Grype with version v.0.55 take 3 hour to scan the image

[rhcechetan]

What happened: Grype with version v.0.55 take more than 3 hour to scan the image whereas Grype v.0.44 taken 30-45 minutes for scanning the same image

What you expected to happen: Grype with version v.0.55 should take same time around 30-45 minutes

How to reproduce it (as minimally and precisely as possible): I scanned using Grype v.0.44 and v.0.55 and able to reproduces issue by upgrading it to v.0.55.

Anything else we need to know?: I used Jenkins job to scan the images. The Jenkins job create new image from AWS ECR and run grype on that image.

Environment:

• Output of grype version: v.0.55
• OS (e.g: cat /etc/os-release or similar): Ubuntu 22.04

[kzantow]

Hi @rhcechetan are there any public images you could point to or sample Dockerfile you could provide to reproduce these scan times?

[rhcechetan]

HI @kzantow we used our develop application image which take 30-40 min to scan using Grype v.0.44 but same will take more than 3 hour on higher verion.

[kzantow]

@rhcechetan is there any information you could provide to help diagnose this issue for you? I don't see a way to reproduce this, nor a way to narrow down to a specific release - between v0.44.0 and v0.55.0 had a number of releases.

Please note that we are currently working on some performance improvements in scanning, which could help this (but unable to know without more information).

[tgerla]

Hi @rhcechetan, we just released Grype 0.57 which includes a the new version of Syft which contains many performance improvements. I believe these changes will make a big difference in your scan time. I'll go ahead and close this ticket out, but feel free to re-open it or open a new one if you don't see an improvement with the latest Grype and Syft. Thanks!