-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Performance issue with 6.1.2 #3183
Comments
I am having the same problem with the Gradle plugin. Downgraded to 6.1.1 for now to get reasonable execution times. |
I have a test app. Between 6.1.1 and 6.1.2 the times jump from 57.101 s to 2:24 min |
The SELECT_SIMPLE_CPE_SEARCH query seems to be very unhappy in h2 with all the "Replace" calls. Running EXPLAIN ANALYZE on the original query with a dummy value I get |
My guess from what I read, the REPLACE in the WHERE clause are causing a full table scan since the indexes can't be used. A possible solution might be to have a new view with the values changed and indexes on the view. |
The fix will be released in 6.1.3 very soon. Additional performance enhancements will be in 6.2.0 with #3206. |
Describe the bug
On a maven project with hundreds of modules, generating an aggregated report with 6.1.2 is way slower than when using 6.1.1 version. When CVE databases are already cached, it takes around 1 or 2 minutes to generate the whole report with 6.1.1 version, but more than 30min when using 6.1.2.
When doing some profile, it looks like most of the time is spent inside method
CveDB#simpleCPESearch()
Version of dependency-check used
The problem occurs using version 6.1.2 of the maven plugin
Log file
Here's the plugin output when using version 6.1.1:
And the output for 6.1.2:
To Reproduce
mvn org.owasp:dependency-check-maven:6.1.2:aggregate
Expected behavior
Performance should be reasonably similar to the previous version.
The text was updated successfully, but these errors were encountered: