Closed pandatix closed 1 year ago
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅
I have read the CLA Document and I hereby sign the CLA
recheck
Hey @pandatix, thanks for your contribution. You can ignore the failing CI job, it's not related to your code. I'll get that fixed.
Hey @pandatix,
Thanks for your pull request to replace the CVSS parsing library. I understand that you were trying to improve performance, but unfortunately, this change cannot be merged at this time. The library you proposed is difficult to reason about and depends on the unsafe package, which can be risky in Go.
In this code path, we value readability and safety over performance. The unsafe package can lead to unexpected behavior and can make it difficult to understand and maintain the code. We don't have strict performance requirements for this code path, so it is important that the code is easy to understand and maintain.
I appreciate your efforts to improve the code and I look forward to seeing more contributions from you in the future. We'll certainly consider using this library if we run into performance issues in the future. Let me know if you have any questions or concerns.
The benchmarks of
github.com/pandatix/go-cvss
shows it better performs thangithub.com/facebookincubator/nvdtools/cvss3
. This improvement is a factor of 10 for times and allocations (ns/op
andallocs/op
, which decrease drastically the pressure on the Garbage Collector), and of a factor of 250 for memory consumption (B/op
).This improves the overall performances to help fulfill the contract of a 30 seconds scan.