Current Behavior

Hey! We're really looking forward to the Trivy support added in 4.11.x so we've been testing out the snapshot. We've noticed some poor performance when scanning sboms with larger numbers of components (~600+), in some cases the scan can take 10 minutes. The trivy scan itself only takes a few seconds to return a result.

It's understood that this functionality is unreleased, but I'm keen to take a run at improving it 👍

Thanks again everyone, really great project.

Steps to Reproduce

1. Enable Trivy integration using 4.11.0-SNAPSHOT
2. Start an analysis
3. Make coffee
4. Get results

Expected Behavior

Repro steps minus step 3 🙂

It would be nice to reduce the scan time as much as possible to facilitate blocking CICD pipelines.

Dependency-Track Version

4.11.0-SNAPSHOT

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

15.4

Browser

N/A

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this defect was already reported