mirror of
https://github.com/DependencyTrack/dependency-track.git
synced 2026-02-07 10:19:55 +00:00
b112c1997c
The current setup is parsing the CWE dictionary XML at runtime and persisting it to the database (`CweImporter`), just to load it from the database again into memory (`CweResolver`). Both `CweImporter` and `CweResolver` end up holding the entire CWE dictionary in static `Map`s, which is unnecessary. CWEs are synchronized with the database on startup, where each CWE is processed in a database transaction. That is over 1400 transactions before anything meaningful is done. As of v4.5 (https://github.com/DependencyTrack/dependency-track/issues/1467), CWEs are stored as serialized list in the `VULNERABILITY` table. The `CWE` table is thus not required anymore, as nothing is referring to it. Lookups can be served immediately from in-memory maps. With this change, the CWE dictionary is pre-processed with a Python script. It generates a Java class that holds all entries in a static `LinkedHashMap`. Persistence logic around CWEs is removed, and the `CWE` table is dropped. This is a backport from Hyades. Signed-off-by: nscuro <nscuro@protonmail.com> |
||
|---|---|---|
| .. | ||
| copy-grafana-dashboard.sh | ||
| cwe-dictionary-generate.py | ||
| data-nist-generate-dummy.sh | ||
| dbschema-generate.datanucleus.properties | ||
| dbschema-generate.log4j.properties | ||
| dbschema-generate.sh | ||
| docs-build.sh | ||
| docs-dev-docker.sh | ||
| docs-dev.sh | ||
| logs-clear.sh | ||
| update-spdx-license-list.sh | ||