search

eliasgranderubio / dagda

a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
Apache License 2.0
1.16k stars 163 forks source link

Performance:Is it normal to check image jboss/wildfly around 40 minutes? #49

Closed axiqia closed 4 years ago

axiqia commented 5 years ago

Short description

I was trying to analyze docker containers jboss/wildfly followed readme doc and it took about 40 minutes, is it normal?

Issue 34 mention that

both dependencies analysis and malware analysis run in a parallel way into the docker image evaluation process.

Reproduction steps

python3 dagda.py check --docker_image jboss/wildfly

Thank you.

eliasgranderubio commented 5 years ago

Hi @axiqia ,

If that is the first analysis you do with Dagda the performance issue is related with the OWASP Dependency Check project. This dependency analyzer downloads the whole NVD database and stores it in a local storage. That process can take a while depending on the NVD availability, network bandwith or others.

This analyzer is included in my own 4depcheck project and I have already identified the issue and how fix it but, by the moment, I have not time to close that issue :-(

If you want help me, I would be grateful.

axiqia commented 5 years ago

Yeah, it's right, the issue is caused for the first analysis. I tried to analysis latter, and the process ran only for a second.

I'd like to help you, if it not beyond my ability.

eliasgranderubio commented 5 years ago

Don't worry @axiqia! I add this issue as a must for fixing it ASAP into the release plan of the version 0.8.0

eliasgranderubio commented 4 years ago

At worst, the first analysis does not exceed 10 minutes with the last improvements.