dependency-track
dependency-track copied to clipboard
DependencyTrack
Database could avoid re-writing/updating vulnerability if value is not different
Current Behavior
Currently, the database re-writes all vulnerabilities that are given, without checking if the value has changed or not. This results in an expensive and unnecessary operation.
Proposed Behavior
To address this issue, we could consider adding a new column or reusing an existing column in the vulnerability table to store the last_modified value. This would allow us to compare the last_modified value of the existing vulnerability with the new vulnerability data.
Another option could be to process a checksum for the stored vulnerability data and compare it with the given value. This would allow us to determine if the vulnerability data has changed, without having to write non-updated values.
https://github.com/DependencyTrack/dependency-track/blob/26185e40335f4abe97a99280e6b02958f896611e/src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java#L145-L151
https://github.com/DependencyTrack/dependency-track/blob/26185e40335f4abe97a99280e6b02958f896611e/src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java#L90-L135
I have noticed that the CREATED and PUBLISHED values are often set to the same value. We could probably use published to save the "last modified" value.
Checklist
- [X] I have read and understand the contributing guidelines
- [X] I have checked the existing issues for whether this enhancement was already requested
