Performance regression: Preparing `IntegrityMetaComponent`s after BOM processing takes too long

[nscuro]

Current Behavior

While porting #3357 I noticed that the section that is "preparing" IntegrityMetaComponents is executing a transaction for every single component of the processed BOM:

https://github.com/DependencyTrack/hyades-apiserver/blob/0dbf1d376c9e1a984e7c0bc735db1504c6de5aed/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java#L410-L425

Profiling the informWithBloatedBomTest confirmed my suspicion that this ends up being super expensive:

Querying and creating the IntegrityMetaComponents takes more CPU time than the actual BOM processing itself. And this is with API server and database residing on the same machine, it will be even more impactfull when that is not the case.

Steps to Reproduce

1. Run informWithBloatedBomTest with profiling

Expected Behavior

Preparing IntegrityMetaComponents should be a quick operation. It should not create a transaction for every component in the BOM.

It's likely that the entire operation can be achieved with a single batch insert using JDBI.

Hyades Version

hyades-apiserver 5.5.0-SNAPSHOT

Repository Type

Hyades apiserver

Browser

N/A

Checklist

• [X] I have read and understand the contributing guidelines
• [X] I have checked the existing issues for whether this defect was already reported

[nscuro]

Even more clear with https://github.com/DependencyTrack/hyades-apiserver/pull/705 in place:

[nscuro]

Batch inserts into INTEGRITY_META_COMPONENT won't work well because potentially many threads will do it in parallel, so lots of contention. Did some testing locally and am running into deadlocks with just a few consecutive BOM uploads.

Potentially need an entirely different approach to populating that table.