Improve performance of license scanning report generation

Problem to solve

Generating license scanning reports is resource and time consuming.

Multiple users have reported issues with this ( Rack::Timeout::RequestTimeoutException on parti... (#435272 - closed)). The issue can be resolved in the short term by removing the synchronous call to the report which allowed the pipeline page to load, but the problem will still exist for other license scanning requests. Note: this would apply to generating the security report via CVS as well.

As a result, a way to improve the performance of generating these reports is necessary.

Proposal

Several backend possibilities can be discussed:

• Setting a maximum on the number of components evaluated.
• (added) Generate the report in a background job when the pipeline finishes.
• Improve component performance
  • Improve version matching performance (PipelineComponents, LicenseScanning, SbomReport, semver_dialects etc.)
  • Add caching of reports or report components
• Improve database performance
  • Optimize tables, indexes, queries.

Update (2024-11-07): Even though license report generation has been decoupled from page rendering, users with very large sbom artifact payloads are encountering issues with report generation in the sidekiq workers (link).