Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.asymptotelabs.ai/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Asynchronous codebase scans give you continuous, broad security coverage across your entire repository, not just the lines changed in a given PR or deployment. Scans run independently of your deployment pipeline, on demand or on a configured schedule.

How It Works

  1. Trigger a scan manually from the Asymptote dashboard or CLI, or configure a recurring schedule
  2. Asymptote sweeps the full codebase against all active security policies
  3. Findings are prioritized and surfaced in the dashboard with context, severity, and recommended remediations
  4. A timestamped report is generated for audit and compliance purposes

What Gets Scanned

  • Code vulnerabilities: insecure patterns, injection risks, unsafe APIs, and policy violations across the entire repo
  • Secrets: API keys, tokens, passwords, and credentials committed anywhere in the codebase
  • Dependencies: supply chain risks, known CVEs, typosquatting, and dependency confusion in package manifests
  • Custom policies: any natural language policies defined in your Asymptote dashboard

When to Use Async Scans

  • After onboarding a new repository to get a full baseline security picture
  • Before a major release to catch anything that accumulated across many PRs
  • On a recurring schedule to maintain continuous visibility into your security posture
  • After updating security policies to find existing violations in code that predates the new rule
Questions about async scans? Contact us at support@asymptotelabs.ai.