Pentesting

Understanding Pentest Statuses

What each pentest status means and what actions are available at each stage.

Pentest Lifecycle

Every pentest passes through a series of statuses from creation to completion. Understanding these statuses helps you monitor progress and troubleshoot issues.

Status Definitions

pending_runner

The pentest has been created and is waiting for an eligible self-hosted runner to claim it.

assigned

A runner has claimed the job and is preparing preflight checks.

preflight_failed

The runner could not satisfy preflight requirements such as container runtime availability, BYOK provider credentials, target reachability, or the pinned pentest image digest.

queued

Legacy status from older managed queue flows. New self-hosted pentests normally start at pending_runner.

pending_verification

Legacy status from the retired managed verification flow. New self-hosted pentests should not enter this state; cancel and restart the pentest.

provisioning

Legacy managed-container status. Current self-hosted runners perform preflight locally and then move the scan to running.

running

The agents are actively testing the target from your runner environment. You will see real-time agent messages and findings streaming to the dashboard. Running pentests have a maximum duration of 3 hours.

stale

The runner job lease expired or the runner stopped heartbeating before the job reached a terminal state.

completed

The pentest finished successfully. All findings have been saved and the final report has been generated.

failed

Something went wrong during the pentest — for example, the target was unreachable or an internal error occurred. Partial results may be available. Check the pentest log for error details.

cancelled

You manually cancelled the pentest before it completed. Partial findings discovered before cancellation are preserved.

Actions by Status

  • pending_runner — cancel.
  • assigned — cancel.
  • preflight_failed — cancel or retry after runner setup is fixed.
  • queued — cancel.
  • pending_verification — cancel and restart as a self-hosted pentest.
  • provisioning — cancel.
  • running — watch live, cancel.
  • stale — inspect runner health, then retry.
  • completed — view findings, download report, retest findings.
  • failed — view partial results, retry pentest.
  • cancelled — view partial results, retry pentest.

Timeout Behavior

If a pentest reaches the 3-hour maximum, the runner stops the scan container, preserves partial results, and the scan is marked terminal. You can run a follow-up pentest to continue testing from where the previous one left off.

Back to Knowledge Base