Skip to content

GitHub Advisory Mirroring recursion does not properly handle secondary rate limits #4291

New issue
New issue
Closed
#4578
Closed
GitHub Advisory Mirroring recursion does not properly handle secondary rate limits#4291
#4578
Assignees
nscuro
Labels
defectSomething isn't workingintegration/githubRelated to the GitHub integrationp1Critical bugs that prevent DT from being used, or features that must be implemented ASAPsize/MMedium effort
Milestone
4.12.3
@officerNordberg

Description

@officerNordberg
officerNordberg
opened on Oct 22, 2024

Current Behavior

GitHub Mirroring fails nearly daily and is not resilient. While troubleshooting after weeks of ~30 failures per day due I believe to the recursive nature of the mirroring I finally added a sleep statement between all graphql calls which resulted getting the first updates to the VULNERABILITY table since the 11th, the last day it ran without incident. It's hard to confirm this as the CREATED column is not populated on the table but UPDATED is and inferring Descending Primary Keys as "created dates" there are large gaps in GHSA primary keys that correlate to the days I received notifications of failed mirror attempts. I think the recursion is trying to handle this but it just results in 30 or more error Notifications being sent instead of just 1.

I added some additional details to the error message.

2024-10-21 16:49:15,024 ERROR [GitHubAdvisoryMirrorTask] An error was encountered retrieving advisories with HTTP Status : 403 Forbidden 
{  "documentation_url": "https://docs.github.com/free-pro-team@latest/rest/overview/rate-limits-for-the-rest-api#about-secondary-rate-limits",  
"message": "You have exceeded a secondary rate limit. Please wait a few minutes before you try again. 
If you reach out to GitHub Support for help, please include the request ID DEAD:DEED39:7ADE8B:ED56A1:67168609."}

curling my user I see these headers

< x-github-media-type: github.v4; format=json
< x-ratelimit-limit: 5000
< x-ratelimit-remaining: 4845
< x-ratelimit-reset: 1729532625
< x-ratelimit-used: 155
< x-ratelimit-resource: graphql

Attempted to get feedback on this issue as a discussion first.
#4239

Steps to Reproduce

  1. Enable GitHub Mirroring and notifications when it fails.

Expected Behavior

Secondary rate limits should be handled with a retry with backoff strategy.

Dependency-Track Version

4.11.x

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

11.22

Browser

Google Chrome

Checklist

Metadata

Metadata

Assignees

Labels

defectSomething isn't workingintegration/githubRelated to the GitHub integrationp1Critical bugs that prevent DT from being used, or features that must be implemented ASAPsize/MMedium effort

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions