ROX-19064: Scanner V4 Vuln Load Reduce Wait#19832
Open
Conversation
by ensuring not sleeping needlessly for 10+ mins
|
Skipping CI for Draft Pull Request. |
Contributor
Author
|
/test all |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #19832 +/- ##
==========================================
- Coverage 49.60% 49.59% -0.01%
==========================================
Files 2763 2763
Lines 208339 208351 +12
==========================================
Hits 103341 103341
- Misses 97331 97343 +12
Partials 7667 7667
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Contributor
🚀 Build Images ReadyImages are ready for commit 9dec822. To use with deploy scripts: export MAIN_IMAGE_TAG=4.11.x-561-g9dec822f5e |
1 similar comment
Contributor
🚀 Build Images ReadyImages are ready for commit 9dec822. To use with deploy scripts: export MAIN_IMAGE_TAG=4.11.x-561-g9dec822f5e |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Scanner V4 CI jobs were inconsistently timing out while waiting for initial vulns to load.
Matcher's initial attempts to GET latest vuln bundle from Central may fail when Central is not yet ready. When this happens Matcher will wait between 10-25 mins (random due to jitter) before trying again. This is a needless delay in CI.
Increase the retries to fetch vulns
Four attempts are made to contact Central before the long wait - this is not enough for CI - 'connection refused' was observed for all 4 attempts on multiple jobs, and separately
i/o timeouterrors were observed which short-circuit the retries.The number of retries was increased to 12 and
i/o timeoutis now considered a retryable error to address this.No jitter before initial load
The jitter time has been removed from the long wait if vulns have not yet been initialized, this reduces the initial wait to a predictable 5 mins instead of random 10-25 mins. The jitter was kept in-tact for attempts after the initial load completes.
User-facing documentation
Testing and quality
Automated testing
No new automated tests added
How I validated my change
Against StackRox Scanner these changes will be tested by CI as part of this PR
Against Scanner V4 these changes were validated in #19236 and will be validated again in a future PR when Scanner V4 is officially turned on in CI.