Scanning Issues¶
This guide covers common problems with scans — from stuck queues to missing findings.
Scan stuck in "Queued"¶
Symptom: Scan status shows "Queued" and hasn't progressed for more than 10 minutes.
Possible causes and solutions:
| Cause | Solution |
|---|---|
| Concurrent scan limit reached | Check your tier's limit: Free (1), Pro (5), Enterprise (20). Wait for running scans to finish. |
| Queue backlog during peak hours | Wait 15-30 minutes. Scans are processed in order. |
| Platform maintenance | Check status.mayoaspm.com |
Tip
You can cancel a queued scan and re-trigger it later if you need to free up a scan slot.
Scan stuck in "Running"¶
Symptom: Scan has been running for over 30 minutes without completing.
Possible causes:
| Cause | Solution |
|---|---|
| Large repository | Repos over 1 GB take longer. Consider scanning specific branches. |
| Scanner timeout | Individual scanners time out after 15 minutes. Check scan details for which scanner is slow. |
| Network issue during clone | Cancel and retry the scan. |
To cancel a stuck scan:
- Navigate to Scans.
- Click the stuck scan.
- Click Cancel Scan.
- Re-trigger after resolving the underlying issue.
Clone failed¶
Symptom: Scan fails with error "Failed to clone repository".
Possible causes and solutions:
| Cause | Solution |
|---|---|
| GitHub App lost access | Go to Settings > Integrations > GitHub and verify the app is still installed |
| Repository was deleted or renamed | Check the repository exists on GitHub |
| Repository is too large | Repos over 5 GB may fail to clone. Contact support for large repo support. |
| Private repo without app access | Ensure the GitHub App has access to the repository |
Verification steps:
- Navigate to Settings > Integrations > GitHub.
- Click Sync Now to refresh the repository list.
- Verify the repository appears in the assets list.
- Retry the scan.
Scanner timeout¶
Symptom: Scan completes but some scanners show "Timeout" status.
Scanner time limits:
| Scanner | Default timeout | Extended timeout (Enterprise) |
|---|---|---|
| Grype | 5 minutes | 15 minutes |
| Trivy | 5 minutes | 15 minutes |
| Semgrep | 15 minutes | 30 minutes |
| Gitleaks | 10 minutes | 20 minutes |
Solutions:
- Check repository size — large repos with many files slow down SAST scanners.
- If Semgrep times out, consider using a targeted rule set instead of the full default.
- Enterprise users can request extended timeouts via support.
No findings after scan¶
Symptom: Scan completes successfully but reports 0 findings.
Possible causes:
| Cause | Solution |
|---|---|
| Repository has no code | Verify the repo isn't empty or documentation-only |
| Wrong scanners selected | Ensure you selected scanners appropriate for the repo's language |
| No vulnerabilities found | This is a good thing. Verify by running the scanner locally. |
| Scanner misconfigured | Check scanner-specific configuration in project settings |
| Branch mismatch | Ensure the scan ran against the correct branch (default: main) |
Debugging steps:
- Click the completed scan to view details.
- Check each scanner's individual status and output.
- Verify the "files scanned" count is > 0.
- If a specific scanner shows 0 files, check that the repo contains files that scanner supports (e.g., Grype needs lock files).
Scan shows fewer findings than expected¶
Symptom: You know there are vulnerabilities, but the scan didn't find them all.
Possible causes:
| Cause | Solution |
|---|---|
| Findings were auto-suppressed by triage policy | Check suppressed findings in the findings view |
| Scanner doesn't cover that vulnerability type | Check scanner comparison |
| Deduplication | Mayo ASPM deduplicates identical findings across scans |
| Scan ran on wrong branch | Verify the scanned branch in scan details |
Scan failed with internal error¶
Symptom: Scan status shows "Failed" with error "Internal server error".
Steps:
- Note the scan ID from the scan details page.
- Retry the scan — transient errors may resolve on their own.
- If the error persists, contact support with the scan ID.
API-triggered scan not starting¶
Symptom: POST /api/scans returns success but the scan never appears.
Checklist:
- Verify the response included a
scan_id. - Check the scan status:
GET /api/scans/{scan_id}. - Verify your API key has
scans:writepermission. - Check you haven't hit the concurrent scan limit.