chore: add sbom_node - node_id index

[helio-frota]

Dahsboard is calling some endpoints and one of them is using a big rust function that contains the following select:

SELECT "sbom_node"."sbom_id", "sbom_node"."node_id",
"sbom_node"."name" FROM "sbom_node" WHERE "node_id" = ANY($1)

This is the worse query that is making dashboard page slow because the table is big and the index is not getting a hit because node_id is part of a composite index (with position 2) and consequently not using cache.

Summary by Sourcery

Add a database migration to improve lookup performance on sbom_node by indexing node_id.

Enhancements:

• Introduce a new migration that creates a dedicated index on sbom_node.node_id to speed up queries filtering by node_id.
• Ensure the new sbom_node.node_id index can be safely rolled back by dropping it in the down migration.

EDIT:

https://gist.github.com/helio-frota/f821493c83a2c62c248f321d5e2c738b

[sourcery-ai]

Reviewer's Guide

Adds a dedicated single-column index on sbom_node.node_id via a new SeaORM migration to optimize a frequently used dashboard query, and wires the migration into the global migrator sequence.

ER diagram for sbom_node and new node_id index

erDiagram
    sbom_node {
        int sbom_id
        int node_id
        string name
    }

    sbom_node_node_id_index {
        int node_id
    }

    sbom_node ||--o{ sbom_node_node_id_index : indexed_by

Loading

Architecture/flow diagram for migration sequence with sbom_node_node_id_index

flowchart TD
    subgraph MigrationRunner
        A[MigrationRunner start]
        B[m0001180_expand_spdx_licenses_with_mappings_function]
        C[m0001190_optimize_product_advisory_query]
        D[m0001200_source_document_fk_indexes]
        E[m0001210_sbom_node_node_id_index]
        F[MigrationRunner end]
    end

    A --> B --> C --> D --> E --> F

    subgraph Database
        T[sbom_node table]
        I[sbom_node.node_id index]
    end

    E --> I
    T -. uses .-> I

Loading

File-Level Changes

Change	Details	Files
Introduce a new migration that creates and drops an index on sbom_node.node_id to optimize queries filtering by node_id.	Define Migration implementing MigrationTrait with up and down methods using SchemaManager In up, create an index on the sbom_node table for the node_id column with a named identifier In down, drop the index by name if it exists Declare Iden enums for the index name and sbom_node table/column identifiers	migration/src/m0001210_sbom_node_node_id_index.rs
Register the new sbom_node.node_id index migration in the global migrator so it runs with the existing migration sequence.	Import the new migration module in the migration library Append the new migration struct to the MigratorTrait migrations list	migration/src/lib.rs

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• If sbom_node is large in production, consider using a concurrent index creation (or equivalent non-blocking option in SeaORM) to avoid long locks during the migration.
• The #[allow(deprecated)] on the Migration impl seems unnecessary here; consider removing it unless there is a specific deprecated API being used.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- If sbom_node is large in production, consider using a concurrent index creation (or equivalent non-blocking option in SeaORM) to avoid long locks during the migration.
- The #[allow(deprecated)] on the Migration impl seems unnecessary here; consider removing it unless there is a specific deprecated API being used.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.08%. Comparing base (9aaf962) to head (607db34).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2131      +/-   ##
==========================================
- Coverage   68.09%   68.08%   -0.02%     
==========================================
  Files         372      373       +1     
  Lines       20758    20763       +5     
  Branches    20758    20763       +5     
==========================================
+ Hits        14135    14136       +1     
+ Misses       5782     5780       -2     
- Partials      841      847       +6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[helio-frota]

/scale-test

[github-actions]

🛠️ Scale test has started! Follow the progress here: Workflow Run

[github-actions]

Goose Report

Goose Attack Report

Plan Overview

Action	Started	Stopped	Elapsed	Users
Increasing	25-11-24 14:49:17	25-11-24 14:49:24	00:00:07	0 → 7
Maintaining	25-11-24 14:49:24	25-11-24 14:54:24	00:05:00	7
Decreasing	25-11-24 14:54:24	25-11-24 14:54:50	00:00:26	0 ← 7

Request Metrics

Method	Name	# Requests	# Fails	Average (ms)	Min (ms)	Max (ms)	RPS	Failures/s
DELETE	delete_sbom_from_pool_sequential[100 SBOMs]	37 (-1)	0	1108.76 (+245.02)	146 (+70)	3799 (+1371)	0.12 (-0.00)	0.00 (+0.00)
GET	download_advisory[24ae57c3-4b57-4…2c1-83ae26059a89]	10 (0)	10	15.90 (+0.70)	2 (0)	52 (+6)	0.03 (+0.00)	0.03 (+0.00)
GET	get_advisory[24ae57c3-4b57-4…2c1-83ae26059a89]	10 (0)	10	13.60 (+5.00)	1 (0)	47 (+1)	0.03 (+0.00)	0.03 (+0.00)
GET	get_advisory_by_doc_id	10 (0)	0	18.90 (+0.60)	5 (+2)	54 (-4)	0.03 (+0.00)	0.00 (+0.00)
GET	get_analysis_latest_cpe	15 (0)	0	307.40 (+39.87)	185 (+54)	556 (-108)	0.05 (+0.00)	0.00 (+0.00)
GET	get_analysis_status	15 (0)	0	14.40 (+7.60)	2 (0)	56 (+21)	0.05 (+0.00)	0.00 (+0.00)
GET	get_purl_details[b00df2ca-df21-5…874-304e9c54e2bd]	10 (0)	0	771.30 (+252.00)	177 (+47)	1293 (+13)	0.03 (+0.00)	0.00 (+0.00)
GET	get_sbom[sha256:720e4451…a939656247164447]	15 (0)	0	1361.87 (+175.33)	604 (+189)	3193 (+868)	0.05 (+0.00)	0.00 (+0.00)
GET	get_sbom_advisories[sha256:87fd06bc…9d7b8304c0d2d9b2]	15 (0)	0	60616.80 (+3136.67)	50424 (+4108)	68224 (+2800)	0.05 (+0.00)	0.00 (+0.00)
GET	get_sbom_license_ids[urn:uuid:019731…104-331632a21144]	10 (0)	0	6872.10 (-1348.30)	2815 (-10)	12531 (+128)	0.03 (+0.00)	0.00 (+0.00)
GET	list_advisory	10 (0)	0	927.20 (+139.40)	228 (-50)	1379 (+106)	0.03 (+0.00)	0.00 (+0.00)
GET	list_advisory_labels	15 (0)	0	13524.13 (-534.80)	8278 (-1762)	21035 (+2132)	0.05 (+0.00)	0.00 (+0.00)
GET	list_advisory_paginated	10 (0)	0	649.80 (+211.70)	275 (+133)	1124 (+461)	0.03 (+0.00)	0.00 (+0.00)
GET	list_importer	11 (0)	0	6.00 (-7.36)	1 (-1)	15 (-39)	0.04 (+0.00)	0.00 (+0.00)
GET	list_organizations	10 (0)	0	12.20 (-10.90)	2 (0)	38 (-35)	0.03 (+0.00)	0.00 (+0.00)
GET	list_packages	11 (0)	0	437.36 (+16.55)	202 (+15)	598 (-29)	0.04 (+0.00)	0.00 (+0.00)
GET	list_packages_paginated	11 (0)	0	393.82 (+64.00)	183 (+13)	509 (+86)	0.04 (+0.00)	0.00 (+0.00)
GET	list_products	11 (-4)	0	36.55 (+11.95)	6 (-1)	199 (+23)	0.04 (-0.01)	0.00 (+0.00)
GET	list_sboms	15 (0)	0	1588.40 (+90.33)	606 (0)	4426 (+1019)	0.05 (+0.00)	0.00 (+0.00)
GET	list_sboms_paginated	15 (0)	0	4559.27 (+3038.40)	1204 (+984)	10203 (-72)	0.05 (+0.00)	0.00 (+0.00)
GET	list_vulnerabilities	11 (0)	0	359.73 (+34.00)	173 (+57)	499 (-77)	0.04 (+0.00)	0.00 (+0.00)
GET	list_vulnerabilities_paginated	11 (0)	0	271.82 (+57.64)	97 (+13)	767 (+460)	0.04 (+0.00)	0.00 (+0.00)
GET	sbom_by_package[pkg:maven/io.qu…dhat.com%2fga%2f]	10 (0)	0	53.20 (-14.00)	4 (-4)	193 (+2)	0.03 (+0.00)	0.00 (+0.00)
GET	search_advisory	11 (0)	0	774.64 (-360.82)	388 (+153)	1399 (-722)	0.04 (+0.00)	0.00 (+0.00)
GET	search_exact_purl	11 (-4)	0	32.55 (-9.45)	4 (-3)	174 (+43)	0.04 (-0.01)	0.00 (+0.00)
GET	search_licenses	1 (0)	0	113580.00 (+11193.00)	113580 (+11193)	113580 (+11193)	0.00 (+0.00)	0.00 (+0.00)
GET	search_purls	11 (-4)	0	14763.82 (-5980.38)	8314 (+1968)	20322 (-9190)	0.04 (-0.01)	0.00 (+0.00)
GET	search_purls_by_license	1 (0)	0	129233.00 (-24560.00)	129233 (-24560)	129233 (-24560)	0.00 (+0.00)	0.00 (+0.00)
GET	search_sboms_by_license	1 (0)	0	84895.00 (+14384.00)	84895 (+14384)	84895 (+14384)	0.00 (+0.00)	0.00 (+0.00)
POST	get_recommendations[pkg:rpm/redhat/…[email protected]]	10 (0)	0	102.30 (+12.90)	10 (+2)	178 (-101)	0.03 (+0.00)	0.00 (+0.00)
POST	post_vulnerability_analyze[pkg:rpm/redhat/…h=noarch&epoch=1]	10 (0)	0	420.70 (+13.90)	120 (-64)	977 (+155)	0.03 (+0.00)	0.00 (+0.00)
	Aggregated	354 (-13)	20	5324.09 (+25.09)	1 (0)	129233 (-24560)	1.18 (-0.04)	0.07 (+0.00)

Response Time Metrics

Method	Name	50%ile (ms)	60%ile (ms)	70%ile (ms)	80%ile (ms)	90%ile (ms)	95%ile (ms)	99%ile (ms)	100%ile (ms)
DELETE	delete_sbom_from_pool_sequential[100 SBOMs]	1,000 (+300)	1,000 (0)	1,000 (0)	2,000 (+1,000)	2,000 (0)	2,000 (0)	3,799 (+1,799)	3,799 (+1,799)
GET	download_advisory[24ae57c3-4b57-4…2c1-83ae26059a89]	4 (-3)	4 (-5)	21 (+5)	21 (-4)	46 (+11)	52 (+6)	52 (+6)	52 (+6)
GET	get_advisory[24ae57c3-4b57-4…2c1-83ae26059a89]	4 (+2)	8 (+6)	15 (+11)	15 (+7)	41 (+22)	47 (+1)	47 (+1)	47 (+1)
GET	get_advisory_by_doc_id	9 (-1)	11 (0)	12 (0)	25 (+13)	53 (-1)	54 (-4)	54 (-4)	54 (-4)
GET	get_analysis_latest_cpe	300 (+90)	310 (+20)	320 (+10)	350 (+30)	420 (+90)	420 (+90)	556 (-108)	556 (-108)
GET	get_analysis_status	4 (0)	5 (0)	8 (+2)	11 (+5)	54 (+40)	54 (+40)	56 (+21)	56 (+21)
GET	get_purl_details[b00df2ca-df21-5…874-304e9c54e2bd]	600 (+320)	1,000 (+700)	1,000 (+660)	1,000 (+100)	1,000 (0)	1,000 (0)	1,000 (0)	1,000 (0)
GET	get_sbom[sha256:720e4451…a939656247164447]	1,000 (0)	1,000 (0)	2,000 (+1,000)	2,000 (0)	2,000 (0)	2,000 (0)	3,000 (+1,000)	3,000 (+1,000)
GET	get_sbom_advisories[sha256:87fd06bc…9d7b8304c0d2d9b2]	62,000 (+4,000)	62,000 (+4,000)	62,000 (-1,000)	62,000 (-1,000)	66,000 (+2,000)	66,000 (+2,000)	68,000 (+3,000)	68,000 (+3,000)
GET	get_sbom_license_ids[urn:uuid:019731…104-331632a21144]	7,000 (0)	7,000 (-1,000)	7,000 (-2,000)	8,000 (-3,000)	8,000 (-3,000)	12,531 (+531)	12,531 (+531)	12,531 (+531)
GET	list_advisory	1,000 (+100)	1,000 (+100)	1,000 (0)	1,000 (0)	1,000 (0)	1,000 (0)	1,000 (0)	1,000 (0)
GET	list_advisory_labels	13,000 (+1,000)	13,000 (-2,000)	14,000 (-2,000)	15,000 (-3,000)	21,000 (+3,000)	21,000 (+3,000)	21,000 (+2,097)	21,000 (+2,097)
GET	list_advisory_paginated	700 (+200)	700 (+200)	700 (+200)	800 (+200)	800 (+137)	1,000 (+337)	1,000 (+337)	1,000 (+337)
GET	list_importer	5 (+1)	5 (0)	6 (+1)	9 (-7)	14 (-39)	14 (-39)	15 (-39)	15 (-39)
GET	list_organizations	4 (0)	6 (+2)	12 (-24)	17 (-34)	34 (-18)	38 (-35)	38 (-35)	38 (-35)
GET	list_packages	500 (0)	500 (0)	500 (-100)	500 (-100)	500 (-100)	500 (-100)	598 (-2)	598 (-2)
GET	list_packages_paginated	470 (+90)	480 (+100)	490 (+100)	500 (+90)	500 (+80)	500 (+80)	500 (+80)	500 (+80)
GET	list_products	9 (0)	14 (+3)	30 (+13)	49 (+31)	66 (+20)	66 (+20)	199 (+23)	199 (+23)
GET	list_sboms	1,000 (+300)	1,000 (+100)	1,000 (-2,000)	3,000 (0)	4,000 (+1,000)	4,000 (+1,000)	4,000 (+1,000)	4,000 (+1,000)
GET	list_sboms_paginated	3,000 (+2,000)	4,000 (+3,000)	7,000 (+6,000)	8,000 (+7,000)	10,000 (+8,000)	10,000 (+8,000)	10,000 (0)	10,000 (0)
GET	list_vulnerabilities	430 (+30)	440 (+30)	440 (+30)	450 (+30)	470 (-20)	470 (-20)	499 (-77)	499 (-77)
GET	list_vulnerabilities_paginated	250 (+20)	260 (+20)	260 (-40)	260 (-40)	260 (-40)	260 (-40)	767 (+460)	767 (+460)
GET	sbom_by_package[pkg:maven/io.qu…dhat.com%2fga%2f]	38 (-12)	39 (-19)	57 (-5)	66 (-3)	87 (-73)	190 (0)	190 (0)	190 (0)
GET	search_advisory	700 (-300)	700 (-1,300)	800 (-1,200)	1,000 (-1,000)	1,000 (-1,000)	1,000 (-1,000)	1,000 (-1,000)	1,000 (-1,000)
GET	search_exact_purl	11 (-35)	13 (-34)	14 (-38)	55 (+3)	62 (+3)	62 (+3)	170 (+40)	170 (+40)
GET	search_licenses	113,580 (+11,193)	113,580 (+11,193)	113,580 (+11,193)	113,580 (+11,193)	113,580 (+11,193)	113,580 (+11,193)	113,580 (+11,193)	113,580 (+11,193)
GET	search_purls	17,000 (-5,000)	17,000 (-7,000)	17,000 (-7,000)	17,000 (-7,000)	17,000 (-7,000)	17,000 (-7,000)	20,000 (-9,512)	20,000 (-9,512)
GET	search_purls_by_license	129,233 (-24,560)	129,233 (-24,560)	129,233 (-24,560)	129,233 (-24,560)	129,233 (-24,560)	129,233 (-24,560)	129,233 (-24,560)	129,233 (-24,560)
GET	search_sboms_by_license	84,895 (+14,384)	84,895 (+14,384)	84,895 (+14,384)	84,895 (+14,384)	84,895 (+14,384)	84,895 (+14,384)	84,895 (+14,384)	84,895 (+14,384)
POST	get_recommendations[pkg:rpm/redhat/…[email protected]]	120 (+103)	120 (+95)	130 (+10)	178 (+58)	178 (-101)	178 (-101)	178 (-101)	178 (-101)
POST	post_vulnerability_analyze[pkg:rpm/redhat/…h=noarch&epoch=1]	290 (-10)	350 (+30)	370 (-20)	600 (+100)	900 (+100)	977 (+177)	977 (+177)	977 (+177)
	Aggregated	470 (+150)	700 (+200)	1,000 (+100)	2,000 (0)	11,000 (-4,000)	21,000 (-9,000)	66,000 (+2,000)	129,000 (-24,793)

Status Code Metrics

Method	Name	Status Codes
DELETE	delete_sbom_from_pool_sequential[100 SBOMs]	37 [200]
GET	download_advisory[24ae57c3-4b57-4…2c1-83ae26059a89]	10 [404]
GET	get_advisory[24ae57c3-4b57-4…2c1-83ae26059a89]	10 [404]
GET	get_advisory_by_doc_id	10 [200]
GET	get_analysis_latest_cpe	15 [200]
GET	get_analysis_status	15 [200]
GET	get_purl_details[b00df2ca-df21-5…874-304e9c54e2bd]	10 [200]
GET	get_sbom[sha256:720e4451…a939656247164447]	15 [200]
GET	get_sbom_advisories[sha256:87fd06bc…9d7b8304c0d2d9b2]	15 [200]
GET	get_sbom_license_ids[urn:uuid:019731…104-331632a21144]	10 [200]
GET	list_advisory	10 [200]
GET	list_advisory_labels	15 [200]
GET	list_advisory_paginated	10 [200]
GET	list_importer	11 [200]
GET	list_organizations	10 [200]
GET	list_packages	11 [200]
GET	list_packages_paginated	11 [200]
GET	list_products	11 [200]
GET	list_sboms	15 [200]
GET	list_sboms_paginated	15 [200]
GET	list_vulnerabilities	11 [200]
GET	list_vulnerabilities_paginated	11 [200]
GET	sbom_by_package[pkg:maven/io.qu…dhat.com%2fga%2f]	10 [200]
GET	search_advisory	11 [200]
GET	search_exact_purl	11 [200]
GET	search_licenses	1 [200]
GET	search_purls	11 [200]
GET	search_purls_by_license	1 [200]
GET	search_sboms_by_license	1 [200]
POST	get_recommendations[pkg:rpm/redhat/…[email protected]]	10 [200]
POST	post_vulnerability_analyze[pkg:rpm/redhat/…h=noarch&epoch=1]	10 [200]
	Aggregated	20 [404], 334 [200]

Transaction Metrics

Transaction	# Times Run	# Fails	Average (ms)	Min (ms)	Max (ms)	RPS	Failures/s
WebsiteUser
0.0 logon	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.1 website_index	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.2 website_openapi	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.3 website_sboms	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.4 website_packages	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.5 website_advisories	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
0.6 website_importers	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
RestAPIUser
1.0 logon	10 (0)	0 (0)	13.70 (+0.50)	8 (-3)	22 (+6)	0.03 (+0.00)	0.00 (+0.00)
1.1 list_organizations	10 (0)	0 (0)	12.30 (-10.90)	2 (0)	38 (-35)	0.03 (+0.00)	0.00 (+0.00)
1.2 list_advisory	10 (0)	0 (0)	927.20 (+139.40)	228 (-50)	1379 (+106)	0.03 (+0.00)	0.00 (+0.00)
1.3 list_advisory_paginated	10 (0)	0 (0)	649.80 (+211.60)	275 (+133)	1124 (+461)	0.03 (+0.00)	0.00 (+0.00)
1.4 get_advisory_by_doc_id	10 (0)	0 (0)	18.90 (+0.50)	5 (+2)	54 (-4)	0.03 (+0.00)	0.00 (+0.00)
1.5 search_advisory	11 (0)	0 (0)	774.64 (-361.00)	388 (+153)	1399 (-722)	0.04 (+0.00)	0.00 (+0.00)
1.6 list_vulnerabilities	11 (0)	0 (0)	359.82 (+34.09)	173 (+57)	499 (-77)	0.04 (+0.00)	0.00 (+0.00)
1.7 list_vulnerabilities_paginated	11 (0)	0 (0)	271.82 (+57.55)	97 (+13)	767 (+460)	0.04 (+0.00)	0.00 (+0.00)
1.8 list_importer	11 (0)	0 (0)	6.00 (-7.36)	1 (-1)	15 (-39)	0.04 (+0.00)	0.00 (+0.00)
1.9 list_packages	11 (0)	0 (0)	437.36 (+16.27)	202 (+15)	598 (-29)	0.04 (+0.00)	0.00 (+0.00)
1.10 list_packages_paginated	11 (0)	0 (0)	393.91 (+64.00)	183 (+13)	509 (+86)	0.04 (+0.00)	0.00 (+0.00)
1.11 search_purls	11 (-4)	0 (0)	14763.82 (-5980.45)	8314 (+1968)	20322 (-9190)	0.04 (-0.01)	0.00 (+0.00)
1.12 search_exact_purl	11 (-4)	0 (0)	32.55 (-9.45)	4 (-3)	174 (+43)	0.04 (-0.01)	0.00 (+0.00)
1.13 list_products	11 (-4)	0 (0)	36.64 (+11.97)	6 (-1)	199 (+23)	0.04 (-0.01)	0.00 (+0.00)
1.14 list_sboms	15 (0)	0 (0)	1588.47 (+90.40)	606 (0)	4426 (+1019)	0.05 (+0.00)	0.00 (+0.00)
1.15 list_sboms_paginated	15 (0)	0 (0)	4559.27 (+3038.40)	1204 (+984)	10203 (-72)	0.05 (+0.00)	0.00 (+0.00)
1.16 get_analysis_status	15 (0)	0 (0)	14.40 (+7.53)	2 (0)	56 (+21)	0.05 (+0.00)	0.00 (+0.00)
1.17 get_analysis_latest_cpe	15 (0)	0 (0)	307.47 (+39.87)	185 (+54)	556 (-108)	0.05 (+0.00)	0.00 (+0.00)
1.18 list_advisory_labels	15 (0)	0 (0)	13524.27 (-534.73)	8278 (-1762)	21036 (+2133)	0.05 (+0.00)	0.00 (+0.00)
1.19 get_sbom[sha256:720e4451…a939656247164447]	15 (0)	0 (0)	1361.93 (+175.33)	604 (+189)	3193 (+868)	0.05 (+0.00)	0.00 (+0.00)
1.20 get_sbom_advisories[sha256:87fd06bc…9d7b8304c0d2d9b2]	15 (0)	0 (0)	60616.80 (+3136.60)	50424 (+4108)	68224 (+2800)	0.05 (+0.00)	0.00 (+0.00)
1.21 sbom_by_package[pkg:maven/io.qu…dhat.com%2fga%2f]	10 (0)	0 (0)	53.20 (-14.00)	4 (-4)	193 (+2)	0.03 (+0.00)	0.00 (+0.00)
1.22 get_sbom_license_ids[urn:uuid:019731…104-331632a21144]	10 (0)	0 (0)	6872.20 (-1348.30)	2815 (-10)	12531 (+128)	0.03 (+0.00)	0.00 (+0.00)
1.23 post_vulnerability_analyze[pkg:rpm/redhat/…h=noarch&epoch=1]	10 (0)	0 (0)	420.70 (+13.90)	120 (-64)	977 (+155)	0.03 (+0.00)	0.00 (+0.00)
1.24 get_purl_details[b00df2ca-df21-5…874-304e9c54e2bd]	10 (0)	0 (0)	771.30 (+252.00)	177 (+47)	1293 (+13)	0.03 (+0.00)	0.00 (+0.00)
1.25 get_recommendations[pkg:rpm/redhat/…[email protected]]	10 (0)	0 (0)	102.40 (+12.80)	10 (+2)	178 (-101)	0.03 (+0.00)	0.00 (+0.00)
1.26 download_advisory[24ae57c3-4b57-4…2c1-83ae26059a89]	10 (0)	0 (0)	16.00 (+0.80)	2 (0)	52 (+6)	0.03 (+0.00)	0.00 (+0.00)
1.27 get_advisory[24ae57c3-4b57-4…2c1-83ae26059a89]	10 (0)	0 (0)	13.60 (+5.00)	1 (0)	47 (+1)	0.03 (+0.00)	0.00 (+0.00)
RestAPIUserSlow
2.0 logon	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
2.1 search_licenses	1 (0)	0 (0)	113580.00 (+11193.00)	113580 (+11193)	113580 (+11193)	0.00 (+0.00)	0.00 (+0.00)
2.2 search_sboms_by_license	1 (0)	0 (0)	84895.00 (+14384.00)	84895 (+14384)	84895 (+14384)	0.00 (+0.00)	0.00 (+0.00)
2.3 search_purls_by_license	1 (0)	0 (0)	129233.00 (-24560.00)	129233 (-24560)	129233 (-24560)	0.00 (+0.00)	0.00 (+0.00)
RestAPIUserDelete
3.0 logon	37 (-1)	0 (0)	9.73 (-0.14)	6 (0)	29 (+13)	0.12 (-0.00)	0.00 (+0.00)
3.1 delete_sbom_from_pool_sequential[100 SBOMs]	37 (-1)	0 (0)	1108.92 (+244.76)	146 (+70)	3799 (+1371)	0.12 (-0.00)	0.00 (+0.00)
Aggregated	401 (-14)	0 (0)	4700.07 (+13.96)	1 (0)	129233 (-24560)	1.34 (-0.05)	0.00 (+0.00)

Scenario Metrics

Transaction	# Users	# Times Run	Average (ms)	Min (ms)	Max (ms)	Scenarios/s	Iterations
WebsiteUser	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
RestAPIUser	5 (0)	10 (0)	98329.00 (-11499.40)	90489 (-6505)	103569 (-18805)	0.03 (+0.00)	2.00 (+0.00)
RestAPIUserSlow	0 (0)	0 (0)	0.00 (+0.00)	0 (0)	0 (0)	0.00 (+0.00)	0.00 (+0.00)
RestAPIUserDelete	1 (0)	37 (-1)	8108.14 (+138.58)	6581 (-241)	11773 (+2129)	0.12 (-0.00)	37.00 (-1.00)
Aggregated	6 (0)	47 (-1)	27304.06 (-1886.08)	6581 (-241)	103569 (-18805)	0.16 (-0.00)	39.00 (-1.00)

Error Metrics

Method	Name	#	Error
GET	download_advisory[24ae57c3-4b57-4…2c1-83ae26059a89]	10 (0)	404 Not Found: download_advisory[24ae57c3-4b57-4…2c1-83ae26059a89]
GET	get_advisory[24ae57c3-4b57-4…2c1-83ae26059a89]	10 (0)	404 Not Found: get_advisory[24ae57c3-4b57-4…2c1-83ae26059a89]

📄 Full Report (Go to "Artifacts" and download report)

[gildub]

This LGTM.
The migration worked fine.
I cannot tell any improvement performance-wise regarding the dashboard as my current test set doesn't have big SBOMs volumes.

[helio-frota]

@gildub thanks for the review. I'm a bit afraid of introducing new indexes tbqh

[helio-frota]

Folks I remember that I asked if we had scale tests for it and then I found this comment:

This comment #2039 (comment) from Dejan says that get_sbom_advisories is the test that is related with this change 👍

The current vulnerability correlation logic, primarily located in modules/fundamental/src/sbom/model/details.rs

Scale tests for this functionality are available in the trustify-scale-testing repository. The get_sbom_advisories test specifically targets this area.

The big rust function I mentioned in the first comment is this: https://github.com/guacsec/trustify/blob/main/modules/fundamental/src/sbom/model/details.rs#L77-L434

https://github.com/guacsec/trustify/blob/main/modules/fundamental/src/sbom/model/details.rs#L263-L269