Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability Analysis Cache expiry erroneuously reduced to 14.4 minutes #2115

Closed
valentijnscholten opened this issue Nov 4, 2022 · 3 comments
Closed

Vulnerability Analysis Cache expiry erroneuously reduced to 14.4 minutes #2115

valentijnscholten opened this issue Nov 4, 2022 · 3 comments
Labels
defect Something isn't working p1 Critical bugs that prevent DT from being used, or features that must be implemented ASAP
Milestone
4.6.3

Comments

@valentijnscholten
Copy link
Contributor

valentijnscholten commented Nov 4, 2022
edited

Current Behavior:

The Vulnerability Analysis Cache expiry time was reduced from 24h to 14.4 minutes by mistake in #1841

https://github.com/DependencyTrack/dependency-track/commit/ac6186cd3f7c8d3731cac5ba944732df3ba6fda4#diff-4a2691c1673ee2620[…]62f4d1d6eada58a83596L73
https://github.com/DependencyTrack/dependency-track/commit/ac6186cd3f7c8d3731cac5ba944732df3ba6fda4#diff-c0b9dee940783572a[…]4df4e138fef3381477e0R49

Steps to Reproduce:

Not needed

Expected Behavior:

Set cache expiry back to 24h, or as discussed on Slack 12h might be better: https://owasp.slack.com/archives/C6R3R32H4/p1667471703846329

Additional Details:

This needs a database migration to convert the wrong default cache expiry currently stored in the database.
A text update might be good for the Task Schedule page in the UI to explain that the Cache Analysis Cleanup Cadence is a different setting that completely empties the cache.
In a future PR it might be worthwhile to make the cache expiry property configurable, maybe with some kind of sane/safe minimum value to avoid overloading the analyzer APIs.
@nscuro nscuro added defect Something isn't working and removed in triage labels Nov 4, 2022
@nscuro
Copy link
Member

nscuro commented Nov 4, 2022

@stevespringett Do we want to have a 4.6.x release for this?

@stevespringett
Copy link
Member

We likely should, yes

@nscuro nscuro added the p1 Critical bugs that prevent DT from being used, or features that must be implemented ASAP label Nov 4, 2022
@nscuro nscuro added this to the 4.6.3 milestone Nov 4, 2022
@nscuro nscuro mentioned this issue Nov 5, 2022
Merged
nscuro added a commit to nscuro/dependency-track that referenced this issue Nov 18, 2022
@nscuro
Reset scanner cache validity period to 12h
5c49a8f 
Fixes DependencyTrack#2115

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro nscuro closed this as completed in e5bb706 Nov 18, 2022
@nscuro nscuro mentioned this issue Nov 18, 2022
Merged
5 tasks
@github-actions
Copy link
Contributor

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 18, 2022
stephan-wolf-ais pushed a commit to AISAutomation/dependency-track that referenced this issue Mar 1, 2023
@nscuro @stephan-wolf-ais
Reset scanner cache validity period to 12h
1992220 
Fixes DependencyTrack#2115

Signed-off-by: nscuro <nscuro@protonmail.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
defect Something isn't working p1 Critical bugs that prevent DT from being used, or features that must be implemented ASAP
Projects
None yet
Milestone
4.6.3
Development

No branches or pull requests
3 participants
@stevespringett @valentijnscholten @nscuro