scanning can take a long time, is there any ability to keep / cache the results for n days?
lestephane opened this issue · comments
Running the vulnxscan command twice in a row shows that there is some caching going on, because the second run returns almost immediately.
Rebooting causes the same vulnxscan command to run for a long time again.
I there a way to have finer grained control over this caching behaviour? Say to invalidate the cache after n days.
Any advice (or clarification of how caching is done) is appreciated.
From the top of my head, following caching behavior might impact:
- For grype scan, vulnxscan just invokes grype which caches its database locally, as explained here: https://github.com/anchore/grype#local-database-cache-directory. On Linux, the default grype cache location is
$HOME/.cache/grype/
. - If your scan target is a nix out-path or derivation (not an SBOM), vulnxscan invokes vulnix which also caches its database locally by default under
$HOME/.cache/vulnix
. - If your scan target is a nix out-path or derivation (not an SBOM), vulnxscan updates the local CPE cache if it's more than week old, by default under
$HOME/.cache/sbomnix
.
Does some of those caches get cleaned on reboot on your system?
Closing this old issue that was left hanging.
@lestephane: let me know if I didn't answer your question properly.