Skip to content

[pull] main from guacsec:main#145

Merged
pull[bot] merged 18 commits intotrustification:mainfrom
guacsec:main
Mar 31, 2026
Merged

[pull] main from guacsec:main#145
pull[bot] merged 18 commits intotrustification:mainfrom
guacsec:main

Conversation

@pull
Copy link
Copy Markdown

@pull pull bot commented Mar 31, 2026
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

ctron and others added 18 commits March 31, 2026 12:43
@ctron
refactor: fetch source_document alongside, and only what's required
835161d 
Instead of fully fetching all information of an SBOM and then just using
the ID, this fetches the bare minimum. But then also fetches the
source_document in the same step. Passing on to other parts which need
it. This should prevent one N+1 select issues.
@ctron
fix: increase performance of "list sbom"
bedbcb7 
This adds a v3 sbom list endpoint, which returns less information, but
is much faster.

Also, allow overriding the slow SQL threshold.
@ctron
test: delete no longer returns the SBOM
033e9d4
@ctron
chore: node_id's are actually strings
f1b216e 
This was a red herring from AI. Node IDs are strings.
@ctron
chore: refresh openapi, deprecate v2 list sbom endpoint
924629b
@ctron
chore: make clippy happy, fix openapi issue
5370d78
@ctron @claude
fix: create an index actually on advisories
be6c068 
Co-authored-by: Claude <noreply@anthropic.com>
@ctron
chore(fundamental): add missing instrumentation
219c2c5
@ctron @claude
refactor: speed up license query by using union
5848e37 
Fix license filter using UNION subquery instead of OR'd IN subqueries to
avoid full table scan on qualified_purl

Co-authored-by: Claude <noreply@anthropic.com>
@ctron @claude
fix: apply UNION subquery license filter fix to SBOM endpoints
0ddb8ca 
Replaces OR'd IN subqueries with a single UNION subquery in fetch_sboms
and fetch_sbom_packages, avoiding full table scans on sbom and
sbom_package.

Co-authored-by: Claude <noreply@anthropic.com>
@ctron
chore(fundamental): add instrumentation
fc13611
@ctron
chore(fundamental): add instrumentation, and drop clone
f023bee
@ctron
chore(fundamental): group operations for tracing
bf13ae1
@ctron
chore(fundamental): tweak instrumentation
108d71d
@ctron
chore: format code
fee75d8
@ctron
chore: drop instrumentation
290be94 
Instrumentation on the sync `new` function doesn't add much.
@ctron
chore: more instrumentation
caa6e2e
@ctron
docs: improve openapi spec
705e1ae
@pull pull bot locked and limited conversation to collaborators Mar 31, 2026
@pull pull bot added the ⤵️ pull label Mar 31, 2026
@pull pull bot merged commit 705e1ae into trustification:main Mar 31, 2026
2 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ctron