Status Page

SCA Auto-Resolve Latency & SCA Scan Processing Delays

Minor incident EU Environment API (EU Environment) Application/UI (EU Environment) US Environment API (US Environment) Application/UI (US Environment)
2025-12-08 23:43 IST · 21 hours, 28 minutes

Updates

Resolved

This issue is resolved. The queue has cleared, and both SCA scans and auto-resolve processing times have returned to normal and are significantly faster than during the incident. We will share an RCA and next action items in the coming days as an attachment to this incident.

December 9, 2025 · 21:10 IST
Monitoring

We’ve identified the root cause of the SCA auto-resolve and scan latency. Queue lag is steadily decreasing and processing times are improving. We are continuing to monitor closely and will provide further updates as needed.

December 9, 2025 · 13:42 IST
Issue

Summary
We are currently experiencing increased latency in two SCA areas:

  • Auto-resolve processing after customers push a fix for a CVE/violation.
  • Manual SCA scans, which may also take longer than expected to complete and reflect updated violation status.

As a result, customers may continue seeing violations as Open for a period of time even after the fixing commit is pushed and/or a rescan is triggered.

Customer Impact

Violations that should transition to Resolved after a fix may remain Open temporarily.
Triggering a new scan may not immediately update the violation state.
No data loss is expected; this is a delay in processing and state updates.

What’s likely happening (flow)

  • The typical flow during this incident looks like:
  • Developers push a fix for a CVE (dependency update / patch commit).
  • The developer still sees the violation as Open in Cycode.
  • They reach out for confirmation.
  • Cycode users check and confirm the fix was applied, but the violation still shows Open.
  • Auto-resolve logic is triggered by the push event, but is processed with delay.
  • Developers then trigger another SCA scan to force resolution.
  • That scan also queues behind the same pipeline, so results and state updates still take time.

Root Cause (preliminary)

Auto-resolve events and SCA scans are currently being processed through the same execution queue/pipeline, which is experiencing higher-than-normal load.
This shared queue is causing backlog and delayed processing for both:

  • Auto-resolve-from-push events
  • On-demand SCA scans

Mitigation / Current Actions

  • Our SCA team is actively working to reduce queue latency and restore normal processing times.
  • We are monitoring backlog depth and scan/auto-resolve throughput.
  • Prioritization is being applied to speed up resolution events.

Workaround (if needed)

  • No action is required for correctness; the system will eventually reflect the resolved state.
  • If you re-scan, please expect delays while the backlog clears.

Next Update

We’ll provide another update once latency returns to normal or if timelines change.

December 8, 2025 · 23:43 IST

← Back