Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make use of logback's MDC to add context to log statements #3234

Open
2 tasks done
nscuro opened this issue Nov 25, 2023 · 0 comments
Open
2 tasks done

Make use of logback's MDC to add context to log statements #3234

nscuro opened this issue Nov 25, 2023 · 0 comments
Labels
enhancement New feature or request p3 Nice-to-have features

Comments

@nscuro
Copy link
Member

nscuro commented Nov 25, 2023

Current Behavior

Dependency-Track performs many tasks asynchronously. Status updates, warnings, and errors are logged during task execution, however those logs lack context:

  • When BOM processing fails, it's unclear for which BOM, uploaded to what project
  • When VEX processing fails, it's unclear for which VEX, uploaded to what project
  • When repository metadata analysis fails, it's unclear for which component, and for what repository
  • etc.

Proposed Behavior

Logback offers a feature to add additional context to log statements via Mapped Diagnostic Context (MDC).

We should use that to attach context information, for example:

  • Project UUID, name, version
  • Component UUID, name, version
  • BOM / VEX format, spec version, serial number, version
  • etc.

wherever appropriate. When logging to JSON format, those context variables are represented as dedicated JSON fields and can thus be indexed by log aggregators (Elasticsearch, Splunk, ...).

Checklist
@nscuro nscuro added enhancement New feature or request p3 Nice-to-have features labels Nov 25, 2023
@nscuro nscuro mentioned this issue Jan 10, 2024
Merged
3 tasks
@nscuro nscuro mentioned this issue Mar 18, 2024
Open
2 tasks
nscuro added a commit to nscuro/dependency-track that referenced this issue Jul 15, 2024
@nscuro
Ensure no unique constraint violation for ProjectMetadata
164847a 
Adds regression test for DependencyTrack#3895. The behavior itself does not reproduce on `master`, but does with `4.11.5`.

Wraps the project cloning in a transaction to make it more reliable. Adds MDC variables for `CloneProjectTask` (DependencyTrack#3234).

Fixes DependencyTrack#3895

Signed-off-by: nscuro <[email protected]>
@nscuro nscuro mentioned this issue Jul 15, 2024
Merged
2 tasks
netomi pushed a commit to netomi/dependency-track that referenced this issue Aug 8, 2024
@nscuro @netomi
Ensure no unique constraint violation for ProjectMetadata
b44ec0f 
Adds regression test for DependencyTrack#3895. The behavior itself does not reproduce on `master`, but does with `4.11.5`.

Wraps the project cloning in a transaction to make it more reliable. Adds MDC variables for `CloneProjectTask` (DependencyTrack#3234).

Fixes DependencyTrack#3895

Signed-off-by: nscuro <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request p3 Nice-to-have features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nscuro