Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport: Refactor VulnerabilityAnalysisTask to be more efficient #4625

Merged
merged 1 commit into from
Feb 9, 2025
Merged

Backport: Refactor VulnerabilityAnalysisTask to be more efficient #4625

merged 1 commit into from
Feb 9, 2025

Conversation

nscuro
Copy link
Member

@nscuro nscuro commented Feb 8, 2025

Description

Refactors vuln analysis task to be more efficient.

Addressed Issue

Backports #4623

Additional Details

See #4623

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have added corresponding update logic
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@nscuro nscuro added the defect Something isn't working label Feb 8, 2025
@nscuro nscuro added this to the 4.12.4 milestone Feb 8, 2025
@nscuro
Refactor vuln analysis task to be more efficient
cbd6405 
* For portfolio analysis, don't fetch *all* projects at once, but in batches of 100.
* Regularly evict objects from the ORM's L1 cache to prevent excessive cache size.
* For project analysis, don't fetch *all* components at once, but in batches of 1000.
* Limit the fields being fetched from the database to only those needed for vulnerability analysis.
* When triggering a project analysis, only transmit the project's UUID via events, instead of all of its components.
* Deprecate `QueryManager#getAllProjects` for removal. This method is never the right choice, but is still used in a few places.

In addition, as byproducts of this refactoring:

* Add MDC variables to provide more context in logs emitted during vulnerability analysis.
* Remove event subscription for specific scanner events. Scanners are only ever invoked directly, never through the event system.
* Gracefully handle thread interrupts.
* Fix `CacheableScanTask#applyAnalysisFromCache` never being invoked.

Signed-off-by: nscuro <[email protected]>
@codacy-production Codacy Production
Copy link

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.04% (target: -1.00%) 84.39% (target: 70.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (efad42c) 22583 17940 79.44%
Head commit (cbd6405) 22639 (+56) 17993 (+53) 79.48% (+0.04%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#4625) 205 173 84.39%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more

@nscuro nscuro merged commit f9625d2 into DependencyTrack:4.12.x Feb 9, 2025
8 checks passed
@nscuro nscuro deleted the backport-pr-4623 branch February 9, 2025 11:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
defect Something isn't working
Projects
None yet
Milestone
4.12.4
Development

Successfully merging this pull request may close these issues.
1 participant
@nscuro