> For the complete documentation index, see [llms.txt](https://docs.ox.security/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ox.security/scan-and-analyze-with-ox/scanning/scanning-ci-cd-pipelines/pipeline-scan-settings.md).

# Pipeline Scan Settings

When configuring [pipeline scans](/scan-and-analyze-with-ox/scanning/scanning-ci-cd-pipelines.md), you need to define how the scan behaves.

You can configure which branches trigger scans, whether to respond to push or pull request events, and how to handle timeouts or scan failures.

For example, you might choose to react only to pull requests, which typically represent changes intended for merging into protected branches.

OX Security recommends starting with the default configuration and adjusting it based on your workflow needs.

<figure><img src="/files/vkreUjrs2GyhajoBDTwU" alt=""><figcaption></figcaption></figure>

<table data-header-hidden><thead><tr><th width="139.8333740234375"></th><th></th><th></th></tr></thead><tbody><tr><td><strong>Setting</strong></td><td><strong>Description</strong></td><td><strong>Recommendation</strong></td></tr><tr><td><strong>Timeout</strong></td><td>Maximum time a pipeline scan is allowed to run. If exceeded, the scan is terminated. Helps prevent stuck or long-running jobs.</td><td>Use default at first. Tune based on observed performance.</td></tr><tr><td><strong>Behavior on Error/Timeout</strong></td><td>Defines whether the pipeline should be blocked if the scan fails or times out. Failure may not indicate an issue, could be a timeout or data fetch problem.</td><td>Start with non-blocking (alert). Move to blocking once pipelines are stable.</td></tr><tr><td><strong>Scan Performance Mode</strong></td><td>Controls the depth of repository analysis performed during the pipeline scan, as follows:<br>- <strong>Detailed scan:</strong> Runs the scan with dependency graph generation and also collects Git repository information (Git history and related metadata from the <code>.git</code> folder during clone).<br>This mode enables additional context such as information derived from commit history (for example, author-related metadata) and other details based on Git history.<br>- <strong>Regular scan:</strong> Runs the scan with dependency graph generation.<br>This mode provides dependency-graph-based context, but does not collect Git history information.<br>- <strong>Fast scan:</strong> Runs the scan without generating the dependency graph.</td><td><p>Available only using feature flag. Use only if needed and enabled for your account.<br><br>Start with <strong>Regular</strong>.</p><p>Use <strong>Fast</strong> when you need shorter scan times and can work without dependency graph context. The time saved depends on how long dependency graph generation takes for your repositories.</p><p>Use <strong>Detailed</strong> when you need Git-history-based context. It can be around <strong>2x slower</strong> than Regular depending on the repository.</p></td></tr></tbody></table>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.ox.security/scan-and-analyze-with-ox/scanning/scanning-ci-cd-pipelines/pipeline-scan-settings.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.