feat!: change limit=0 to return no items and enforce maximum limit by ctron · Pull Request #2351 · guacsec/trustify

ctron · 2026-05-06T11:52:44Z

~~This is based on PR #2338 … only take a look at the most recent commits.~~

Summary by Sourcery

Enforce configurable maximum pagination limits and change limit=0 semantics while propagating limit validation and error handling across services and APIs.

New Features:

Add configurable maximum pagination limit with HTTP 400 responses including X-Pagination-Max-Limit header and structured error body when exceeded.

Enhancements:

Change limit=0 semantics so that no items are returned while still allowing optional total count computation, avoiding unnecessary data queries.
Propagate pagination limit validation through Limiter utilities and service layers, returning explicit Limit errors instead of silently accepting oversized limits.
Extend pagination configuration and documentation (ADR and OpenAPI) to describe maximum limit enforcement and the new limit=0 behavior.
Refine Paginated defaulting and in-memory pagination behavior to align with new semantics and simplify construction.

Documentation:

Update ADR 00017 and OpenAPI documentation to capture maximum pagination limit enforcement and the new meaning of limit=0.

Tests:

Add and update unit and integration tests to cover limit enforcement, limit=0 behavior, HTTP error responses, and service-specific pagination scenarios.

sourcery-ai

Sorry @ctron, your pull request is larger than the review limit of 150000 diff characters

helio-frota · 2026-05-06T12:49:53Z

memory issue solved 🚀

➜  ducttape-stress git:(main) ✗ bun pagination-test.js
Starting pagination load test
Concurrent users: 20 <-------------------
Duration: 60 seconds
Endpoints: 12


finished
Total requests: 4734 <-------------------
Median response time: 40ms <-------------------

Per-endpoint stats:
/api/v3/advisory?limit=90000&total=false: 375 req, 375 err, 0 missing total <-------------------
/api/v3/advisory?total=false: 410 req, 0 err, 0 missing total
/api/v3/sbom?total=true: 366 req, 0 err, 0 missing total
/api/v3/sbom?total=false: 413 req, 0 err, 0 missing total
/api/v3/vulnerability?total=true: 387 req, 0 err, 0 missing total
/api/v3/vulnerability?total=false: 388 req, 0 err, 0 missing total
/api/v2/license?total=true: 372 req, 0 err, 0 missing total
/api/v2/purl?total=true: 397 req, 0 err, 0 missing total
/api/v2/product?total=true: 427 req, 0 err, 0 missing total
/api/v2/organization?total=true: 388 req, 0 err, 0 missing total
/api/v2/weakness?total=true: 396 req, 0 err, 0 missing total
/api/v2/group/sbom?totals=true: 415 req, 0 err, 0 missing total

ctron · 2026-05-06T13:52:58Z

@sourcery-ai review

sourcery-ai · 2026-05-06T13:54:33Z

Reviewer's Guide

Introduces configurable maximum pagination limits with HTTP 400 responses when exceeded, changes limit=0 semantics to return no items while still allowing total computation, and refactors limiter APIs and services to enforce the new behavior consistently across queries, OpenAPI docs, and tests.

Sequence diagram for exceeding maximum pagination limit

sequenceDiagram
  actor Client
  participant ApiHandler
  participant Service
  participant Cache as PaginationCache
  participant Lim as Limiter

  Client->>ApiHandler: HTTP GET /items?offset=0&limit=2000&total=true
  ApiHandler->>Service: get_items(paginated)
  Service->>Cache: check_limit(limit=2000)
  alt limit_exceeds_max_limit
    Cache-->>Service: LimitError(max_limit)
    Service-->>ApiHandler: Error_Limit(LimitError)
    ApiHandler-->>Client: 400 BadRequest\nX-Pagination-Max-Limit: max_limit\nbody: ErrorInformation LimitExceeded
  else limit_within_max
    Cache-->>Service: Ok(limit)
    Service->>Lim: construct_limiter(db, page, cache)
    Lim->>Lim: fetch()
    Lim-->>Service: LimitedResult(items, TotalCount)
    Service->>Cache: TotalCount.requested(total=true)
    Cache-->>Service: total_count
    Service-->>ApiHandler: PaginatedResults
    ApiHandler-->>Client: 200 OK with items and total
  end

Class diagram for updated pagination and limiter types

classDiagram

class Paginated {
  u64 offset
  u64 limit
  bool total
  +paginate_array(vec: VecT): PaginatedResultsT
}

class PaginatedResultsT {
  VecT items
  Option_u64 total
}

class PaginationConfig {
  humantime_Duration cache_ttl
  u64 max_limit
  +into_cache(): PaginationCache
}

class PaginationCache {
  CacheStringU64 cache
  CounterU64 total
  CounterU64 misses
  u64 max_limit
  +new(ttl: Duration, max_limit: u64): PaginationCache
  +for_test(): PaginationCache
  +check_limit(limit: u64): Result_u64_LimitError
  +max_limit(): u64
}

class LimitError {
  u64 max_limit
  +error_response(): HttpResponseBoxBody
}

class LimiterError {
  Db(DbErr)
  Limit(LimitError)
}

class LimiterDBFetchCount {
  C db
  PaginatorCCount paginator
  FetchSelector selector
  String cache_key
  PaginationCache cache
  u64 limit
  +fetch(): Result_LimitedResult_DbErr
}

class TotalCount {
  C db
  PaginatorCCount paginator
  String cache_key
  PaginationCache cache
  +requested(total: bool): Result_Option_u64_DbErr
}

class Resulting {
  <<trait>>
  +resulting(db: C, query: SelectE, cache: PaginationCache): Future_Output
}

class PaginatedResultingImpl {
  +resulting(db: C, query: SelectE, cache: PaginationCache): Future_PaginatedResultsM
}

class UnitResultingImpl {
  +resulting(db: C, query: SelectE, cache: PaginationCache): Future_VecM
}

class limit_selector_fn {
  +limit_selector(db: C, select: SelectE, page: Page, cache: PaginationCache): Result_LimiterDBFetchCount_LimitError
}

Paginated --> PaginatedResultsT : produces
PaginationConfig --> PaginationCache : into_cache
PaginationCache --> LimiterDBFetchCount : configures
PaginationCache --> TotalCount : caches_totals
LimiterDBFetchCount *-- TotalCount : builds
LimitError <|-- LimiterError : Limit
LimiterError --> LimiterDBFetchCount : error_from_construction
Resulting <|.. PaginatedResultingImpl : impl
Resulting <|.. UnitResultingImpl : impl
PaginatedResultingImpl --> limit_selector_fn : uses
UnitResultingImpl --> limit_selector_fn : uses
LimiterDBFetchCount --> PaginationCache : uses
TotalCount --> PaginationCache : uses
Paginated --> PaginationCache : used_via_services

File-Level Changes

Change	Details	Files
Add configurable maximum pagination limit with HTTP error reporting and wire it through services and errors.	Extend PaginationCache to hold a max_limit, expose check_limit and max_limit methods, and construct it from PaginationConfig via a new CLI/env option. Introduce LimitError implementing ResponseError that returns 400, sets X-Pagination-Max-Limit, and uses ErrorInformation payload; integrate it into fundamental and importer Error enums so services propagate it correctly. Update tests and test helpers (including caller_with, advisory endpoint tests, and new LimitError-focused tests) to construct PaginationCache with a max limit where needed and assert on 400 responses and headers.	`common/src/db/pagination_cache.rs` `common/src/db/limiter.rs` `modules/fundamental/src/error.rs` `modules/importer/src/service.rs` `modules/fundamental/src/test/common.rs` `modules/fundamental/src/advisory/endpoints/test.rs` `modules/ingestor/src/graph/error.rs`
Change limit=0 semantics to return no items but still compute totals, and enforce limits in limiter APIs.	Modify Limiter.fetch to short-circuit the data query when limit is zero while still allowing deferred total counting. Refactor LimiterTrait, LimiterAsModelTrait, limit_selector, and Resulting to accept Paginated/Page objects, check limits via PaginationCache::check_limit, and return LimitError/LimiterError on violations. Adjust all call sites in services (SBOM, Purl, Organization, Product, Weakness, Vulnerability, Importer, SbomGroup, graph purl) to pass Paginated instead of offset/limit and handle new error types; adapt tests that previously used limit=0 (meaning unlimited) to use an explicit high limit instead. Update in-memory Paginated::paginate_array to treat limit=0 as returning an empty items slice while still computing total, and extend tests accordingly.	`common/src/db/limiter.rs` `common/src/service/result.rs` `common/src/model.rs` `modules/fundamental/src/sbom/service/sbom.rs` `modules/fundamental/src/purl/service/mod.rs` `modules/fundamental/src/organization/service/mod.rs` `modules/fundamental/src/product/service/mod.rs` `modules/fundamental/src/weakness/service/mod.rs` `modules/fundamental/src/vulnerability/service/mod.rs` `modules/fundamental/src/sbom_group/service.rs` `modules/ingestor/src/graph/purl/mod.rs` `modules/fundamental/tests/*/` `modules/ingestor/src/graph/purl/mod.rs`
Document new pagination behavior and align OpenAPI and ADRs with max-limit and limit=0 changes.	Update all OpenAPI path parameter descriptions for limit to state that zero returns no items while still allowing total computation. Expand ADR 00017 to cover maximum pagination limit enforcement, HTTP error shape, configuration (TRUSTD_PAGINATION_MAX_LIMIT / --pagination-max-limit), and the breaking change semantics for limit=0. Ensure Paginated derives Default manually to keep sensible defaults with the new limit semantics.	`openapi.yaml` `docs/adrs/00017-efficient-pagination.md` `common/src/model.rs`

Tips and commands

Interacting with Sourcery

Trigger a new review: Comment @sourcery-ai review on the pull request.
Continue discussions: Reply directly to Sourcery's review comments.
Generate a GitHub issue from a review comment: Ask Sourcery to create an
issue from a review comment by replying to it. You can also reply to a
review comment with @sourcery-ai issue to create an issue from it.
Generate a pull request title: Write @sourcery-ai anywhere in the pull
request title to generate a title at any time. You can also comment
@sourcery-ai title on the pull request to (re-)generate the title at any time.
Generate a pull request summary: Write @sourcery-ai summary anywhere in
the pull request body to generate a PR summary at any time exactly where you
want it. You can also comment @sourcery-ai summary on the pull request to
(re-)generate the summary at any time.
Generate reviewer's guide: Comment @sourcery-ai guide on the pull
request to (re-)generate the reviewer's guide at any time.
Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
pull request to resolve all Sourcery comments. Useful if you've already
addressed all the comments and don't want to see them anymore.
Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
request to dismiss all existing Sourcery reviews. Especially useful if you
want to start fresh with a new review - don't forget to comment
@sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

Enable or disable review features such as the Sourcery-generated pull request
summary, the reviewer's guide, and others.
Change the review language.
Add, remove or edit custom review instructions.
Adjust other review settings.

Getting Help

Contact our support team for questions or feedback.
Visit our documentation for detailed guides and information.
Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

sourcery-ai

Hey - I've reviewed your changes and they look great!

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

codecov · 2026-05-07T15:49:05Z

Codecov Report

❌ Patch coverage is 74.22680% with 50 lines in your changes missing coverage. Please review.
✅ Project coverage is 70.89%. Comparing base (ecf520c) to head (c94ed9a).

Files with missing lines	Patch %	Lines
common/src/db/limiter.rs	61.53%	16 Missing and 4 partials ⚠️
common/src/model.rs	80.48%	7 Missing and 1 partial ⚠️
common/src/db/pagination_cache.rs	93.61%	3 Missing ⚠️
common/src/service/result.rs	50.00%	0 Missing and 2 partials ⚠️
...odules/fundamental/src/organization/service/mod.rs	50.00%	1 Missing and 1 partial ⚠️
modules/fundamental/src/product/service/mod.rs	50.00%	1 Missing and 1 partial ⚠️
modules/fundamental/src/purl/service/mod.rs	66.66%	1 Missing and 1 partial ⚠️
modules/fundamental/src/sbom/service/sbom.rs	66.66%	0 Missing and 2 partials ⚠️
...dules/fundamental/src/vulnerability/service/mod.rs	33.33%	0 Missing and 2 partials ⚠️
modules/fundamental/src/weakness/service/mod.rs	50.00%	1 Missing and 1 partial ⚠️
... and 4 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2351      +/-   ##
==========================================
- Coverage   70.92%   70.89%   -0.04%     
==========================================
  Files         442      442              
  Lines       25265    25357      +92     
  Branches    25265    25357      +92     
==========================================
+ Hits        17920    17976      +56     
- Misses       6367     6392      +25     
- Partials      978      989      +11

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

helio-frota

Approving from the performance part. I'm not sure if I'm missing other extra details

Co-authored-by: Claude <noreply@anthropic.com>

Change limit=0 semantics from "no limit" to "return no items", skipping the database query entirely while still computing the total when requested. Introduce a configurable maximum pagination limit (default 1000) that rejects requests exceeding it with HTTP 400 and an X-Pagination-Max-Limit header via a dedicated LimitError. Add Page struct to replace loose offset/limit parameters in limiter traits. Co-authored-by: Claude <noreply@anthropic.com>

Co-authored-by: Claude <noreply@anthropic.com>

ctron · 2026-05-08T10:54:12Z

/scale-test

github-actions · 2026-05-08T10:54:28Z

🛠️ Scale test has started! Follow the progress here: Workflow Run

github-actions · 2026-05-08T12:25:18Z

Goose Report

Goose Attack Report

Plan Overview

Action	Started	Stopped	Elapsed	Users
Increasing	26-05-08 11:55:01	26-05-08 11:55:08	00:00:07	0 → 7
Maintaining	26-05-08 11:55:08	26-05-08 12:25:08	00:30:00	7
Decreasing	26-05-08 12:25:08	26-05-08 12:25:10	00:00:02	0 ← 7

Request Metrics

Method	Name	# Requests	# Fails	Average (ms)	Min (ms)	Max (ms)	RPS	Failures/s
GET	/.well-known/trustify	345 (-30)	0	3.52 (-0.16)	1 (0)	46 (+10)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/group/sbom	347 (-28)	0	5.30 (-0.23)	1 (0)	57 (+2)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/group/sbom?parents=resolve	345 (-30)	0	4.77 (+0.59)	1 (0)	46 (+2)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/group/sbom?totals=true	345 (-30)	0	4.26 (-0.10)	1 (0)	42 (-14)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/importer	345 (-30)	0	3.52 (-0.51)	1 (0)	47 (-19)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/license	347 (-28)	0	11.86 (-0.60)	2 (0)	62 (-3)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/license/spdx/license	347 (-28)	0	1.12 (-0.22)	1 (0)	28 (+17)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/license/spdx/license?q=apache	40585 (-170)	0	0.82 (-0.22)	1 (0)	66 (+20)	22.55 (-0.09)	0.00 (+0.00)
GET	/api/v2/license/spdx/license?q=gpl	40585 (-170)	0	0.66 (-0.25)	1 (0)	47 (-18)	22.55 (-0.09)	0.00 (+0.00)
GET	/api/v2/license?q=ASL&sort=license:desc	40585 (-169)	0	10.24 (+0.71)	1 (0)	262 (+109)	22.55 (-0.09)	0.00 (+0.00)
GET	/api/v2/license?q=license~Apache	40585 (-170)	0	4.76 (-0.24)	1 (0)	98 (+21)	22.55 (-0.09)	0.00 (+0.00)
GET	/api/v2/license?q=license~GPL	40585 (-170)	0	4.98 (-0.14)	1 (0)	74 (-66)	22.55 (-0.09)	0.00 (+0.00)
GET	/api/v2/organization	345 (-30)	0	5.43 (-0.08)	1 (0)	40 (-6)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/organization?sort=name:asc	345 (-30)	0	7.97 (+0.62)	1 (0)	82 (+18)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/product	346 (-31)	0	5.87 (-0.97)	2 (0)	36 (-2)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/product?q=name~openshift	345 (-30)	0	10.00 (-1.13)	2 (0)	63 (+2)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/product?sort=name:asc	345 (-30)	0	11.00 (-1.99)	2 (0)	64 (+4)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/purl	345 (-30)	0	3.70 (-0.39)	1 (0)	31 (-5)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/purl/base	347 (-28)	0	8.80 (+0.93)	1 (0)	59 (+7)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/purl/base?q=namespace=redhat	345 (-30)	0	5.19 (-0.76)	1 (0)	54 (-7)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/purl/base?q=type=rpm	345 (-30)	0	5.06 (-1.94)	1 (0)	56 (+3)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/purl/base?sort=name:asc	345 (-30)	0	148.61 (+10.58)	29 (-2)	342 (+73)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/purl?offset=100&limit=10	345 (-30)	0	3.59 (-0.23)	1 (0)	42 (+9)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/purl?q=curl	346 (-31)	0	5203.20 (+358.23)	1335 (+221)	6587 (-7899)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/purl?q=license~GPLv3+ with exceptions	Apache&sort=name:desc	40585 (-170)	0	3.91 (-0.33)	1 (0)	85 (-272)	22.55 (-0.09)
GET	/api/v2/purl?q=name=curl	346 (-31)	0	28.84 (-4.93)	7 (-1)	95 (+5)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/purl?q=purl:namespace=redhat	345 (-30)	0	7.14 (+0.43)	1 (0)	46 (-7)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/purl?q=purl:ty=rpm	345 (-30)	0	7.95 (+0.59)	1 (-1)	59 (+6)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/purl?sort=purl:name:asc	345 (-30)	0	10.10 (+1.28)	1 (0)	72 (+9)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/sbom	346 (-31)	0	379.12 (+18.23)	316 (+35)	699 (-14)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/sbom-labels	347 (-28)	0	27.29 (-1.33)	5 (0)	100 (+1)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/sbom?offset=100&limit=10	346 (-31)	0	177.48 (+4.51)	105 (-2)	577 (+261)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/sbom?q=license~GPL&sort=name:desc	40585 (-169)	0	4.74 (-0.04)	1 (0)	96 (+4)	22.55 (-0.09)	0.00 (+0.00)
GET	/api/v2/weakness	347 (-28)	0	6.90 (+0.04)	1 (0)	56 (-6)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/weakness?q=description~injection	345 (-30)	0	4.56 (-0.02)	1 (0)	46 (-4)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v2/weakness?sort=id:asc	345 (-30)	0	4.43 (-0.31)	1 (0)	47 (+2)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/advisory	345 (-30)	0	53.92 (+0.02)	14 (-5)	199 (-24)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/advisory?deprecated=Consider	345 (-30)	0	72.79 (+1.87)	18 (-3)	384 (+64)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/advisory?offset=100&limit=10	345 (-30)	0	42.84 (+2.75)	11 (+1)	123 (-134)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/advisory?q=CVE-2021-	345 (-30)	0	189.60 (-44.66)	19 (+1)	1731 (-59)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/advisory?q=identifier%3dCVE-2022-0981	345 (-30)	0	8.12 (-1.49)	2 (-1)	34 (-64)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/advisory?q=modified>3 days ago	345 (-30)	0	10.93 (+0.31)	2 (0)	65 (+12)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/advisory?q=title~openssl	345 (-30)	0	85.61 (-0.73)	24 (-3)	265 (+16)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/advisory?sort=modified:desc	345 (-30)	0	54.09 (-2.37)	16 (-1)	189 (+24)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/sbom	346 (-31)	0	152.44 (+5.63)	97 (+5)	666 (+472)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/sbom?offset=100&limit=10	346 (-31)	0	107.56 (+5.03)	56 (+10)	426 (+207)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/sbom?q=label:type=product	345 (-30)	0	7.83 (-0.44)	1 (0)	54 (-5)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/sbom?q=name~redhat	345 (-30)	0	162.77 (-48.57)	47 (+38)	460 (-151)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/sbom?q=published>2024-01-01	345 (-30)	0	178.97 (+31.55)	53 (-6)	462 (+29)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/sbom?sort=ingested:desc	345 (-30)	0	187.72 (+8.85)	47 (-4)	490 (+87)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/vulnerability	345 (-30)	0	5.84 (-1.33)	2 (0)	38 (-20)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/vulnerability?offset=100&limit=10	345 (-30)	0	6.91 (-0.03)	1 (0)	52 (-1)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/vulnerability?q=base_score>=7.0	345 (-30)	0	12.43 (+1.51)	2 (0)	144 (-76)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/vulnerability?q=base_severity=high	345 (-30)	0	15.37 (+0.53)	2 (0)	260 (+66)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/vulnerability?q=cwes=CWE-79	345 (-30)	0	16.24 (+2.52)	2 (0)	223 (-82)	0.19 (-0.02)	0.00 (+0.00)
GET	/api/v3/vulnerability?sort=base_score:desc	345 (-30)	0	589.83 (+14.60)	150 (+23)	1067 (+143)	0.19 (-0.02)	0.00 (+0.00)
GET	count_sbom_by_package[pkg:oci/web-ter…=1.15-1770672845]	345 (-30)	0	15.20 (+1.23)	2 (0)	72 (-2)	0.19 (-0.02)	0.00 (+0.00)
GET	download_advisory[f1e5eb17-2f31-4…b46-c11f52398375]	345 (-30)	345	1.16 (-0.03)	1 (0)	7 (-3)	0.19 (-0.02)	0.19 (-0.02)
GET	download_sbom[sha256:a04260d9…a6046a828fcd17e5]	345 (-30)	345	60.57 (-0.32)	16 (-2)	253 (+53)	0.19 (-0.02)	0.19 (-0.02)
GET	get_advisory[f1e5eb17-2f31-4…b46-c11f52398375]	345 (-30)	0	12.45 (-0.44)	1 (0)	64 (-9)	0.19 (-0.02)	0.00 (+0.00)
GET	get_base_purl[pkg:golang/k8s.…d/golang/reflect]	345 (-30)	0	63.99 (-0.26)	4 (0)	215 (+4)	0.19 (-0.02)	0.00 (+0.00)
GET	get_organization[53d3fae7-574a-4…66b-5a704e8b289a]	345 (-30)	0	267.82 (-1.78)	56 (+4)	457 (-178)	0.19 (-0.02)	0.00 (+0.00)
GET	get_product[761f2bc9-f3a4-5…ee5-fd2aa3aef38b]	345 (-30)	0	10.36 (-0.99)	1 (-1)	91 (+15)	0.19 (-0.02)	0.00 (+0.00)
GET	get_purl_details[00001592-edf0-5…ed9-396e8c9d149f]	345 (-30)	0	439.74 (-27.23)	70 (-11)	800 (+47)	0.19 (-0.02)	0.00 (+0.00)
GET	get_sbom[sha256:a04260d9…a6046a828fcd17e5]	345 (-30)	0	71.52 (+1.62)	17 (-1)	214 (-10)	0.19 (-0.02)	0.00 (+0.00)
GET	get_sbom_license_export[urn:uuid:019cf0…76e-43a3bfd8a2f5]	345 (-30)	0	13.99 (+0.63)	1 (0)	79 (-1)	0.19 (-0.02)	0.00 (+0.00)
GET	get_sbom_license_ids[urn:uuid:019cf0…76e-43a3bfd8a2f5]	345 (-30)	0	9.01 (+0.01)	1 (0)	76 (+20)	0.19 (-0.02)	0.00 (+0.00)
GET	get_spdx_license[MIT]	345 (-30)	0	2.30 (-0.24)	1 (0)	16 (-2)	0.19 (-0.02)	0.00 (+0.00)
GET	list_advisory_labels	350 (-30)	0	15298.02 (+1598.94)	10785 (+3130)	21008 (+2161)	0.19 (-0.02)	0.00 (+0.00)
GET	sbom_by_package[pkg:oci/web-ter…=1.15-1770672845]	345 (-30)	0	39.44 (+3.20)	6 (0)	184 (+25)	0.19 (-0.02)	0.00 (+0.00)
POST	get_recommendations[batch=10]	1035 (-90)	0	102.46 (+3.25)	16 (0)	471 (-11)	0.57 (-0.05)	0.00 (+0.00)
POST	post_extract_sbom_purls	345 (-30)	0	4.31 (+1.22)	1 (0)	62 (+35)	0.19 (-0.02)	0.00 (+0.00)
POST	post_vulnerability_analyze[pkg:rpm/redhat/squid]	345 (-30)	0	4.06 (-0.09)	1 (0)	46 (-5)	0.19 (-0.02)	0.00 (+0.00)
POST	post_vulnerability_analyze_v3	347 (-28)	0	1137.72 (+60.31)	193 (-13)	2675 (+28)	0.19 (-0.02)	0.00 (+0.00)
	Aggregated	307926 (-3251)	690	33.18 (+0.20)	1 (0)	21008 (+2161)	171.07 (-1.81)	0.38 (-0.03)

Response Time Metrics

Method	Name	50%ile (ms)	60%ile (ms)	70%ile (ms)	80%ile (ms)	90%ile (ms)	95%ile (ms)	99%ile (ms)	100%ile (ms)
GET	/.well-known/trustify	1 (-1)	2 (0)	2 (0)	3 (0)	5 (-1)	22 (-1)	37 (+3)	46 (+10)
GET	/api/v2/group/sbom	2 (-1)	3 (-1)	4 (-1)	5 (-1)	12 (+2)	28 (+8)	43 (0)	57 (+2)
GET	/api/v2/group/sbom?parents=resolve	2 (-1)	3 (0)	4 (0)	5 (0)	8 (+2)	23 (+11)	38 (+7)	46 (+2)
GET	/api/v2/group/sbom?totals=true	2 (-1)	3 (0)	3 (-1)	4 (-1)	7 (0)	21 (+10)	34 (+2)	42 (-14)
GET	/api/v2/importer	2 (-1)	3 (0)	3 (-1)	4 (0)	6 (-1)	10 (0)	27 (-1)	47 (-19)
GET	/api/v2/license	7 (0)	9 (0)	11 (0)	14 (-1)	38 (+9)	47 (-1)	54 (-8)	62 (-3)
GET	/api/v2/license/spdx/license	1 (0)	1 (0)	1 (0)	1 (0)	2 (0)	4 (0)	8 (-2)	28 (+17)
GET	/api/v2/license/spdx/license?q=apache	1 (0)	1 (0)	1 (0)	1 (0)	1 (0)	2 (0)	3 (0)	66 (+20)
GET	/api/v2/license/spdx/license?q=gpl	1 (0)	1 (0)	1 (0)	1 (0)	1 (0)	1 (0)	2 (-1)	47 (-18)
GET	/api/v2/license?q=ASL&sort=license:desc	3 (0)	4 (0)	6 (0)	11 (+1)	39 (+1)	45 (+2)	55 (+2)	260 (+110)
GET	/api/v2/license?q=license~Apache	2 (0)	2 (-1)	3 (0)	5 (0)	8 (0)	15 (-1)	51 (0)	98 (+21)
GET	/api/v2/license?q=license~GPL	2 (0)	2 (-1)	3 (0)	5 (0)	8 (0)	18 (0)	52 (+1)	74 (-66)
GET	/api/v2/organization	3 (0)	4 (0)	5 (+1)	6 (0)	13 (+1)	22 (+3)	31 (-6)	40 (-6)
GET	/api/v2/organization?sort=name:asc	4 (0)	6 (+1)	8 (+1)	10 (+1)	15 (+2)	41 (+14)	52 (-2)	82 (+18)
GET	/api/v2/product	5 (-1)	6 (0)	6 (-1)	7 (-1)	8 (-1)	10 (-1)	29 (-2)	36 (-2)
GET	/api/v2/product?q=name~openshift	6 (-1)	7 (-1)	9 (-1)	12 (-1)	18 (-4)	41 (-2)	55 (0)	63 (+2)
GET	/api/v2/product?sort=name:asc	7 (-1)	8 (-2)	10 (-2)	13 (-3)	26 (-13)	44 (+1)	53 (+3)	64 (+4)
GET	/api/v2/purl	3 (0)	3 (-1)	4 (-1)	5 (0)	6 (-1)	8 (0)	21 (+9)	31 (-5)
GET	/api/v2/purl/base	3 (-1)	5 (0)	6 (0)	9 (0)	37 (+14)	42 (+5)	55 (+11)	59 (+7)
GET	/api/v2/purl/base?q=namespace=redhat	3 (0)	4 (0)	5 (0)	6 (0)	9 (-1)	15 (-12)	42 (+2)	54 (-7)
GET	/api/v2/purl/base?q=type=rpm	3 (-1)	3 (-1)	4 (-1)	6 (-1)	10 (-6)	16 (-19)	42 (-2)	56 (+3)
GET	/api/v2/purl/base?sort=name:asc	170 (+30)	180 (+20)	190 (+10)	200 (+10)	230 (+30)	260 (+40)	290 (+40)	340 (+71)
GET	/api/v2/purl?offset=100&limit=10	3 (0)	3 (-1)	4 (0)	5 (0)	6 (0)	8 (0)	20 (+6)	42 (+9)
GET	/api/v2/purl?q=curl	6,000 (+1,000)	6,000 (+1,000)	6,000 (+1,000)	6,000 (+1,000)	6,000 (+1,000)	6,000 (+1,000)	6,000 (-3,000)	6,587 (-7,413)
GET	/api/v2/purl?q=license~GPLv3+ with exceptions	Apache&sort=name:desc	2 (0)	2 (0)	2 (-1)	3 (-1)	6 (0)	12 (-2)	49 (-1)
GET	/api/v2/purl?q=name=curl	30 (-5)	31 (-6)	32 (-6)	32 (-8)	34 (-10)	36 (-13)	48 (-6)	95 (+5)
GET	/api/v2/purl?q=purl:namespace=redhat	4 (0)	5 (+1)	6 (+1)	8 (+1)	14 (+1)	37 (+10)	45 (0)	46 (-7)
GET	/api/v2/purl?q=purl:ty=rpm	4 (0)	5 (0)	6 (0)	9 (+1)	17 (+4)	39 (+5)	48 (-2)	59 (+6)
GET	/api/v2/purl?sort=purl:name:asc	5 (0)	7 (0)	9 (0)	12 (+1)	35 (+17)	45 (+13)	53 (0)	72 (+9)
GET	/api/v2/sbom	380 (+20)	380 (+10)	390 (+20)	400 (+20)	410 (+20)	420 (+20)	470 (+10)	699 (-1)
GET	/api/v2/sbom-labels	20 (0)	24 (0)	29 (-3)	48 (-3)	61 (0)	69 (+1)	86 (+10)	100 (+1)
GET	/api/v2/sbom?offset=100&limit=10	180 (+10)	180 (0)	190 (+10)	190 (0)	200 (0)	200 (-10)	230 (-10)	577 (+261)
GET	/api/v2/sbom?q=license~GPL&sort=name:desc	2 (0)	2 (0)	3 (0)	4 (0)	7 (0)	26 (+3)	50 (+1)	96 (+4)
GET	/api/v2/weakness	3 (0)	3 (-1)	4 (-1)	7 (0)	17 (+2)	40 (+3)	50 (+6)	56 (-6)
GET	/api/v2/weakness?q=description~injection	3 (0)	3 (-1)	4 (0)	5 (0)	7 (-1)	16 (+5)	37 (-2)	46 (-4)
GET	/api/v2/weakness?sort=id:asc	3 (0)	3 (0)	4 (0)	5 (0)	7 (0)	12 (-6)	37 (+1)	47 (+2)
GET	/api/v3/advisory	52 (0)	56 (+1)	61 (+1)	67 (+1)	87 (+6)	97 (+3)	140 (-10)	199 (-21)
GET	/api/v3/advisory?deprecated=Consider	65 (0)	74 (+3)	83 (+5)	92 (+4)	120 (+20)	140 (+20)	210 (+50)	380 (+60)
GET	/api/v3/advisory?offset=100&limit=10	40 (+3)	43 (+4)	46 (+3)	51 (+5)	61 (+8)	79 (+9)	100 (+4)	120 (-137)
GET	/api/v3/advisory?q=CVE-2021-	84 (-12)	100 (-20)	130 (-50)	190 (-80)	360 (-240)	1,000 (0)	1,000 (0)	1,731 (-59)
GET	/api/v3/advisory?q=identifier%3dCVE-2022-0981	7 (-1)	8 (-1)	9 (-1)	10 (-2)	13 (-2)	16 (-3)	26 (-16)	34 (-64)
GET	/api/v3/advisory?q=modified>3 days ago	8 (0)	9 (-1)	11 (-1)	13 (-1)	20 (0)	37 (+9)	58 (+8)	65 (+12)
GET	/api/v3/advisory?q=title~openssl	80 (-3)	88 (-6)	99 (-1)	120 (0)	140 (0)	170 (+10)	240 (+20)	265 (+16)
GET	/api/v3/advisory?sort=modified:desc	55 (-2)	60 (-1)	66 (-2)	75 (-1)	87 (-2)	97 (-3)	150 (+20)	189 (+24)
GET	/api/v3/sbom	150 (0)	150 (0)	160 (+10)	160 (0)	170 (+10)	170 (0)	200 (+10)	666 (+476)
GET	/api/v3/sbom?offset=100&limit=10	110 (+10)	110 (+10)	110 (0)	120 (+10)	130 (+10)	140 (0)	160 (0)	426 (+207)
GET	/api/v3/sbom?q=label:type=product	5 (-1)	6 (-1)	8 (0)	9 (0)	14 (+1)	25 (-2)	44 (-1)	54 (-5)
GET	/api/v3/sbom?q=name~redhat	160 (-110)	180 (-110)	200 (-120)	220 (-120)	270 (-100)	300 (-110)	380 (-120)	460 (-140)
GET	/api/v3/sbom?q=published>2024-01-01	190 (+40)	200 (+40)	210 (+40)	220 (+40)	270 (+70)	310 (+60)	380 (+10)	460 (+30)
GET	/api/v3/sbom?sort=ingested:desc	200 (+10)	220 (+20)	230 (+20)	260 (+30)	290 (+40)	310 (+30)	400 (+70)	490 (+90)
GET	/api/v3/vulnerability	5 (-1)	6 (0)	7 (0)	7 (-2)	10 (-2)	13 (-4)	27 (-2)	38 (-20)
GET	/api/v3/vulnerability?offset=100&limit=10	5 (-1)	6 (0)	7 (0)	8 (-1)	12 (0)	21 (+7)	43 (+12)	52 (-1)
GET	/api/v3/vulnerability?q=base_score>=7.0	8 (+1)	10 (+2)	12 (+2)	17 (+5)	30 (+10)	38 (+6)	54 (-4)	140 (-80)
GET	/api/v3/vulnerability?q=base_severity=high	10 (0)	11 (0)	12 (-1)	17 (+1)	30 (+2)	40 (+2)	120 (+29)	260 (+70)
GET	/api/v3/vulnerability?q=cwes=CWE-79	10 (0)	12 (+1)	15 (+2)	20 (+4)	36 (+10)	52 (+12)	78 (+20)	220 (-85)
GET	/api/v3/vulnerability?sort=base_score:desc	700 (0)	700 (0)	700 (0)	800 (0)	800 (0)	900 (+100)	1,000 (+100)	1,000 (+100)
GET	count_sbom_by_package[pkg:oci/web-ter…=1.15-1770672845]	10 (+1)	12 (+1)	15 (+1)	22 (+3)	37 (+4)	49 (+4)	60 (+4)	72 (-2)
GET	download_advisory[f1e5eb17-2f31-4…b46-c11f52398375]	1 (0)	1 (0)	1 (0)	2 (+1)	2 (0)	3 (+1)	6 (+1)	7 (-3)
GET	download_sbom[sha256:a04260d9…a6046a828fcd17e5]	55 (+2)	66 (+4)	75 (+2)	89 (+3)	100 (-10)	120 (-10)	180 (-10)	250 (+50)
GET	get_advisory[f1e5eb17-2f31-4…b46-c11f52398375]	8 (0)	10 (0)	13 (0)	16 (-2)	32 (-2)	41 (+1)	53 (+1)	64 (-9)
GET	get_base_purl[pkg:golang/k8s.…d/golang/reflect]	44 (-6)	74 (-5)	100 (0)	120 (0)	150 (+10)	180 (+20)	200 (+10)	215 (+5)
GET	get_organization[53d3fae7-574a-4…66b-5a704e8b289a]	310 (0)	330 (+10)	360 (+20)	370 (+10)	390 (0)	410 (+10)	450 (+40)	457 (-143)
GET	get_product[761f2bc9-f3a4-5…ee5-fd2aa3aef38b]	6 (-1)	7 (-2)	9 (-2)	12 (-3)	26 (-3)	41 (+4)	62 (+5)	91 (+15)
GET	get_purl_details[00001592-edf0-5…ed9-396e8c9d149f]	490 (-10)	500 (-100)	600 (0)	600 (0)	600 (0)	700 (0)	700 (0)	800 (+47)
GET	get_sbom[sha256:a04260d9…a6046a828fcd17e5]	68 (+1)	76 (+1)	87 (+2)	100 (+4)	130 (+10)	150 (+10)	200 (0)	210 (-10)
GET	get_sbom_license_export[urn:uuid:019cf0…76e-43a3bfd8a2f5]	9 (0)	10 (0)	13 (0)	20 (+3)	36 (+3)	49 (+6)	68 (+9)	79 (-1)
GET	get_sbom_license_ids[urn:uuid:019cf0…76e-43a3bfd8a2f5]	6 (0)	7 (0)	8 (0)	10 (-1)	22 (+2)	34 (+4)	57 (+15)	76 (+20)
GET	get_spdx_license[MIT]	1 (0)	2 (0)	2 (-1)	3 (-1)	5 (-1)	8 (0)	14 (0)	16 (-2)
GET	list_advisory_labels	14,000 (+1,000)	15,000 (+1,000)	16,000 (+2,000)	16,000 (+1,000)	20,000 (+2,000)	20,000 (+2,000)	20,000 (+2,000)	21,000 (+2,153)
GET	sbom_by_package[pkg:oci/web-ter…=1.15-1770672845]	31 (+3)	38 (+3)	49 (+4)	63 (+6)	79 (+5)	92 (+9)	120 (+20)	180 (+21)
POST	get_recommendations[batch=10]	72 (+3)	87 (+4)	110 (+10)	150 (-10)	260 (+20)	310 (+10)	410 (+30)	470 (-10)
POST	post_extract_sbom_purls	1 (-1)	2 (0)	2 (0)	3 (0)	7 (+2)	29 (+16)	37 (+13)	62 (+35)
POST	post_vulnerability_analyze[pkg:rpm/redhat/squid]	2 (-1)	3 (0)	3 (-1)	4 (-1)	7 (0)	14 (+2)	40 (+16)	46 (-5)
POST	post_vulnerability_analyze_v3	1,000 (0)	1,000 (0)	2,000 (+1,000)	2,000 (0)	2,000 (0)	2,000 (0)	2,000 (0)	2,675 (+28)
	Aggregated	2 (0)	2 (0)	3 (0)	4 (-1)	11 (-1)	42 (0)	190 (-20)	21,000 (+2,153)

Status Code Metrics

Method	Name	Status Codes
GET	/.well-known/trustify	345 [200]
GET	/api/v2/group/sbom	347 [200]
GET	/api/v2/group/sbom?parents=resolve	345 [200]
GET	/api/v2/group/sbom?totals=true	345 [200]
GET	/api/v2/importer	345 [200]
GET	/api/v2/license	347 [200]
GET	/api/v2/license/spdx/license	347 [200]
GET	/api/v2/license/spdx/license?q=apache	40,585 [200]
GET	/api/v2/license/spdx/license?q=gpl	40,585 [200]
GET	/api/v2/license?q=ASL&sort=license:desc	40,585 [200]
GET	/api/v2/license?q=license~Apache	40,585 [200]
GET	/api/v2/license?q=license~GPL	40,585 [200]
GET	/api/v2/organization	345 [200]
GET	/api/v2/organization?sort=name:asc	345 [200]
GET	/api/v2/product	346 [200]
GET	/api/v2/product?q=name~openshift	345 [200]
GET	/api/v2/product?sort=name:asc	345 [200]
GET	/api/v2/purl	345 [200]
GET	/api/v2/purl/base	347 [200]
GET	/api/v2/purl/base?q=namespace=redhat	345 [200]
GET	/api/v2/purl/base?q=type=rpm	345 [200]
GET	/api/v2/purl/base?sort=name:asc	345 [200]
GET	/api/v2/purl?offset=100&limit=10	345 [200]
GET	/api/v2/purl?q=curl	346 [200]
GET	/api/v2/purl?q=license~GPLv3+ with exceptions	Apache&sort=name:desc
GET	/api/v2/purl?q=name=curl	346 [200]
GET	/api/v2/purl?q=purl:namespace=redhat	345 [200]
GET	/api/v2/purl?q=purl:ty=rpm	345 [200]
GET	/api/v2/purl?sort=purl:name:asc	345 [200]
GET	/api/v2/sbom	346 [200]
GET	/api/v2/sbom-labels	347 [200]
GET	/api/v2/sbom?offset=100&limit=10	346 [200]
GET	/api/v2/sbom?q=license~GPL&sort=name:desc	40,585 [200]
GET	/api/v2/weakness	347 [200]
GET	/api/v2/weakness?q=description~injection	345 [200]
GET	/api/v2/weakness?sort=id:asc	345 [200]
GET	/api/v3/advisory	345 [200]
GET	/api/v3/advisory?deprecated=Consider	345 [200]
GET	/api/v3/advisory?offset=100&limit=10	345 [200]
GET	/api/v3/advisory?q=CVE-2021-	345 [200]
GET	/api/v3/advisory?q=identifier%3dCVE-2022-0981	345 [200]
GET	/api/v3/advisory?q=modified>3 days ago	345 [200]
GET	/api/v3/advisory?q=title~openssl	345 [200]
GET	/api/v3/advisory?sort=modified:desc	345 [200]
GET	/api/v3/sbom	346 [200]
GET	/api/v3/sbom?offset=100&limit=10	346 [200]
GET	/api/v3/sbom?q=label:type=product	345 [200]
GET	/api/v3/sbom?q=name~redhat	345 [200]
GET	/api/v3/sbom?q=published>2024-01-01	345 [200]
GET	/api/v3/sbom?sort=ingested:desc	345 [200]
GET	/api/v3/vulnerability	345 [200]
GET	/api/v3/vulnerability?offset=100&limit=10	345 [200]
GET	/api/v3/vulnerability?q=base_score>=7.0	345 [200]
GET	/api/v3/vulnerability?q=base_severity=high	345 [200]
GET	/api/v3/vulnerability?q=cwes=CWE-79	345 [200]
GET	/api/v3/vulnerability?sort=base_score:desc	345 [200]
GET	count_sbom_by_package[pkg:oci/web-ter…=1.15-1770672845]	345 [200]
GET	download_advisory[f1e5eb17-2f31-4…b46-c11f52398375]	345 [404]
GET	download_sbom[sha256:a04260d9…a6046a828fcd17e5]	345 [404]
GET	get_advisory[f1e5eb17-2f31-4…b46-c11f52398375]	345 [200]
GET	get_base_purl[pkg:golang/k8s.…d/golang/reflect]	345 [200]
GET	get_organization[53d3fae7-574a-4…66b-5a704e8b289a]	345 [200]
GET	get_product[761f2bc9-f3a4-5…ee5-fd2aa3aef38b]	345 [200]
GET	get_purl_details[00001592-edf0-5…ed9-396e8c9d149f]	345 [200]
GET	get_sbom[sha256:a04260d9…a6046a828fcd17e5]	345 [200]
GET	get_sbom_license_export[urn:uuid:019cf0…76e-43a3bfd8a2f5]	345 [200]
GET	get_sbom_license_ids[urn:uuid:019cf0…76e-43a3bfd8a2f5]	345 [200]
GET	get_spdx_license[MIT]	345 [200]
GET	list_advisory_labels	350 [200]
GET	sbom_by_package[pkg:oci/web-ter…=1.15-1770672845]	345 [200]
POST	get_recommendations[batch=10]	1,035 [200]
POST	post_extract_sbom_purls	345 [200]
POST	post_vulnerability_analyze[pkg:rpm/redhat/squid]	345 [200]
POST	post_vulnerability_analyze_v3	347 [200]
	Aggregated	307,236 [200], 690 [404]

Transaction Metrics

Transaction	# Times Run	# Fails	Average (ms)	Min (ms)	Max (ms)	RPS	Failures/s
WebsiteUser
0.0 logon	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.1 website_index	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.2 website_openapi	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.3 website_sboms	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.4 website_packages	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.5 website_advisories	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.6 website_importers	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
RestAPIUser
1.0 logon	345 (-30)	0 (0)	14.54 (+0.73)	6 (0)	33 (-7)	0.19 (-0.02)	0.00 (+0.00)
1.1 /api/v2/organization	345 (-30)	0 (0)	5.61 (-0.05)	1 (0)	40 (-6)	0.19 (-0.02)	0.00 (+0.00)
1.2 /api/v3/advisory	345 (-30)	0 (0)	53.97 (+0.01)	14 (-5)	199 (-24)	0.19 (-0.02)	0.00 (+0.00)
1.3 /api/v3/advisory?offset=100&limit=10	345 (-30)	0 (0)	42.90 (+2.77)	11 (+1)	123 (-134)	0.19 (-0.02)	0.00 (+0.00)
1.4 /api/v3/advisory?q=identifier%3dCVE-2022-0981	345 (-30)	0 (0)	8.17 (-1.48)	2 (-1)	34 (-64)	0.19 (-0.02)	0.00 (+0.00)
1.5 /api/v3/advisory?q=CVE-2021-	345 (-30)	0 (0)	189.64 (-44.66)	19 (+1)	1731 (-59)	0.19 (-0.02)	0.00 (+0.00)
1.6 /api/v3/vulnerability	345 (-30)	0 (0)	5.87 (-1.34)	2 (0)	38 (-20)	0.19 (-0.02)	0.00 (+0.00)
1.7 /api/v3/vulnerability?offset=100&limit=10	345 (-30)	0 (0)	6.96 (-0.01)	1 (0)	52 (-1)	0.19 (-0.02)	0.00 (+0.00)
1.8 /api/v2/importer	345 (-30)	0 (0)	3.55 (-0.53)	1 (0)	47 (-19)	0.19 (-0.02)	0.00 (+0.00)
1.9 /api/v2/purl	345 (-30)	0 (0)	3.72 (-0.40)	1 (0)	31 (-5)	0.19 (-0.02)	0.00 (+0.00)
1.10 /api/v2/purl?offset=100&limit=10	345 (-30)	0 (0)	3.64 (-0.21)	1 (0)	42 (+9)	0.19 (-0.02)	0.00 (+0.00)
1.11 /api/v2/purl?q=curl	346 (-31)	0 (0)	5203.24 (+358.21)	1335 (+221)	6587 (-7899)	0.19 (-0.02)	0.00 (+0.00)
1.12 /api/v2/purl?q=name=curl	346 (-31)	0 (0)	28.88 (-4.91)	7 (-1)	95 (+5)	0.19 (-0.02)	0.00 (+0.00)
1.13 /api/v2/product	346 (-31)	0 (0)	5.92 (-0.98)	2 (0)	36 (-2)	0.19 (-0.02)	0.00 (+0.00)
1.14 /api/v3/sbom	346 (-31)	0 (0)	152.47 (+5.63)	97 (+5)	666 (+472)	0.19 (-0.02)	0.00 (+0.00)
1.15 /api/v2/sbom	346 (-31)	0 (0)	379.17 (+18.23)	316 (+35)	699 (-14)	0.19 (-0.02)	0.00 (+0.00)
1.16 /api/v3/sbom?offset=100&limit=10	346 (-31)	0 (0)	107.59 (+5.02)	56 (+10)	426 (+207)	0.19 (-0.02)	0.00 (+0.00)
1.17 /api/v2/sbom?offset=100&limit=10	346 (-31)	0 (0)	177.52 (+4.50)	105 (-2)	577 (+261)	0.19 (-0.02)	0.00 (+0.00)
1.18 list_advisory_labels	350 (-30)	0 (0)	15298.07 (+1598.90)	10786 (+3131)	21009 (+2162)	0.19 (-0.02)	0.00 (+0.00)
1.19 /api/v2/sbom-labels	347 (-28)	0 (0)	27.32 (-1.35)	5 (0)	100 (+1)	0.19 (-0.02)	0.00 (+0.00)
1.20 /api/v2/purl/base	347 (-28)	0 (0)	8.84 (+0.93)	1 (0)	59 (+7)	0.19 (-0.02)	0.00 (+0.00)
1.21 /api/v2/license	347 (-28)	0 (0)	11.92 (-0.60)	2 (0)	62 (-3)	0.19 (-0.02)	0.00 (+0.00)
1.22 /api/v2/license/spdx/license	347 (-28)	0 (0)	1.17 (-0.22)	0 (0)	28 (+17)	0.19 (-0.02)	0.00 (+0.00)
1.23 /api/v2/weakness	347 (-28)	0 (0)	6.94 (+0.04)	1 (0)	56 (-6)	0.19 (-0.02)	0.00 (+0.00)
1.24 /api/v2/group/sbom	347 (-28)	0 (0)	5.33 (-0.23)	1 (0)	57 (+2)	0.19 (-0.02)	0.00 (+0.00)
1.25 post_vulnerability_analyze_v3	347 (-28)	0 (0)	1137.79 (+60.32)	193 (-13)	2675 (+28)	0.19 (-0.02)	0.00 (+0.00)
1.26 /.well-known/trustify	345 (-30)	0 (0)	3.53 (-0.19)	1 (0)	46 (+10)	0.19 (-0.02)	0.00 (+0.00)
1.27 post_extract_sbom_purls	345 (-30)	0 (0)	4.37 (+1.20)	1 (0)	62 (+35)	0.19 (-0.02)	0.00 (+0.00)
1.28 /api/v3/advisory?q=title~openssl	345 (-30)	0 (0)	85.66 (-0.73)	24 (-3)	265 (+16)	0.19 (-0.02)	0.00 (+0.00)
1.29 /api/v3/advisory?q=modified>3 days ago	345 (-30)	0 (0)	10.96 (+0.30)	2 (0)	65 (+12)	0.19 (-0.02)	0.00 (+0.00)
1.30 /api/v3/advisory?sort=modified:desc	345 (-30)	0 (0)	54.12 (-2.39)	16 (-1)	189 (+24)	0.19 (-0.02)	0.00 (+0.00)
1.31 /api/v3/advisory?deprecated=Consider	345 (-30)	0 (0)	72.87 (+1.89)	18 (-3)	384 (+64)	0.19 (-0.02)	0.00 (+0.00)
1.32 /api/v3/sbom?q=name~redhat	345 (-30)	0 (0)	162.79 (-48.59)	47 (+38)	460 (-151)	0.19 (-0.02)	0.00 (+0.00)
1.33 /api/v3/sbom?q=published>2024-01-01	345 (-30)	0 (0)	179.03 (+31.58)	53 (-6)	462 (+29)	0.19 (-0.02)	0.00 (+0.00)
1.34 /api/v3/sbom?sort=ingested:desc	345 (-30)	0 (0)	187.76 (+8.85)	47 (-4)	490 (+87)	0.19 (-0.02)	0.00 (+0.00)
1.35 /api/v3/sbom?q=label:type=product	345 (-30)	0 (0)	7.88 (-0.44)	1 (0)	54 (-5)	0.19 (-0.02)	0.00 (+0.00)
1.36 /api/v3/vulnerability?q=base_severity=high	345 (-30)	0 (0)	15.41 (+0.54)	2 (0)	260 (+66)	0.19 (-0.02)	0.00 (+0.00)
1.37 /api/v3/vulnerability?q=base_score>=7.0	345 (-30)	0 (0)	12.47 (+1.50)	2 (0)	144 (-76)	0.19 (-0.02)	0.00 (+0.00)
1.38 /api/v3/vulnerability?q=cwes=CWE-79	345 (-30)	0 (0)	16.27 (+2.50)	2 (0)	223 (-82)	0.19 (-0.02)	0.00 (+0.00)
1.39 /api/v3/vulnerability?sort=base_score:desc	345 (-30)	0 (0)	589.88 (+14.62)	150 (+23)	1067 (+143)	0.19 (-0.02)	0.00 (+0.00)
1.40 /api/v2/purl?q=purl:ty=rpm	345 (-30)	0 (0)	7.97 (+0.56)	1 (-1)	59 (+6)	0.19 (-0.02)	0.00 (+0.00)
1.41 /api/v2/purl?q=purl:namespace=redhat	345 (-30)	0 (0)	7.18 (+0.44)	1 (0)	48 (-5)	0.19 (-0.02)	0.00 (+0.00)
1.42 /api/v2/purl?sort=purl:name:asc	345 (-30)	0 (0)	10.13 (+1.29)	1 (0)	72 (+9)	0.19 (-0.02)	0.00 (+0.00)
1.43 /api/v2/purl/base?q=type=rpm	345 (-30)	0 (0)	5.10 (-1.93)	1 (0)	56 (+3)	0.19 (-0.02)	0.00 (+0.00)
1.44 /api/v2/purl/base?q=namespace=redhat	345 (-30)	0 (0)	5.23 (-0.77)	1 (0)	54 (-7)	0.19 (-0.02)	0.00 (+0.00)
1.45 /api/v2/purl/base?sort=name:asc	345 (-30)	0 (0)	148.65 (+10.57)	29 (-2)	342 (+73)	0.19 (-0.02)	0.00 (+0.00)
1.46 /api/v2/organization?sort=name:asc	345 (-30)	0 (0)	8.03 (+0.65)	1 (0)	82 (+18)	0.19 (-0.02)	0.00 (+0.00)
1.47 /api/v2/product?q=name~openshift	345 (-30)	0 (0)	10.04 (-1.12)	2 (0)	63 (+2)	0.19 (-0.02)	0.00 (+0.00)
1.48 /api/v2/product?sort=name:asc	345 (-30)	0 (0)	11.03 (-1.99)	2 (0)	64 (+4)	0.19 (-0.02)	0.00 (+0.00)
1.49 /api/v2/weakness?q=description~injection	345 (-30)	0 (0)	4.62 (+0.00)	1 (0)	46 (-4)	0.19 (-0.02)	0.00 (+0.00)
1.50 /api/v2/weakness?sort=id:asc	345 (-30)	0 (0)	4.47 (-0.30)	1 (0)	47 (+2)	0.19 (-0.02)	0.00 (+0.00)
1.51 /api/v2/group/sbom?totals=true	345 (-30)	0 (0)	4.27 (-0.12)	1 (0)	42 (-14)	0.19 (-0.02)	0.00 (+0.00)
1.52 /api/v2/group/sbom?parents=resolve	345 (-30)	0 (0)	4.81 (+0.60)	1 (0)	46 (+2)	0.19 (-0.02)	0.00 (+0.00)
1.53 get_sbom[sha256:a04260d9…a6046a828fcd17e5]	345 (-30)	0 (0)	71.57 (+1.61)	17 (-1)	214 (-10)	0.19 (-0.02)	0.00 (+0.00)
1.54 sbom_by_package[pkg:oci/web-ter…=1.15-1770672845]	345 (-30)	0 (0)	39.48 (+3.17)	6 (0)	184 (+25)	0.19 (-0.02)	0.00 (+0.00)
1.55 get_sbom_license_ids[urn:uuid:019cf0…76e-43a3bfd8a2f5]	345 (-30)	0 (0)	9.08 (+0.01)	1 (0)	76 (+20)	0.19 (-0.02)	0.00 (+0.00)
1.56 post_vulnerability_analyze[pkg:rpm/redhat/squid]	345 (-30)	0 (0)	4.12 (-0.10)	1 (0)	46 (-5)	0.19 (-0.02)	0.00 (+0.00)
1.57 get_purl_details[00001592-edf0-5…ed9-396e8c9d149f]	345 (-30)	0 (0)	439.80 (-27.21)	70 (-11)	800 (+47)	0.19 (-0.02)	0.00 (+0.00)
1.58 get_recommendations[batch=10]	345 (-30)	0 (0)	177.82 (+1.43)	17 (0)	471 (-11)	0.19 (-0.02)	0.00 (+0.00)
1.59 get_recommendations[batch=10]	345 (-30)	0 (0)	64.58 (+2.32)	18 (+1)	210 (+8)	0.19 (-0.02)	0.00 (+0.00)
1.60 get_recommendations[batch=10]	345 (-30)	0 (0)	65.27 (+6.03)	16 (0)	205 (+14)	0.19 (-0.02)	0.00 (+0.00)
1.61 download_advisory[f1e5eb17-2f31-4…b46-c11f52398375]	345 (-30)	0 (0)	1.19 (-0.05)	0 (-1)	7 (-3)	0.19 (-0.02)	0.00 (+0.00)
1.62 get_advisory[f1e5eb17-2f31-4…b46-c11f52398375]	345 (-30)	0 (0)	12.49 (-0.45)	1 (0)	64 (-9)	0.19 (-0.02)	0.00 (+0.00)
1.63 download_sbom[sha256:a04260d9…a6046a828fcd17e5]	345 (-30)	0 (0)	60.62 (-0.31)	16 (-2)	253 (+53)	0.19 (-0.02)	0.00 (+0.00)
1.64 get_sbom_license_export[urn:uuid:019cf0…76e-43a3bfd8a2f5]	345 (-30)	0 (0)	14.06 (+0.64)	1 (0)	79 (-1)	0.19 (-0.02)	0.00 (+0.00)
1.65 count_sbom_by_package[pkg:oci/web-ter…=1.15-1770672845]	345 (-30)	0 (0)	15.26 (+1.24)	2 (0)	72 (-2)	0.19 (-0.02)	0.00 (+0.00)
1.66 get_product[761f2bc9-f3a4-5…ee5-fd2aa3aef38b]	345 (-30)	0 (0)	10.40 (-1.00)	2 (0)	91 (+15)	0.19 (-0.02)	0.00 (+0.00)
1.67 get_organization[53d3fae7-574a-4…66b-5a704e8b289a]	345 (-30)	0 (0)	267.88 (-1.79)	56 (+4)	457 (-178)	0.19 (-0.02)	0.00 (+0.00)
1.68 get_base_purl[pkg:golang/k8s.…d/golang/reflect]	345 (-30)	0 (0)	64.05 (-0.24)	4 (0)	215 (+4)	0.19 (-0.02)	0.00 (+0.00)
1.69 get_spdx_license[MIT]	345 (-30)	0 (0)	2.35 (-0.24)	0 (-1)	16 (-2)	0.19 (-0.02)	0.00 (+0.00)
RestAPIUserSlow
2.0 logon	40586 (-169)	0 (0)	9.76 (+0.18)	6 (0)	50 (-12)	22.55 (-0.09)	0.00 (+0.00)
2.1 /api/v2/license?q=ASL&sort=license:desc	40585 (-169)	0 (0)	10.37 (+0.72)	1 (-1)	264 (+111)	22.55 (-0.09)	0.00 (+0.00)
2.2 /api/v2/sbom?q=license~GPL&sort=name:desc	40585 (-169)	0 (0)	4.78 (-0.05)	1 (0)	96 (+4)	22.55 (-0.09)	0.00 (+0.00)
2.3 /api/v2/purl?q=license~GPLv3+ with exceptions	Apache&sort=name:desc	40585 (-170)	0 (0)	3.95 (-0.34)	1 (0)	85 (-272)	22.55 (-0.09)
2.4 /api/v2/license?q=license~Apache	40585 (-170)	0 (0)	4.80 (-0.23)	1 (0)	98 (+21)	22.55 (-0.09)	0.00 (+0.00)
2.5 /api/v2/license?q=license~GPL	40585 (-170)	0 (0)	5.01 (-0.14)	1 (0)	75 (-65)	22.55 (-0.09)	0.00 (+0.00)
2.6 /api/v2/license/spdx/license?q=apache	40585 (-170)	0 (0)	0.85 (-0.21)	1 (0)	66 (+20)	22.55 (-0.09)	0.00 (+0.00)
2.7 /api/v2/license/spdx/license?q=gpl	40585 (-170)	0 (0)	0.70 (-0.26)	1 (0)	47 (-18)	22.55 (-0.09)	0.00 (+0.00)
AnalysisUser
3.0 logon	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
3.1 /api/v2/analysis/status	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
3.2 /api/v2/analysis/latest/component/cpe%3A%2Fa%3Aredhat%3Aopenshift_builds%3A1.3%3A%3Ael9	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
3.3 get_analysis_component[sha256:a04260d9…a6046a828fcd17e5]	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
RestAPIUserDelete
4.0 logon	512 (-1)	0 (0)	10.80 (-0.12)	6 (0)	30 (-7)	0.28 (-0.00)	0.00 (+0.00)
RestSBOMLabelUser
5.0 logon	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
5.1 put_sbom_labels[urn:uuid:019cf0…76e-43a3bfd8a2f5]	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
5.2 patch_sbom_labels[urn:uuid:019cf0…76e-43a3bfd8a2f5]	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
RestAdvisoryLableUser
6.0 logon	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
Aggregated	349369 (-3451)	0 (0)	29.25 (+0.16)	1 (0)	21009 (+2162)	194.09 (-1.92)	0.00 (+0.00)

Scenario Metrics

Transaction	# Users	# Times Run	Average (ms)	Min (ms)	Max (ms)	Scenarios/s	Iterations
WebsiteUser	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
RestAPIUser	5 (0)	345 (-30)	25860.36 (+1986.95)	21215 (+1523)	29640 (-454)	0.19 (-0.02)	69.00 (-6.00)
RestAPIUserSlow	1 (0)	40585 (-170)	43.85 (+0.18)	15 (-1)	289 (-177)	22.55 (-0.09)	40585.00 (-170.00)
AnalysisUser	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
RestAPIUserDelete	1 (0)	512 (-1)	3519.60 (+8.81)	3017 (+3)	4016 (-3)	0.28 (-0.00)	512.00 (-1.00)
RestSBOMLabelUser	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
RestAdvisoryLableUser	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
Aggregated	7 (0)	41442 (-201)	301.71 (+0.74)	15 (-1)	29640 (-454)	23.02 (-0.11)	41166.00 (-177.00)

Error Metrics

Method	Name	#	Error
GET	download_advisory[f1e5eb17-2f31-4…b46-c11f52398375]	345 (-30)	404 Not Found: download_advisory[f1e5eb17-2f31-4…b46-c11f52398375]
GET	download_sbom[sha256:a04260d9…a6046a828fcd17e5]	345 (-30)	404 Not Found: download_sbom[sha256:a04260d9…a6046a828fcd17e5]

📄 Full Report (Go to "Artifacts" and download report)

ctron requested a review from mrizzi May 6, 2026 11:52

github-project-automation Bot added this to Trustify May 6, 2026

sourcery-ai Bot reviewed May 6, 2026

View reviewed changes

ctron force-pushed the feature/pagination_2 branch from a2b57fc to 1d57549 Compare May 6, 2026 11:53

ctron force-pushed the feature/pagination_2 branch from 1d57549 to 3abcca5 Compare May 6, 2026 13:52

sourcery-ai Bot reviewed May 6, 2026

View reviewed changes

ctron force-pushed the feature/pagination_2 branch 2 times, most recently from 8d74faf to a1a587f Compare May 7, 2026 13:31

helio-frota self-requested a review May 7, 2026 16:02

helio-frota approved these changes May 7, 2026

View reviewed changes

ctron and others added 5 commits May 8, 2026 08:22

fix: limit and offset argment where swapped

e5a36b4

Co-authored-by: Claude <noreply@anthropic.com>

docs(adr): update ADR 17 to reflect recent pagination changes

d8ef7ea

Co-authored-by: Claude <noreply@anthropic.com>

test: try to fix the tests

a74a098

Co-authored-by: Claude <noreply@anthropic.com>

chore: provide proper values for tests, make it easier passing limits

c94ed9a

Co-authored-by: Claude <noreply@anthropic.com>

ctron force-pushed the feature/pagination_2 branch from a1a587f to c94ed9a Compare May 8, 2026 06:24

ctron added this pull request to the merge queue May 8, 2026

ctron removed this pull request from the merge queue due to a manual request May 8, 2026

ctron added this pull request to the merge queue May 8, 2026

Merged via the queue into guacsec:main with commit ab1d61f May 8, 2026
7 of 8 checks passed

ctron deleted the feature/pagination_2 branch May 8, 2026 15:40

github-project-automation Bot moved this to Done in Trustify May 8, 2026

mrizzi mentioned this pull request May 15, 2026

docs: add API client pipeline and server-side pagination conventions mrizzi/trustify-ui#9

Closed

3 tasks

Conversation

ctron commented May 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by Sourcery

Uh oh!

sourcery-ai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

helio-frota commented May 6, 2026

Uh oh!

ctron commented May 6, 2026

Uh oh!

sourcery-ai Bot commented May 6, 2026

Reviewer's Guide

Sequence diagram for exceeding maximum pagination limit

Class diagram for updated pagination and limiter types

File-Level Changes

Interacting with Sourcery

Customizing Your Experience

Getting Help

Uh oh!

sourcery-ai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

codecov Bot commented May 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

helio-frota left a comment

Choose a reason for hiding this comment

Uh oh!

ctron commented May 8, 2026

Uh oh!

github-actions Bot commented May 8, 2026

Uh oh!

github-actions Bot commented May 8, 2026

Goose Attack Report

Plan Overview

Request Metrics

Response Time Metrics

Status Code Metrics

Transaction Metrics

Scenario Metrics

Error Metrics

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

ctron commented May 6, 2026 •

edited

Loading

codecov Bot commented May 7, 2026 •

edited

Loading