fix: add HTTP timeout to reqwest client and CVE stage timeout
CI / Check (pull_request) Successful in 9m39s
CI / Detect Changes (pull_request) Has been skipped
CI / Deploy Agent (pull_request) Has been skipped
CI / Deploy Dashboard (pull_request) Has been skipped
CI / Deploy Docs (pull_request) Has been skipped
CI / Deploy MCP (pull_request) Has been skipped
CI / Check (pull_request) Successful in 9m39s
CI / Detect Changes (pull_request) Has been skipped
CI / Deploy Agent (pull_request) Has been skipped
CI / Deploy Dashboard (pull_request) Has been skipped
CI / Deploy Docs (pull_request) Has been skipped
CI / Deploy MCP (pull_request) Has been skipped
Without a timeout on the reqwest client, sequential NVD API calls for each CVE alert could hang indefinitely. With 1098 SBOM entries producing hundreds of alerts, this would stall the scan pipeline. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
@@ -35,11 +35,16 @@ impl ComplianceAgent {
|
|||||||
config.litellm_model.clone(),
|
config.litellm_model.clone(),
|
||||||
config.litellm_embed_model.clone(),
|
config.litellm_embed_model.clone(),
|
||||||
));
|
));
|
||||||
|
let http = reqwest::Client::builder()
|
||||||
|
.timeout(std::time::Duration::from_secs(30))
|
||||||
|
.connect_timeout(std::time::Duration::from_secs(10))
|
||||||
|
.build()
|
||||||
|
.unwrap_or_default();
|
||||||
Self {
|
Self {
|
||||||
config,
|
config,
|
||||||
db,
|
db,
|
||||||
llm,
|
llm,
|
||||||
http: reqwest::Client::new(),
|
http,
|
||||||
session_streams: Arc::new(DashMap::new()),
|
session_streams: Arc::new(DashMap::new()),
|
||||||
session_pause: Arc::new(DashMap::new()),
|
session_pause: Arc::new(DashMap::new()),
|
||||||
session_semaphore: Arc::new(Semaphore::new(DEFAULT_MAX_CONCURRENT_SESSIONS)),
|
session_semaphore: Arc::new(Semaphore::new(DEFAULT_MAX_CONCURRENT_SESSIONS)),
|
||||||
|
|||||||
@@ -174,19 +174,26 @@ impl PipelineOrchestrator {
|
|||||||
k.expose_secret().to_string()
|
k.expose_secret().to_string()
|
||||||
}),
|
}),
|
||||||
);
|
);
|
||||||
let cve_alerts = match async {
|
let cve_alerts = match tokio::time::timeout(
|
||||||
|
std::time::Duration::from_secs(600),
|
||||||
|
async {
|
||||||
cve_scanner
|
cve_scanner
|
||||||
.scan_dependencies(&repo_id, &mut sbom_entries)
|
.scan_dependencies(&repo_id, &mut sbom_entries)
|
||||||
.await
|
.await
|
||||||
}
|
}
|
||||||
.instrument(tracing::info_span!("stage_cve_scanning"))
|
.instrument(tracing::info_span!("stage_cve_scanning")),
|
||||||
|
)
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
Ok(alerts) => alerts,
|
Ok(Ok(alerts)) => alerts,
|
||||||
Err(e) => {
|
Ok(Err(e)) => {
|
||||||
tracing::warn!("[{repo_id}] CVE scanning failed: {e}");
|
tracing::warn!("[{repo_id}] CVE scanning failed: {e}");
|
||||||
Vec::new()
|
Vec::new()
|
||||||
}
|
}
|
||||||
|
Err(_) => {
|
||||||
|
tracing::warn!("[{repo_id}] CVE scanning timed out after 10 minutes");
|
||||||
|
Vec::new()
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
// Stage 4: Pattern Scanning (GDPR + OAuth)
|
// Stage 4: Pattern Scanning (GDPR + OAuth)
|
||||||
|
|||||||
Reference in New Issue
Block a user