You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(scanner): compute and render per-scanner duration_ms
The scan report carried per-scanner started_at/completed_at but no
duration, and the CLI rendered no per-scanner timing. Add a derived
duration_ms to each scanner status and surface it in the CLI:
- ScannerJobStatus gains a duration_ms field and a Duration() helper;
the engine recomputes it once both timestamps are known (the live
scan path sets start and completion in separate updates).
- security status grows a DURATION column.
- security report renders a per-scanner "Scanner timing" block.
- CLI reads duration_ms, falling back to started_at/completed_at for
reports produced before the field existed.
Related to MCP-2402
The `DURATION` column is each scanner's wall-clock execution time, computed from its `started_at`/`completed_at` timestamps. It renders `-` when timing is unavailable (e.g. a scanner that never started).
440
+
434
441
:::tip Use status for diagnostics
435
442
If `security report` shows "0 findings" but you think a scanner should have flagged something, open `status` — failed scanners appear here with their truncated stderr. The full stderr is available via `security status <server> -o json`.
436
443
:::
@@ -468,6 +475,11 @@ Risk Score: 0/100
468
475
Scanned: 2026-04-10 10:08:19
469
476
Scanners: 6 run, 1 failed (ramparts) of 7
470
477
478
+
Scanner timing:
479
+
mcp-scan completed 1.2s
480
+
trivy-mcp completed 12.3s
481
+
ramparts failed -
482
+
471
483
WARNING: Scan coverage incomplete: 1 of 7 scanners did not run
472
484
473
485
=== Security Scan (Pass 1) ===
@@ -487,6 +499,7 @@ The `Scanners: X run, Y failed (names) of Z` line surfaces per-scanner failures
-`findings` — normalized findings across all scanners
489
501
-`reports` — per-scanner raw results (also includes SARIF when `?include_sarif=true` is passed to the REST endpoint)
502
+
-`scanner_statuses` — per-scanner execution records, each with `scanner_id`, `status`, `started_at`, `completed_at`, `duration_ms` (wall-clock execution time in milliseconds), `findings_count`, and `error`
490
503
-`scan_context` — source method, source path, scanned file list
0 commit comments