Niklas

@BlythMeister Did you find those in the `DEPENDENCYMETRICS` table? I guess we could just retry the calculation if we detect such invalid values going forward.

Good catch @BlythMeister! That indeed looks like the culprit. Should be easy enough to resolve.

Looking at it, I think the `findings` counter cannot be de-duplicated based on aliases, but the `vulnerabilities` counter can. Since you can have multiple findings (e.g. `GHSA-123` from GitHub, `CVE-123`...

FTR, I think the enhancement implemented in #2153 is a good compromise between wanting more flexibility and keeping the model clean. Admin users will be able to add licenses if...

I see this as a sub-goal of #4122 (https://github.com/DependencyTrack/vuln-db). Users wishing to integrate internal or otherwise proprietary databases would create custom importers and build their own databases using them. Mapping...

Quick Google search surfaced this: https://support.hpe.com/hpesc/public/docDisplay?docId=c01937191&docLocale=en_US > This can be caused by too many parallel GC threads. [...] Whenever a parallel GC occurs, all these threads compete for the CPUs,...

For completeness, I am not observing this behavior on my machine. When you say: > [...] permanently have 1 vCPU stuck at 100% do you really mean like 24/7, or...

A reproducer would be great! I assume you already checked the container logs for any errors or otherwise suspicious behavior?

You can also try pulling a thread dump so we can see what the Java threads are doing. This is a bit more involved since our images only ship with...

Interesting, I never used the watchdog logger, and it defaults to 0 (disabled). I'll try if I can reproduce this by assigning a value >0.