:00, 04:00, 08:00, …). Growth and Enterprise customers can customize this.
Default schedule¶
All plans:
- GitHub scan — every 4 hours (cron
0 0,4,8,12,16,20 * * *UTC) - Web scrape — same cadence
- Daily digest email — 08:00 UTC
- Monthly report — 1st of the month at 09:00 UTC
The schedule is anchored to wall-clock time, not boot time — so scans always fire at the same UTC times regardless of when the platform was last deployed.
Customizing the cadence¶
On Growth and Enterprise plans you can pick from 8 intervals:
| Interval | UTC hours scans fire at | Plan-cap considerations |
|---|---|---|
| 1 hour | Every hour | 24 scans/day — burn quota fast |
| 2 hours | 0, 2, 4, 6, 8, 10, 12, … | 12/day |
| 3 hours | 0, 3, 6, 9, 12, 15, 18, 21 | 8/day |
| 4 hours | 0, 4, 8, 12, 16, 20 (default) | 6/day |
| 6 hours | 0, 6, 12, 18 | 4/day |
| 8 hours | 0, 8, 16 | 3/day |
| 12 hours | 0, 12 | 2/day |
| 24 hours | 0 (midnight) | 1/day |
Set your interval¶
- Go to Profile → Scan schedule.
- Pick an interval from the dropdown.
- Click Save.
The next scan fires at the next matching UTC hour. You'll see the next scheduled scan time on the Scans page after saving.
Disable custom schedule¶
Click Reset to default. Your account reverts to the global 4-hour cadence.
Manual scans¶
Regardless of the schedule, you can trigger a scan manually anytime from Scans → Run GitHub scan now or Run web scrape now. Manual scans count against your daily scan quota.
When the day's quota is exhausted, the trigger button returns an error with the time of your next allowed run.
Why we don't offer "scan on every push"¶
A webhook-driven on-push scan model would be more reactive but introduces:
- Variable GitHub API load that can hit secondary rate limits during merge bursts.
- A dependency on every customer setting up a GitHub webhook to our platform.
- Loss of the "scheduled, predictable" workload that lets us guarantee SLAs on alert latency.
For pre-merge scanning of PRs, use the CI/CD pre-merge scanner instead — it's the same detection engine, run inside your CI, against the unified diff.
Holiday and outage handling¶
If our scheduler is down for a window when a scan should have fired, we catch up on restart — but only once (we never queue multiple back-to-back missed firings). If you went a full day with no scans, you'll see one catch-up scan, not six. This is intentional: we never want to suddenly fire 24 hours of scans simultaneously.
If you ever notice a multi-hour gap in your scan history, check our status page first.