# Pipeline Scan Settings

When configuring [pipeline scans](https://docs.ox.security/scan-and-analyze-with-ox/scanning/scanning-ci-cd-pipelines), you need to define how the scan behaves.

You can configure which branches trigger scans, whether to respond to push or pull request events, and how to handle timeouts or scan failures.

For example, you might choose to react only to pull requests, which typically represent changes intended for merging into protected branches.

OX Security recommends starting with the default configuration and adjusting it based on your workflow needs.

<figure><img src="https://884876233-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdK3XMLdV8zRg847RmGmZ%2Fuploads%2Fgit-blob-98567175f9bd935c7d8fd41ae8923a8eb68df3f7%2Fpipeline_settings_general.png?alt=media" alt=""><figcaption></figcaption></figure>

<table data-header-hidden><thead><tr><th width="139.8333740234375"></th><th></th><th></th></tr></thead><tbody><tr><td><strong>Setting</strong></td><td><strong>Description</strong></td><td><strong>Recommendation</strong></td></tr><tr><td><strong>Timeout</strong></td><td>Maximum time a pipeline scan is allowed to run. If exceeded, the scan is terminated. Helps prevent stuck or long-running jobs.</td><td>Use default at first. Tune based on observed performance.</td></tr><tr><td><strong>Behavior on Error/Timeout</strong></td><td>Defines whether the pipeline should be blocked if the scan fails or times out. Failure may not indicate an issue, could be a timeout or data fetch problem.</td><td>Start with non-blocking (alert). Move to blocking once pipelines are stable.</td></tr><tr><td><strong>Scan Performance Mode</strong></td><td>Controls the depth of repository analysis performed during the pipeline scan, as follows:<br>- <strong>Detailed scan:</strong> Runs the scan with dependency graph generation and also collects Git repository information (Git history and related metadata from the <code>.git</code> folder during clone).<br>This mode enables additional context such as information derived from commit history (for example, author-related metadata) and other details based on Git history.<br>- <strong>Regular scan:</strong> Runs the scan with dependency graph generation.<br>This mode provides dependency-graph-based context, but does not collect Git history information.<br>- <strong>Fast scan:</strong> Runs the scan without generating the dependency graph.</td><td><p>Available only using feature flag. Use only if needed and enabled for your account.<br><br>Start with <strong>Regular</strong>.</p><p>Use <strong>Fast</strong> when you need shorter scan times and can work without dependency graph context. The time saved depends on how long dependency graph generation takes for your repositories.</p><p>Use <strong>Detailed</strong> when you need Git-history-based context. It can be around <strong>2x slower</strong> than Regular depending on the repository.</p></td></tr></tbody></table>