fix(vulnz): remove lastbomimportformat from hasSbom

* when an app is deployed it appears that dtrack asyncs register metrics so lastbomimport might be set, but no metrics * decrease cache duration Co-authored-by: ybelmekk <[email protected]> Co-authored-by: sindrerh2 <[email protected]>
nais · Oct 22, 2024 · d6c6486 · d6c6486
1 parent 290e2c1
commit d6c6486
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/internal/vulnerabilities/dependencytrack.go b/internal/vulnerabilities/dependencytrack.go
@@ -91,7 +91,7 @@ func NewDependencyTrackClient(cfg DependencyTrackConfig, log *logrus.Entry, opts
 		dependencytrack.WithLogger(log),
 		dependencytrack.WithHttpClient(&http.Client{Transport: otelhttp.NewTransport(http.DefaultTransport)}),
 	)
-	ch := cache.New(5*time.Minute, 5*time.Minute)
+	ch := cache.New(2*time.Minute, 5*time.Minute)
 
 	if cfg.EnableFakes {
 		c = NewFakeDependencyTrackClient(c)
@@ -313,7 +313,8 @@ func hasSbom(p *dependencytrack.Project) bool {
 	if p == nil {
 		return false
 	}
-	return p.LastBomImportFormat != "" || p.Metrics != nil && p.Metrics.Components > 0
+
+	return p.Metrics != nil && p.Metrics.Components > 0
 }
 
 func (c *dependencyTrackClient) retrieveFindings(ctx context.Context, uuid string, suppressed bool) ([]*dependencytrack.Finding, error) {