Pipeline Scan Settings
When configuring pipeline scans, you need to define how the scan behaves.
You can configure which branches trigger scans, whether to respond to push or pull request events, and how to handle timeouts or scan failures.
For example, you might choose to react only to pull requests, which typically represent changes intended for merging into protected branches.
OX Security recommends starting with the default configuration and adjusting it based on your workflow needs.
Setting
Description
Recommendation
Timeout
Maximum time a pipeline scan is allowed to run. If exceeded, the scan is terminated. Helps prevent stuck or long-running jobs.
Use default at first. Tune based on observed performance.
Behavior on Error/Timeout
Defines whether the pipeline should be blocked if the scan fails or times out. Failure may not indicate an issue, could be a timeout or data fetch problem.
Start with non-blocking (alert). Move to blocking once pipelines are stable.
Scan Performance Mode
Controls the depth of the scan (e.g., basic vs. detailed). Detailed scans analyze commit history and perform full repository analysis.
Available only using feature flag. Use only if needed and enabled for your account.
Last updated