You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For an SBOM with more than 100 vulnerabilities this will hit the detail limits of the API, which is 100 records returned. It does appear that the limit can be increased using ?limit=X but it's possible you'll hit length constrains before then.
This likely needs to parse the returned structure (which contains the limit, offsite and total) and then page through this, taking into account any URL length constrains (at least CVEs are fixed length).
Hey @garethr - I think I fixed this in my #183 PR... a bit maybe. I added some batch logic to the epss.go file, but really i need to get all of the vulnerabilities, flatten them (so i don't dupe calls), and then enrich the output. That way I could possibly make one or two calls and get all the scores back.
Not sure if this make sense, but it's a little faster and batched now, but needs more work. I'm still trying to get this worked out, but needs some further refactoring first.
The current enricher makes a single request https://github.com/devops-kung-fu/bomber/blob/main/lib/enrichment/epss.go
For an SBOM with more than 100 vulnerabilities this will hit the detail limits of the API, which is 100 records returned. It does appear that the limit can be increased using
?limit=X
but it's possible you'll hit length constrains before then.This likely needs to parse the returned structure (which contains the limit, offsite and total) and then page through this, taking into account any URL length constrains (at least CVEs are fixed length).
The text was updated successfully, but these errors were encountered: