Skip to content

🐛 disable transitive osv-scanner scanning #4843

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
spencerschrock merged 1 commit into from
Nov 6, 2025
Merged

🐛 disable transitive osv-scanner scanning #4843

spencerschrock merged 1 commit into from
Nov 6, 2025

Conversation

@spencerschrock
Copy link
Member

@spencerschrock spencerschrock commented Nov 6, 2025

What kind of change does this PR introduce?

bug fix

What is the current behavior?

The weekly scan infrastructure has a huge increase in vCPU usage, at least 5-10x. This caused the entire weekly scan infrastructure to grind to a halt through evictions, crashes, and backoff loops.

What is the new behavior (if this is a feature change)?**

Disable the transitive scanning introduced in #4833

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

NONE

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

Disabled transitive scanning in osv-scanner v2 due to excessive resource consumption

@spencerschrock
disable transitive osv-scanner scanning
db9a530 
This resulted in a huge increase in vCPU usage, at least 5-10x. This
caused the entire weekly scan infrastructure to grind to a halt through
evictions, crashes, and backoff loops.

Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
Copy link
Member Author

spencerschrock commented Nov 6, 2025

/scdiff generate Vulnerabilities

@github-actions
Copy link

github-actions bot commented Nov 6, 2025

Here's a link to the scdiff run

@codecov
Copy link

codecov bot commented Nov 6, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.52%. Comparing base (353ed60) to head (db9a530).
⚠️ Report is 272 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4843      +/-   ##
==========================================
+ Coverage   66.80%   69.52%   +2.71%     
==========================================
  Files         230      251      +21     
  Lines       16602    15650     -952     
==========================================
- Hits        11091    10880     -211     
+ Misses       4808     3900     -908     
- Partials      703      870     +167
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@spencerschrock spencerschrock marked this pull request as ready for review November 6, 2025 16:45
@spencerschrock spencerschrock requested a review from a team as a code owner November 6, 2025 16:45
@spencerschrock spencerschrock requested review from AdamKorcz and justaugustus and removed request for a team November 6, 2025 16:45
@dosubot dosubot bot added the size:XS This PR changes 0-9 lines, ignoring generated files. label Nov 6, 2025
@spencerschrock spencerschrock merged commit c65a663 into ossf:main Nov 6, 2025
40 checks passed
@spencerschrock spencerschrock deleted the no-transitive branch November 6, 2025 16:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AdamKorcz AdamKorcz AdamKorcz approved these changes

@justaugustus justaugustus Awaiting requested review from justaugustus justaugustus is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees

No one assigned

Labels

size:XS This PR changes 0-9 lines, ignoring generated files.

Projects

OpenSSF Scorecard
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@spencerschrock @AdamKorcz