Skip to main content

Why is the scan duration reported by Semgrep different from the scan duration of the end-to-end process of running a diff-aware managed scan?

The Duration of a scan shown on Semgrep AppSec Platform's Projects page reflects the amount of time required to run the Semgrep scan. This timer begins when Semgrep generates and sends the scan ID and ends when Semgrep sends results and a scan complete response.

If your CI/CD system displays a process time that is longer than the scan duration displayed in Semgrep AppSec Platform, this value includes the time required for setup, pre-processing, and post-processing steps, in addition to the scan time. These steps can include:

  • Receiving and processing the webhook notification to start the scan
  • Initializing the scan job and environment
  • Processing results

Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.