Performance degradation on Flawfinder SAST scan for 4.2.0 and above
Summary
This performance degradation seems to be caused by the Advanced Vulnerability Tracker (feature introduction in version 4.2 on adding a tracking calculator).
In all cases, running Flawfinder itself took about 1m15s.
Steps to reproduce
Take a fork of wireshark.
Add this definition to .gitlab-ci.yml:
flawfinder-sast:
[...]
variables:
SAST_ANALYZER_IMAGE_TAG: 4.2.0
Example Project
See Summary.
What is the current bug behavior?
Flawfinder scan takes much longer than expected to complete.
What is the expected correct behavior?
Flawfinder scan takes about the same amount of time to complete.
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
Workaround
Run the version 4.1.0.