Comments (4)
Looking into the scan
method in registry.py
. In this block, if an Exception happens, we return the check results without putting the runner which was handling the Error check back into runner_queue
. That is why during the next analysis, our runner is not available.
Suggested fix:
if current_future.exception(timeout=self.runner_timeout):
logger.error("Exception in check %s: %s.", current_check_id, current_future.exception())
info("Check %s has failed.", current_check_id)
current_future.cancel()
# Fix here.
self.runner_queue.put(current_runner)
return results
Another solution is to put the exception handling to the Runner itself (so if an exception happens, each runner instance will catch it and put itself back into the queue.
from macaron.
If an exception happens in a check in the analysis of software component, the corresponding analysis should fail. However, the other analysis instances that will run dependencies for instance should keep running. I'm not sure if your suggested fix is helpful in this case.
from macaron.
Yes, it should fail for the current software component we are analyzing. However, because if we don't put the runner back to the runner queue (we only have one runner at the moment), in the next analysis of the next software component, the runner queue is empty and no runner will be able to run the analysis for the rest of the software component.
The reason we need to manually put the runner back is because if an exception happens before this line (which is potentially inside check.run the runner cannot put itself back to the runner queue).
from macaron.
OK, please go ahead with the PR to continue the discussion.
from macaron.
Related Issues (20)
- Implement license checks in Macaron HOT 1
- Obtain the triggering build workflows from provenances for static analysis
- What is the best way to represent complicated expectation for the provenance
- Explore support for GraalVM Native image
- Improve documentation of checks
- Repository preparation function can be refactored to improve and deduplicate the repository PURL to repository URL conversion
- Make sure that docker images can run on ARM platforms
- Add a test for the JSON output of the analyze command HOT 6
- Wrap up the conversion to the new integration test utility.
- Expose the Commit Finder functionality via a command line argument
- Check policy in VSA against user policy
- Add support for provenance discoverable on Maven Central
- Source file found twice under different module names error raise by mypy
- Improve PyPI malware detector to reduce false positives HOT 1
- Add a new tag for tutorial integration tests HOT 2
- Add a consistency check that compares release artifact files & version number and files at a release commit
- Use cached artifacts instead of downloading them when possible
- Store information about the provenance asset
- Cli option to skip cloning the repo
- Unit tests in tests/slsa_analyzer/build_tool/test_gradle.py rely on network HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from macaron.