The current setup is parsing the CWE dictionary XML at runtime and persisting it to the database (`CweImporter`), just to load it from the database again into memory (`CweResolver`). Both `CweImporter` and `CweResolver` end up holding the entire CWE dictionary in static `Map`s, which is unnecessary.
CWEs are synchronized with the database on startup, where each CWE is processed in a database transaction. That is over 1400 transactions before anything meaningful is done.
As of v4.5 (https://github.com/DependencyTrack/dependency-track/issues/1467), CWEs are stored as serialized list in the `VULNERABILITY` table. The `CWE` table is thus not required anymore, as nothing is referring to it. Lookups can be served immediately from in-memory maps.
With this change, the CWE dictionary is pre-processed with a Python script. It generates a Java class that holds all entries in a static `LinkedHashMap`. Persistence logic around CWEs is removed, and the `CWE` table is dropped.
This is a backport from Hyades.
Signed-off-by: nscuro <nscuro@protonmail.com>
To make it clear that these Compose files are only meant for dev and testing work. Avoiding confusion with the existing `src/main/docker/docker-compose.yml`, which is also used as quickstart.
Signed-off-by: nscuro <nscuro@protonmail.com>
