Skip to main content

Why is the scan duration reported by Semgrep different from the scan duration of the end-to-end process of running a diff-aware managed scan?

The Duration of a scan shown on Semgrep AppSec Platform's Projects page reflects the amount of time required to run the Semgrep scan. This timer begins when Semgrep sends the scan request and receives a scan identifier, and ends when Semgrep sends results and receives a scan complete response.

If your CI/CD system displays a process time that is longer than the scan duration displayed in Semgrep AppSec Platform, this value includes the time required for setup, pre-processing, and post-processing steps, in addition to the scan time. These steps can include:

  • Receiving and processing the webhook notification to start the scan
  • Initializing the scan job and environment
  • Cloning the repository

Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.