VSYS-13506: Release CycloneDX doc reference after parse#9
Open
irenaliu18 wants to merge 7 commits intoverkada-mainfrom
Open
VSYS-13506: Release CycloneDX doc reference after parse#9irenaliu18 wants to merge 7 commits intoverkada-mainfrom
irenaliu18 wants to merge 7 commits intoverkada-mainfrom
Conversation
…uses Signed-off-by: Irena Liu <irena.liu@verkada.com>
- Create verkada-release.yaml workflow for verkada-specific tags - Add .goreleaser-verkada.yaml with minimal config: - Only builds binaries (no Docker images) - No signing, provenance, or Atlas - Faster build time (~3-5 minutes) - Generates guac_checksums.txt - Triggers on v*-verkada-* tags
This updates verkada/guac to update against the remote fork automatically on a cron.
Fix a few issues now that I figured out how to test changes not on main
irenaliu18
changed the title
irenaliu18
force-pushed
the
irenaliu/investigate-memory-issue
branch
from
c7038a1 to
e13d316
Compare
irenaliu18
force-pushed
the
irenaliu/investigate-memory-issue
branch
from
e13d316 to
2283d15
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Predicates are the assembled ingestion inputs (nodes/edges) that the parser produces for the graph (packages, artifacts, licenses, SBOM edges, vuln metadata, VEX data, etc.). They’re for parsing and once built, they’re handed off to the assembler/backend, and the original BOM bytes are no longer needed.
Implications:
Memory lifecycle: The CycloneDX parser previously held onto the original *processor.Document (and its Blob). By clearing c.doc after predicates are built, we drop reference to the BOM buffer, letting GC reclaim it sooner during ingestion runs. This is for potential accumulation of large BOM byte slices in memory.
Scope: Change is confined to the CycloneDX parser. Outputs/predicates are unchanged; only the parser’s internal pointer is released.
Throughput/load scenarios: Under high-volume CycloneDX ingestion, earlier release of BOM memory can reduce peak heap and GC pressure. It does not change ingestion semantics or ordering, just retention behavior.
Limitations: This doesn’t address other possible retention sources (e.g., collectors, blobstore reads, NATS buffers). It’s a narrow fix for parser-held references in CycloneDX only. Additional profiling would still be needed to rule out other leaks.