Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix redundant notifications for existing policy violations #2656

Merged
merged 1 commit into from
Apr 15, 2023
Merged

Fix redundant notifications for existing policy violations #2656

merged 1 commit into from
Apr 15, 2023

Conversation

nscuro
Copy link
Member

@nscuro nscuro commented Apr 10, 2023

Description

This PR fixes a defect where POLICY_VIOLATION notifications were sent not only for newly identified violations, but also for already existing ones.

Addressed Issue

Fixes #2655

Additional Details

N/A

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have added corresponding update logic
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@valentijnscholten
Copy link
Contributor

Just thinking out loud: In #2523 there can be, in theory, two parallel policy evaluation events taking place. Could/Should there be some transactional behaviour here to avoid duplicate notifications in that (corner?) case?

@nscuro
Copy link
Member Author

nscuro commented Apr 11, 2023

@valentijnscholten That is a very good point that I was thinking of a lot recently, too. Problem is that dispatching of events is not transactional, so really what we'd need is an implementation of the outbox pattern.

@nscuro
Copy link
Member Author

nscuro commented Apr 15, 2023

I have raised an issue for transactional notifications here: #2674

@nscuro nscuro merged commit 2cd1925 into DependencyTrack:master Apr 15, 2023
@nscuro nscuro deleted the fix-redundant-policy-violation-notifications branch April 15, 2023 17:51
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 16, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Redundant notifications being sent for existing policy violation
2 participants
@nscuro @valentijnscholten