Modifications to remove unnecessary channels

deepfence / SecretScanner

:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

https://deepfence.io

MIT License

3.09k stars 314 forks source link

Modifications to remove unnecessary channels #116

Closed shyam-dev closed 8 months ago

shyam-dev commented 8 months ago

@noboruma / @ramanan-ravi -- Please review this carefully. I do not see a need for using any channels here.....

noboruma commented 8 months ago

@shyam-dev the reason for having channels here is to stream data to fulfill two goals:

Send results as soon as they arrive, so we can so spread ingestion on neo4j over time
Keep memory of secret scanner as low as possible

If we capture all secrets across all files in one go, it means we need to keep all secrets in memory and push everything at once, this is not optimal both CPU wise (on neo4j ingestion) and memory wise (secret scan RAM usage)

We should keep the streaming, but we can optimize by having a chan []Secret instead of chan secret / []secret since scanning 1 file will give us a []Secret

shyam-dev commented 8 months ago

@noboruma

The "send results as soon as they arrive" is not satisfied here. We call "range" function on the channel. That will not work till we call "close" on the channel.

So, effectively, we are treating the channel as an array. With the lock primitives in place, this will cause loss of performance.

Further, the channel is "returned" from a function. That will negate any gains that we need from the channel. It should be passed in as a parameter to those functions which need to add data to it.

If the need is to send results as soon as we get it, the channel should have a separate reader routine.