Upcoming Trivy integration is awesome, but a bit slow
robert-blackman opened this issue · comments
Current Behavior
Hey! We're really looking forward to the Trivy support added in 4.11.x so we've been testing out the snapshot. We've noticed some poor performance when scanning sboms with larger numbers of components (~600+), in some cases the scan can take 10 minutes. The trivy scan itself only takes a few seconds to return a result.
It's understood that this functionality is unreleased, but I'm keen to take a run at improving it 👍
Thanks again everyone, really great project.
Steps to Reproduce
- Enable Trivy integration using 4.11.0-SNAPSHOT
- Start an analysis
- Make coffee
- Get results
Expected Behavior
Repro steps minus step 3 🙂
It would be nice to reduce the scan time as much as possible to facilitate blocking CICD pipelines.
Dependency-Track Version
4.11.0-SNAPSHOT
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
15.4
Browser
N/A
Checklist
- I have read and understand the contributing guidelines
- I have checked the existing issues for whether this defect was already reported