diff --git a/controllers/container_image/deployment_handler.go b/controllers/container_image/deployment_handler.go
index 3804741e6..cb53ec923 100644
--- a/controllers/container_image/deployment_handler.go
+++ b/controllers/container_image/deployment_handler.go
@@ -113,11 +113,9 @@ func (n *DeploymentHandler) syncCronJob(ctx context.Context) error {
 		existing.Spec.ConcurrencyPolicy = desired.Spec.ConcurrencyPolicy
 		existing.SetOwnerReferences(desired.GetOwnerReferences())
 
-		// Remove any old jobs because they won't be updated when the cronjob changes
-		if err := n.KubeClient.DeleteAllOf(ctx, &batchv1.Job{},
-			client.InNamespace(n.Mondoo.Namespace),
-			client.MatchingLabels(CronJobLabels(*n.Mondoo)),
-			client.PropagationPolicy(metav1.DeletePropagationForeground)); err != nil {
+		// Remove completed/failed jobs because they won't be updated when the cronjob changes.
+		// Active jobs are preserved to avoid killing in-progress scans.
+		if err := k8s.DeleteCompletedJobs(ctx, n.KubeClient, n.Mondoo.Namespace, CronJobLabels(*n.Mondoo), logger); err != nil {
 			return err
 		}
 
diff --git a/controllers/k8s_scan/deployment_handler.go b/controllers/k8s_scan/deployment_handler.go
index 74ebb4afc..fdabbccc9 100644
--- a/controllers/k8s_scan/deployment_handler.go
+++ b/controllers/k8s_scan/deployment_handler.go
@@ -190,11 +190,9 @@ func (n *DeploymentHandler) syncCronJob(ctx context.Context) error {
 		existing.Spec.ConcurrencyPolicy = desired.Spec.ConcurrencyPolicy
 		existing.SetOwnerReferences(desired.GetOwnerReferences())
 
-		// Remove any old jobs because they won't be updated when the cronjob changes
-		if err := n.KubeClient.DeleteAllOf(ctx, &batchv1.Job{},
-			client.InNamespace(n.Mondoo.Namespace),
-			client.MatchingLabels(CronJobLabels(*n.Mondoo)),
-			client.PropagationPolicy(metav1.DeletePropagationForeground)); err != nil {
+		// Remove completed/failed jobs because they won't be updated when the cronjob changes.
+		// Active jobs are preserved to avoid killing in-progress scans.
+		if err := k8s.DeleteCompletedJobs(ctx, n.KubeClient, n.Mondoo.Namespace, CronJobLabels(*n.Mondoo), logger); err != nil {
 			return err
 		}
 
@@ -399,11 +397,9 @@ func (n *DeploymentHandler) syncExternalClusterCronJob(ctx context.Context, imag
 		existing.Spec.ConcurrencyPolicy = desired.Spec.ConcurrencyPolicy
 		existing.SetOwnerReferences(desired.GetOwnerReferences())
 
-		// Remove any old jobs
-		if err := n.KubeClient.DeleteAllOf(ctx, &batchv1.Job{},
-			client.InNamespace(n.Mondoo.Namespace),
-			client.MatchingLabels(ExternalClusterCronJobLabels(*n.Mondoo, cluster.Name)),
-			client.PropagationPolicy(metav1.DeletePropagationForeground)); err != nil {
+		// Remove completed/failed jobs because they won't be updated when the cronjob changes.
+		// Active jobs are preserved to avoid killing in-progress scans.
+		if err := k8s.DeleteCompletedJobs(ctx, n.KubeClient, n.Mondoo.Namespace, ExternalClusterCronJobLabels(*n.Mondoo, cluster.Name), logger); err != nil {
 			return err
 		}
 
diff --git a/controllers/nodes/deployment_handler.go b/controllers/nodes/deployment_handler.go
index 03d7d482a..fcb8d47fc 100644
--- a/controllers/nodes/deployment_handler.go
+++ b/controllers/nodes/deployment_handler.go
@@ -117,11 +117,9 @@ func (n *DeploymentHandler) syncCronJob(ctx context.Context) error {
 			}
 			continue
 		case controllerutil.OperationResultUpdated:
-			// Remove any old jobs because they won't be updated when the cronjob changes
-			if err := n.KubeClient.DeleteAllOf(ctx, &batchv1.Job{},
-				client.InNamespace(n.Mondoo.Namespace),
-				client.MatchingLabels(NodeScanningLabels(*n.Mondoo)),
-				client.PropagationPolicy(metav1.DeletePropagationForeground)); err != nil {
+			// Remove completed/failed jobs because they won't be updated when the cronjob changes.
+			// Active jobs are preserved to avoid killing in-progress scans.
+			if err := k8s.DeleteCompletedJobs(ctx, n.KubeClient, n.Mondoo.Namespace, NodeScanningLabels(*n.Mondoo), logger); err != nil {
 				return err
 			}
 		}