fix: improve experience for users using multiple copies of cve-bin-tool in parallel #4777
Milestone
Comments
|
Hi! @terriko I’ve reviewed the issue (#4777) regarding improving the experience for users running multiple copies of cve-bin-tool in parallel. I would like to work on this issue and help implement a solution that introduces a --update-only flag to allow users to update the database without specifying a directory to scan. Additionally, I plan to implement a lock mechanism to prevent parallel database updates and handle the -u never option to ensure smoother execution. Could you please assign this issue to me? I’d be happy to contribute and ensure it’s resolved effectively. Thank you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have a standard set of instructions for folk using cve-bin-tool in parallel jobs that recommends that people separate the database updates from the scans as follows:
https://cve-bin-tool.readthedocs.io/en/latest/how_to_guides/multiple_scans_at_once.html
But it's easy for people to miss that, and we're not perfectly handling the database so that it just magically works, as we've seen in some recent issues including #4773
I think we can do better and have a few ideas we could implement:
cve-bin-tool --update-only) because in a lot of cases, we want people to know immediately that they need to specify a directory to scan, otherwise they'll see it start running and come back 20 minutes later and the cache will be updated but they'll have no results to look at.-u neverif there's already a job running and spit out a giant warning message explaining that it was done and why with a link to the docs. Could use a lock file or something for this? This will require some finesse so it won't break people's existing setups and accidentally cause things to never update.I'm open to better ideas if anyone has any, though.
The text was updated successfully, but these errors were encountered: