You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(scanner): downgrade clean risk score to degraded on incomplete coverage (#669)
The scan summary reported a 0/100 "clean" verdict even when part of the
scanner fleet failed, so a user saw an all-clear while 40% of scanners
never ran. Coverage was only surfaced as a separate WARNING block.
Tie risk-score confidence to scanner coverage:
- SecurityScanSummary / ScanSummary carry scanners_run/failed/total.
- GetScanSummary computes coverage on the primary pass and downgrades a
would-be "clean" verdict to a new "degraded" status when any scanner
failed. "dangerous"/"warnings"/"failed" verdicts are left intact.
- CLI report annotates the Risk Score line with
"(degraded — N of M scanners did not run)".
- Swagger + CLI docs updated.
Related #MCP-2401
0 commit comments