Scheduled Scans
Scheduled scans run cloud scans on a recurring cron schedule for continuous drift monitoring. When a scheduled scan fails, DriftWise can notify you via Slack. For endpoint shapes, see the scans tag of the API reference.
Creating a schedule
Via the UI
- Go to Cloud Scan in the sidebar, then click the Schedules tab.
- Click New Schedule.
- Set a name and cron expression, and optionally restrict the scan to a single cloud account or a subset of regions.
- Click Save.
Via the API
Call POST /orgs/:id/schedules with a CreateScheduledScanRequest
body. Owner/admin role required.
Plan limits apply to both count (max_scheduled_scans) and
frequency (min_schedule_interval_minutes). Too-frequent
schedules return 402 with the estimated interval; creating beyond
the count limit returns 402 plan_limit_exceeded.
Request fields
| Field | Type | Required | Description |
|---|---|---|---|
name | string | yes | Human-readable schedule name (max 256 chars) |
schedule | string | yes | 5-field cron expression (max 256 chars) |
cloud_account_id | string | no | Specific account to scan. Omit to scan all accounts |
filter_regions | string[] | no | Cloud regions to include (empty = all) |
notify_webhook_config_ids | string[] | no | Reserved for future use (not yet implemented) |
notify_slack_channel | string | no | Slack channel for failure notifications |
enabled | bool | no | Defaults to true |
Cron syntax
Standard 5-field format: minute hour day-of-month month day-of-week
| Expression | Meaning |
|---|---|
0 2 * * * | Daily at 2:00 AM |
0 */6 * * * | Every 6 hours |
0 9 * * 1-5 | Weekdays at 9:00 AM |
30 0 1 * * | First of every month at 12:30 AM |
*/15 * * * * | Every 15 minutes |
Your plan may enforce a minimum interval between runs. If the
schedule fires more frequently than your plan allows, creation
returns 402 plan_schedule_frequency with the computed interval.
Managing schedules
The PUT endpoint accepts partial updates — only fields set in the
body are modified. Schedule changes recompute next_run_at atomically
and revalidate the cron interval against the plan's
min_schedule_interval_minutes.
Pause by sending PUT {"enabled": false}. Resume with enabled: true.
Delete is soft — the row persists for audit history but the
schedule no longer fires and disappears from list/get responses.
Deletes are not recoverable via API.
Run a schedule immediately
The run endpoint fires the same fan-out that the cron firing would
— if cloud_account_id is null, it scans every registered account.
Concurrent-scan plan limit still applies. Does not advance
next_run_at; the next cron firing happens on schedule.
Failure handling
Scheduled scans track consecutive failures automatically:
- Each failed run increments a
consecutive_failurescounter. - Each successful run resets the counter to 0.
- The
last_errorfield shows the most recent failure reason. - After 5 consecutive failures (configurable via
SCHEDULE_MAX_CONSECUTIVE_FAILURES), the schedule is auto-disabled.
Auto-disabled schedules show a disabled_reason of
"auto-disabled after repeated failures". Fix the underlying issue
(expired credentials, deleted account, etc.) and re-enable manually.
Notifications
Link a Slack channel to get notified when scheduled scans fail by
setting notify_slack_channel on the schedule. Your org must first
complete the Slack app install — without an installation,
the notification is silently dropped (logged as a warning). Failure
notifications are best-effort — a failed notification does not
affect the scan or schedule.
notify_webhook_config_ids is accepted in the API but not yet acted
upon. Outbound webhook notifications are planned for a future
release.
Endpoint reference
Schedule CRUD plus bulk-scan + run-now are documented under the
scans tag of the API
reference. List endpoints are
paginated with limit (default 50, max 200) and offset.