Improve efficiency of repository and integrity meta analysis #846
+903
−2,395
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Improves efficiency of repository and integrity meta analysis.
IntegrityMetaComponent
records inBomUploadProcessingTask
. Preparing records one-by-one is too resource-intensive, but doing it in batches has a too high potential for deadlocks since the table is written to by many threads in parallel.RepositoryMetaResultProcessor
to consume records in batches. Since incoming records are keyed by PURL coordinates, we can safely perform batch operations in the database without the risk of running into deadlocks.Warning
This is a breaking change:
/api/v1/component/integritymetadata
is removed/api/v1/component/integritycheckstatus
is removedThe removed endpoints are not used by the frontend. Integrity data is already part of the
/api/v1/component
response, making dedicated endpoints not a requirement right now.Addressed Issue
Closes DependencyTrack/hyades#1306
Additional Details
Hyades PR: DependencyTrack/hyades#1446
Checklist
This PR fixes a defect, and I have provided tests to verify that the fix is effectiveThis PR introduces changes to the database model, and I have updated the migration changelog accordinglyThis PR introduces new or alters existing behavior, and I have updated the documentation accordingly