search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.45k stars 532 forks source link

Database could avoid re-writing/updating vulnerability if value is not different #3922

Open LaVibeX opened 3 days ago

LaVibeX commented 3 days ago

Current Behavior

Currently, the database re-writes all vulnerabilities that are given, without checking if the value has changed or not. This results in an expensive and unnecessary operation.

Proposed Behavior

To address this issue, we could consider adding a new column or reusing an existing column in the vulnerability table to store the last_modified value. This would allow us to compare the last_modified value of the existing vulnerability with the new vulnerability data.

Another option could be to process a checksum for the stored vulnerability data and compare it with the given value. This would allow us to determine if the vulnerability data has changed, without having to write non-updated values.

I have noticed that the CREATED and PUBLISHED values are often set to the same value.

Checklist

valentijnscholten commented 2 days ago

Can you be more specific about which part of DT you are referring to? i.e. what are all vulnerabilities that are given ?