Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Port: Prevent duplicate policy violations #996

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Port: Prevent duplicate policy violations #996

wants to merge 1 commit into from

Conversation

nscuro
Copy link
Member

@nscuro nscuro commented Dec 5, 2024

Description

Ports DependencyTrack/dependency-track#4234.

Addressed Issue

Relates to DependencyTrack/hyades#1358

Additional Details

The implementation differs in the following ways:

  • Locks are not acquired in-memory but instead through the database (shedlock), since it must work across multiple app instances.
  • Risk of duplicates during reconciliation of violations was already fixed when implementing the CEL-based policy engine.
  • A UNIQUE constraint is added to prevent duplicate records from being created at the database-level. Now-redundant indexes are removed.

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have updated the migration changelog accordingly
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@nscuro
Prevent duplicate policy violations
2dbf379 
Ports DependencyTrack/dependency-track#4234

The implementation differs in the following ways:

* Locks are not acquired in-memory but instead through the database (shedlock), since it must work across multiple app instances.
* Risk of duplicates during reconciliation of violations was already fixed when implementing the CEL-based policy engine.
* A UNIQUE constraint is added to prevent duplicate records from being created at the database-level. Now-redundant indexes are removed.

Signed-off-by: nscuro <[email protected]>
@nscuro nscuro added defect Something isn't working v4-port PRs that were ported from the Dependency-Track v4.x code base labels Dec 5, 2024
@nscuro nscuro added this to the 5.6.0 milestone Dec 5, 2024
@nscuro nscuro mentioned this pull request Dec 5, 2024
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
defect Something isn't working v4-port PRs that were ported from the Dependency-Track v4.x code base
Projects
None yet
Milestone
5.6.0
Development

Successfully merging this pull request may close these issues.
1 participant
@nscuro