Open
Description
After enabling the feature in https://github.com/ossf/scorecard-webapp/releases/tag/v1.0.6, there was an increase in request latencies in the scorecard-api-prod.
p95: mostly unchanged, but now peaks as high at 3s
p99: approximately 1s -> 3.5s
Since the only hashes we lookup are for these repos:
- "actions/checkout"
- "ossf/scorecard-action"
- "actions/upload-artifact"
- "github/codeql-action"
- "step-security/harden-runner"
it should be a pretty short list of hashes to keep track of. We can do a LRU if we're concerned about memory ballooning.