Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Separate policy evaluation into its own task #2423

Closed
2 tasks done
nscuro opened this issue Jan 30, 2023 · 1 comment · Fixed by #2523
Closed
2 tasks done

Separate policy evaluation into its own task #2423

nscuro opened this issue Jan 30, 2023 · 1 comment · Fixed by #2523
Labels
enhancement New feature or request good first issue Good for newcomers p3 Nice-to-have features
Milestone
4.9

Comments

@nscuro
Copy link
Member

nscuro commented Jan 30, 2023

Current Behavior

Policy evaluation is currently performed as a byproduct of vulnerability analysis.

dependency-track/src/main/java/org/dependencytrack/tasks/VulnerabilityAnalysisTask.java

Lines 133 to 140 in 7cfc466

private void performPolicyEvaluation(Project project, List<Component> components) {
// Evaluate the components against applicable policies via the PolicyEngine.
final PolicyEngine pe = new PolicyEngine();
pe.evaluate(components);
if (project != null) {
Event.dispatch(new ProjectMetricsUpdateEvent(project.getUuid()));
}
}

This is sub-optimal as it prevents policy evaluation from being kicked off independently. It also blocks a single worker thread for longer than necessary (although policy evaluation is typically quite fast).

Proposed Behavior

Policy evaluation should have its own dedicated event and task. When chaining of events is desired, the onSuccess method of Event may be used, e.g.:

Event
    .dispatch(vulnerabilityAnalysisEvent)
    .onSuccess(policyEvaluationEvent);

Checklist
@nscuro nscuro added enhancement New feature or request p3 Nice-to-have features good first issue Good for newcomers labels Jan 30, 2023
@walterdeboer walterdeboer mentioned this issue Feb 24, 2023
Merged
5 tasks
@nscuro nscuro added this to the 4.9 milestone Jun 28, 2023
@github-actions
Copy link
Contributor

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers p3 Nice-to-have features
Projects
None yet
Milestone
4.9
Development

Successfully merging a pull request may close this issue.

Separate policy evaluation into its own task walterdeboer/dependency-track
1 participant
@nscuro