Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate VulnerabilityPolicyEvaluator in VulnerabilityScanResultProcessor #940

Closed
nscuro opened this issue Nov 28, 2023 · 0 comments · Fixed by DependencyTrack/hyades-apiserver#474
Closed

Integrate VulnerabilityPolicyEvaluator in VulnerabilityScanResultProcessor #940

nscuro opened this issue Nov 28, 2023 · 0 comments · Fixed by DependencyTrack/hyades-apiserver#474
Assignees
@nscuro
Labels
component/api-server domain/vuln-policy enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/M Medium effort

Comments

@nscuro
Copy link
Member

nscuro commented Nov 28, 2023

Extracted from #930 (comment)

  • Add Micrometer Timer to track time taken for evaluation
  • Consider logging warnings when evaluation takes too long
    • Add a timeout to prevent evaluation from taking too long? We don't want policies to DOS the system. Is this practical?
  • Profile the integration, it's crucial that it performs well!
  • Should be disabled unless a feature flag (environment variable) is set
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nscuro nscuro

Labels
component/api-server domain/vuln-policy enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/M Medium effort
Projects
None yet
Milestone
No milestone
1 participant
@nscuro