nscuro / dtapac Goto Github PK
View Code? Open in Web Editor NEWAudit Dependency-Track findings and policy violations via policy as code
License: Apache License 2.0
Audit Dependency-Track findings and policy violations via policy as code
License: Apache License 2.0
Hello. As far as I see you use 0.8.0 go-client. It has a problem with pagination. If you have over 50 projects then dtapac won't process other X projects. It was fixed in 0.9.0.
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates are currently rate-limited. Click on a checkbox below to force their creation now.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
Dockerfile
golang 1.22.3-alpine3.18@sha256:d1a601b64de09e2fa38c95e55838961811d5ca11062a8f4230a5c434b3ae2a34
Dockerfile.goreleaser
alpine 3.20@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd
.github/workflows/ci.yml
actions/checkout v4@a5ac7e51b41094c92402da3b24376905380afc29
actions/setup-go v5@cdcb36043654635271a94b9a6d1392de5bb323a7
golangci/golangci-lint-action v6.0.1@a4f60bb28d35aeee14e6880718e0c85ff1882e64
actions/setup-go v5@cdcb36043654635271a94b9a6d1392de5bb323a7
actions/checkout v4@a5ac7e51b41094c92402da3b24376905380afc29
.github/workflows/policy-ci.yml
open-policy-agent/setup-opa v2.2.0@34a30e8a924d1b03ce2cf7abe97250bbb1f332b5
actions/checkout v4@a5ac7e51b41094c92402da3b24376905380afc29
open-policy-agent/setup-opa v2.2.0@34a30e8a924d1b03ce2cf7abe97250bbb1f332b5
actions/checkout v4@a5ac7e51b41094c92402da3b24376905380afc29
actions/upload-artifact v4@0b2256b8c012f0828dc542b3febcab082c67f72b
.github/workflows/release.yml
actions/checkout v4@a5ac7e51b41094c92402da3b24376905380afc29
actions/setup-go v5@cdcb36043654635271a94b9a6d1392de5bb323a7
CycloneDX/gh-gomod-generate-sbom v2.0.0@efc74245d6802c8cefd925620515442756c70d8f
sigstore/cosign-installer v3.5.0@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20
docker/setup-qemu-action v3@5927c834f5b4fdf503fca6f4c7eccda82949e1ee
docker/login-action v3@0d4c9c5ea7693da7b068278f7b52bda2a190a446
goreleaser/goreleaser-action v5.1.0@5742e2a039330cbb23ebf35f046f814d4c6ff811
go.mod
go 1.21
github.com/DependencyTrack/client-go v0.13.0
github.com/go-chi/chi/v5 v5.0.12
github.com/google/uuid v1.6.0
github.com/iancoleman/orderedmap v0.3.0
github.com/invopop/jsonschema v0.8.0
github.com/peterbourgon/ff/v3 v3.4.0
github.com/prometheus/client_golang v1.19.1
github.com/rs/zerolog v1.33.0
github.com/stretchr/testify v1.9.0
github.com/testcontainers/testcontainers-go v0.32.0
golang.org/x/sync v0.7.0
When analyzing all projects on dtrack 4.9, only the last 50 projects (sorted by project name) are analyzed.
This is solved, user error (API token only had access to some projects)
When restarting dtapac, I see such messages in the log:
2024-07-08 09:20:12.685 7:20AM ERR failed to analyze findings error="failed to fetch findings: Get "http://dtrack-apiserver.dtrack-prod.svc.cluster.local/api/v1/finding/project/0c5a92c0-f969-4e6c-bb71-180608410f5a?pageNumber=1&pageSize=50&suppressed=true\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)" project=0c5a92c0-f969-4e6c-bb71-180608410f5a svc=portfolioAnalyzer
These only occur on a few of the about 190 projects analyzed while dtapac has just been restarted, looks like dtapac (and maybe other tasks, too) place the dtrack/apiserver under a lot of stress. Since the analysis is not time critical:
Is there a way to increase the timeout?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.