You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(scanner): compute and render per-scanner duration_ms (#667)
The scan report carried per-scanner started_at/completed_at but no
duration, and the CLI rendered no per-scanner timing. Add a derived
duration_ms to each scanner status and surface it in the CLI:
- ScannerJobStatus gains a duration_ms field and a Duration() helper;
the engine recomputes it once both timestamps are known (the live
scan path sets start and completion in separate updates).
- security status grows a DURATION column.
- security report renders a per-scanner "Scanner timing" block.
- CLI reads duration_ms, falling back to started_at/completed_at for
reports produced before the field existed.
Related to MCP-2402
The `DURATION` column is each scanner's wall-clock execution time, computed from its `started_at`/`completed_at` timestamps. It renders `-` when timing is unavailable (e.g. a scanner that never started).
441
+
435
442
:::tip Use status for diagnostics
436
443
If `security report` shows "0 findings" but you think a scanner should have flagged something, open `status` — failed scanners appear here with their truncated stderr. The full stderr is available via `security status <server> -o json`.
437
444
:::
@@ -469,6 +476,11 @@ Risk Score: 0/100
469
476
Scanned: 2026-04-10 10:08:19
470
477
Scanners: 6 run, 1 failed (ramparts) of 7
471
478
479
+
Scanner timing:
480
+
mcp-scan completed 1.2s
481
+
trivy-mcp completed 12.3s
482
+
ramparts failed -
483
+
472
484
WARNING: Scan coverage incomplete: 1 of 7 scanners did not run
473
485
474
486
=== Security Scan (Pass 1) ===
@@ -488,6 +500,7 @@ The `Scanners: X run, Y failed (names) of Z` line surfaces per-scanner failures
-`findings` — normalized findings across all scanners
490
502
-`reports` — per-scanner raw results (also includes SARIF when `?include_sarif=true` is passed to the REST endpoint)
503
+
-`scanner_statuses` — per-scanner execution records, each with `scanner_id`, `status`, `started_at`, `completed_at`, `duration_ms` (wall-clock execution time in milliseconds), `findings_count`, and `error`
491
504
-`scan_context` — source method, source path, scanned file list
0 commit comments