Conversation
…not check their completion status via notifications or bom status. This is existing behaviour, setting wait to true was a noop.
…utNotificationTaskRange. Prevents call to notifications API for which the results were never used downstream, CodeLocationCreationData's NotificationTaskRange is null.
shantyk
force-pushed
the
dev/shanty/IDETECT-4992_notification_apis_removal
branch
from
8477775 to
9036a70
Compare
shantyk
force-pushed
the
dev/shanty/IDETECT-4992_notification_apis_removal
branch
from
9036a70 to
5f4efc0
Compare
shantyk
changed the title
…rsion exists and is at least 2023.1.1 which has reached end of service.
shantyk
force-pushed
the
dev/shanty/IDETECT-4992_notification_apis_removal
branch
from
4b1c584 to
784a008
Compare
shantyk
changed the title
…red a waitable (via notifications).
shantyk
force-pushed
the
dev/shanty/IDETECT-4992_notification_apis_removal
branch
from
76512a3 to
74c9aa5
Compare
shantyk
force-pushed
the
dev/shanty/IDETECT-4992_notification_apis_removal
branch
from
32756b4 to
08a210c
Compare
shantyk
changed the title
shantyk
force-pushed
the
dev/shanty/IDETECT-4992_notification_apis_removal
branch
from
08a210c to
01329b3
Compare
shantyk
requested review from
bd-samratmuk,
devmehtabd,
dterrybd and
zahidblackduck
dterrybd
reviewed
Apr 14, 2026
shantyk
commented
Apr 14, 2026
| failedScans.add(output.getCodeLocationName()); | ||
| handleNoScanStatusFile(scassScan, scanOutputLocation); | ||
| return; | ||
| } |
Contributor
Author
There was a problem hiding this comment.
Just moved to make try/catch block tighter around different exceptions expected, instead of one big umbrella try/catch.
dterrybd
reviewed
Apr 14, 2026
dterrybd
approved these changes
Apr 14, 2026
devmehtabd
approved these changes
Apr 14, 2026
| } | ||
|
|
||
| public void uploadBdioEntries(BlackDuckRunData blackDuckRunData, UUID bdScanId) throws IntegrationException, IOException { | ||
| public void uploadBdioEntriesForRapidMode(BlackDuckRunData blackDuckRunData, UUID bdScanId) throws IntegrationException, IOException { |
Contributor
There was a problem hiding this comment.
thanks for changing these names, massive w! 👍
bd-samratmuk
approved these changes
Apr 15, 2026
…tructor as it is no longer used.
…tions are tightly coupled with the legacy idea of a waitable code location.
shantyk
added a commit
that referenced
this pull request
Apr 24, 2026
* poc for correlated scanning endpoint * fix hardcoding and other bugs * adjust accept header * disable binary scans * no version is okay in component detection * Release 11.4.0-SIGQA1-dterry.IDETECT-4817-correlated-scans * Using the next snapshot post release 11.4.0-SIGQA2-dterry.IDETECT-4817-correlated-scans-SNAPSHOT * pass correlation decisions to signature scans * properly check package manager scans * standardize package manager checks * Release 11.4.0-SIGQA2-dterry.IDETECT-4817-correlated-scans * Using the next snapshot post release 11.4.0-SIGQA3-dterry.IDETECT-4817-correlated-scans-SNAPSHOT * new server properties section * boolean logging * Update tomlj library to latest version * Resolve the antlr conflict with other dependency * Upgrade antlr version * Upgrade antlr version * add test * Update NpmCliParser.java use actualName * Release 11.4.0-SIGQA3-dterry.IDETECT-4817-correlated-scans * Using the next snapshot post release 11.4.0-SIGQA4-dterry.IDETECT-4817-correlated-scans-SNAPSHOT * added release note * Release 11.4.0-SIGQA9 * Using the next snapshot post release 11.4.0-SIGQA10-SNAPSHOT * safety addition for stateless and finalize mime type * Migrate Bitbake to use graphviz library * Release 11.4.0-SIGQA10-devm.IDETECT-5058 * add server properties to status.json * Using the next snapshot post release 11.4.0-SIGQA11-devm.IDETECT-5058-SNAPSHOT * Update currentreleasenotes.md * Release 11.4.0-SIGQA4-dterry.IDETECT-4817-correlated-scans * Using the next snapshot post release 11.4.0-SIGQA5-dterry.IDETECT-4817-correlated-scans-SNAPSHOT * Update commonproblems.md * Update DetectProperties.java * Update currentreleasenotes.md remove this change imported from another PR (Will get covered under that PR) * Update commonproblems.md * code review updates * further code review improvements * fix output to show only actual values * Update commonproblems.md fix typo * Release 11.4.0-SIGQA10 * Using the next snapshot post release 11.4.0-SIGQA11-SNAPSHOT * Release 11.4.0-SIGQA11-devm.IDETECT-5058 * Release 11.4.0-SIGQA12-devm.IDETECT-5058 * Release 11.4.0-SIGQA11-devm.IDETECT-5058 * Using the next snapshot post release 11.4.0-SIGQA12-devm.IDETECT-5058-SNAPSHOT * Check if correlation scanning was enabled for fallback scenario * Add doc changes for previous tickets * Address review comment * Address review comment * feat(bazel): faster discovery path for HTTP-archive family repositories in Bzlmod projects (Bazel 7.1+) (#1709) * Update currentreleasenotes.md * Update currentreleasenotes.md * Update commonproblems.md * Release 11.4.0-SIGQA12 * Using the next snapshot post release 11.4.0-SIGQA13-SNAPSHOT * Add support for .slnx files in NuGet Solution Native Inspector (#1688) * Add support for .slnx files in NuGet Solution Native Inspector * Release notes * WIP chnages * Remove comments and whitespace in diff * rev bouncy castle and plexutil libs * (fix/refactor): Remove unnecessary calls to Notification APIs (IDETECT-4992) (#1708) * Notification APIs: remove unnecessary calls * Don't wait at BOM level for IAC or impact analysis scans since we cannot check their completion status via notifications or bom status. This is existing behaviour, setting wait to true was a noop. * Refactor Impact Analysis upload operation to createCodeLocationsWithoutNotificationTaskRange. Prevents call to notifications API for which the results were never used downstream, CodeLocationCreationData's NotificationTaskRange is null. * Latest IntelligentModeStepRunner changes * Pkg mngr and signature updates * Testing for regressions * Remove unused impact analysis related methods * Remove unused ImpactAnalysisToolResult class * Deprecate shouldWaitAtScanLevel since it simply checks if a server version exists and is at least 2023.1.1 which has reached end of service. * Update bd-common version with soon to be released lib version * Propogate removal of shouldWaitAtScanLevel to signature scanner * Remove prescass pkg mngr BDIO code location upload from being considered a waitable (via notifications). * Minor updates * Rename back to uploadBdioFiles * Clean up comments * Revert changes to waitable signature scanner code loctaion * Remove comments in signaturescansteprunner * Add missed method update for binary upload * Remove NotificationTaskRange param from WaitableCodeLocationData constructor as it is no longer used. * Fix whitespace in diff * Fix method rename issue after rebase * Fix regression wrt correlated scanning. Correlated scan count calculations are tightly coupled with the legacy idea of a waitable code location. * Bump bd-common version 68.0.0 * Release 11.4.0-SIGQA13 * Using the next snapshot post release 11.4.0-SIGQA14-SNAPSHOT * Release 11.4.0-SIGQA14 * Using the next snapshot post release 11.4.0-SIGQA15-SNAPSHOT * Release 11.5.0-SIGQA2-shanty.merge_11.4.z_to_main * Using the next snapshot post release 11.5.0-SIGQA3-shanty.merge_11.4.z_to_main-SNAPSHOT --------- Co-authored-by: dterrybd <dterry@blackduck.com> Co-authored-by: blackduck-serv-builder <serv-builder@blackducksoftware.com> Co-authored-by: dterrybd <103214400+dterrybd@users.noreply.github.com> Co-authored-by: devmehtabd <devmehta@blackduck.com> Co-authored-by: cpottsbd <36172712+cpottsbd@users.noreply.github.com> Co-authored-by: Dev Mehta <128397570+devmehtabd@users.noreply.github.com> Co-authored-by: Samrat Mukherjee <samratmuk@blackduck.com>
shantyk
added a commit
that referenced
this pull request
May 7, 2026
* poc for correlated scanning endpoint * fix hardcoding and other bugs * adjust accept header * disable binary scans * no version is okay in component detection * Release 11.4.0-SIGQA1-dterry.IDETECT-4817-correlated-scans * Using the next snapshot post release 11.4.0-SIGQA2-dterry.IDETECT-4817-correlated-scans-SNAPSHOT * pass correlation decisions to signature scans * properly check package manager scans * standardize package manager checks * Release 11.4.0-SIGQA2-dterry.IDETECT-4817-correlated-scans * Using the next snapshot post release 11.4.0-SIGQA3-dterry.IDETECT-4817-correlated-scans-SNAPSHOT * new server properties section * boolean logging * Update tomlj library to latest version * Resolve the antlr conflict with other dependency * Upgrade antlr version * Upgrade antlr version * add test * Update NpmCliParser.java use actualName * Release 11.4.0-SIGQA3-dterry.IDETECT-4817-correlated-scans * Using the next snapshot post release 11.4.0-SIGQA4-dterry.IDETECT-4817-correlated-scans-SNAPSHOT * added release note * Release 11.4.0-SIGQA9 * Using the next snapshot post release 11.4.0-SIGQA10-SNAPSHOT * safety addition for stateless and finalize mime type * Migrate Bitbake to use graphviz library * Release 11.4.0-SIGQA10-devm.IDETECT-5058 * add server properties to status.json * Using the next snapshot post release 11.4.0-SIGQA11-devm.IDETECT-5058-SNAPSHOT * Update currentreleasenotes.md * Release 11.4.0-SIGQA4-dterry.IDETECT-4817-correlated-scans * Using the next snapshot post release 11.4.0-SIGQA5-dterry.IDETECT-4817-correlated-scans-SNAPSHOT * Update commonproblems.md * Update DetectProperties.java * Update currentreleasenotes.md remove this change imported from another PR (Will get covered under that PR) * Update commonproblems.md * code review updates * further code review improvements * fix output to show only actual values * Update commonproblems.md fix typo * Release 11.4.0-SIGQA10 * Using the next snapshot post release 11.4.0-SIGQA11-SNAPSHOT * Release 11.4.0-SIGQA11-devm.IDETECT-5058 * Release 11.4.0-SIGQA12-devm.IDETECT-5058 * Release 11.4.0-SIGQA11-devm.IDETECT-5058 * Using the next snapshot post release 11.4.0-SIGQA12-devm.IDETECT-5058-SNAPSHOT * update docs to describe correlated server property * Check if correlation scanning was enabled for fallback scenario * Add doc changes for previous tickets * Address review comment * Address review comment * feat(bazel): faster discovery path for HTTP-archive family repositories in Bzlmod projects (Bazel 7.1+) (#1709) * Update currentreleasenotes.md * Update currentreleasenotes.md * Update commonproblems.md * Release 11.4.0-SIGQA12 * Using the next snapshot post release 11.4.0-SIGQA13-SNAPSHOT * Add support for .slnx files in NuGet Solution Native Inspector (#1688) * Add support for .slnx files in NuGet Solution Native Inspector * Release notes * WIP chnages * Remove comments and whitespace in diff * rev bouncy castle and plexutil libs * (fix/refactor): Remove unnecessary calls to Notification APIs (IDETECT-4992) (#1708) * Notification APIs: remove unnecessary calls * Don't wait at BOM level for IAC or impact analysis scans since we cannot check their completion status via notifications or bom status. This is existing behaviour, setting wait to true was a noop. * Refactor Impact Analysis upload operation to createCodeLocationsWithoutNotificationTaskRange. Prevents call to notifications API for which the results were never used downstream, CodeLocationCreationData's NotificationTaskRange is null. * Latest IntelligentModeStepRunner changes * Pkg mngr and signature updates * Testing for regressions * Remove unused impact analysis related methods * Remove unused ImpactAnalysisToolResult class * Deprecate shouldWaitAtScanLevel since it simply checks if a server version exists and is at least 2023.1.1 which has reached end of service. * Update bd-common version with soon to be released lib version * Propogate removal of shouldWaitAtScanLevel to signature scanner * Remove prescass pkg mngr BDIO code location upload from being considered a waitable (via notifications). * Minor updates * Rename back to uploadBdioFiles * Clean up comments * Revert changes to waitable signature scanner code loctaion * Remove comments in signaturescansteprunner * Add missed method update for binary upload * Remove NotificationTaskRange param from WaitableCodeLocationData constructor as it is no longer used. * Fix whitespace in diff * Fix method rename issue after rebase * Fix regression wrt correlated scanning. Correlated scan count calculations are tightly coupled with the legacy idea of a waitable code location. * Bump bd-common version 68.0.0 * Release 11.4.0-SIGQA13 * Using the next snapshot post release 11.4.0-SIGQA14-SNAPSHOT * Release 11.4.0-SIGQA14 * Using the next snapshot post release 11.4.0-SIGQA15-SNAPSHOT * rework release note * fix(bazel) - Change info logs to debug logs (#1734) * Release 11.4.0-SIGQA15 * Using the next snapshot post release 11.4.0-SIGQA16-SNAPSHOT * Support for customizing the output directory for Quack Patch (#1713) * Support for customizing quack patch output directory * updated release note for the new flag * Release 11.4.0-SIGQA10-IDETECT-5066 * Using the next snapshot post release 11.4.0-SIGQA11-IDETECT-5066-SNAPSHOT * fix * updated docs * Release 11.4.0-SIGQA14-IDETECT-5066 * Using the next snapshot post release 11.4.0-SIGQA15-IDETECT-5066-SNAPSHOT * fix invalid path case * Release 11.4.0-SIGQA15-IDETECT-5066 * Using the next snapshot post release 11.4.0-SIGQA16-IDETECT-5066-SNAPSHOT * updated release note as suggested --------- Co-authored-by: blackduck-serv-builder <serv-builder@blackducksoftware.com> * Release 11.4.0-SIGQA16 * Using the next snapshot post release 11.4.0-SIGQA17-SNAPSHOT * Warn Java 8 End of Support in logs (#1737) * Update currentreleasenotes.md Updates and omissions * fix compatibility error with java 8 (#1742) * Release 11.4.0-SIGQA17 * Using the next snapshot post release 11.4.0-SIGQA18-SNAPSHOT * Remove logic to not create project version in case of empty detector bdio (#1747) * Release 11.4.0-SIGQA18 * Using the next snapshot post release 11.4.0-SIGQA19-SNAPSHOT * Increase signatur escan code location count by the number of successful code location paths (#1748) * Release 11.4.0-SIGQA19 * Using the next snapshot post release 11.4.0-SIGQA20-SNAPSHOT * Send quack patch custom output path to nuget inspector invocation (#1749) * Release 11.4.0-SIGQA20 * Using the next snapshot post release 11.4.0-SIGQA21-SNAPSHOT * Release 11.4.0 * Using the next snapshot post release 11.4.1-SNAPSHOT * Fix release notes for 11.4.1 release (#1750) * Update topics.ditamap (#1751) * Release 11.4.1 * Using the next snapshot post release 11.4.2-SNAPSHOT * Empty current release notes for 11.5.0 --------- Co-authored-by: dterrybd <dterry@blackduck.com> Co-authored-by: blackduck-serv-builder <serv-builder@blackducksoftware.com> Co-authored-by: dterrybd <103214400+dterrybd@users.noreply.github.com> Co-authored-by: devmehtabd <devmehta@blackduck.com> Co-authored-by: cpottsbd <36172712+cpottsbd@users.noreply.github.com> Co-authored-by: Dev Mehta <128397570+devmehtabd@users.noreply.github.com> Co-authored-by: Samrat Mukherjee <samratmuk@blackduck.com> Co-authored-by: Aditya Byreddy <37792774+sig-abyreddy@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Goal: Remove or replace expensive notification API usage in Detect (as per request from perflab) without changing existing behaviour.
Related blackbuck-common PR that must be merged and released first: blackducksoftware/blackduck-common#475. This will be a major version bump as the removal of the now unused "get latest user notification timestamp" API is a breaking change.
Summary of changes:
1. Safe removal of calls to notifications API in places where we do not need it:
► detector and signature (uses BOM status polling in all cases)
► binary (uses BOM status polling, except when server version is too old for multipart upload)
► impact analysis (currently no mechanism for checking the completion status. See HUB-25142)
► iac (never used notification based waiting, noop)
2. For remaining notification use cases, reduce API calls by simply using upload start time as the polling window start.
New behavior:
If and when needed, notifications APIs are used for polling as they were before, only the starting timestamp has changed.
3. Removal of waitAtScanLevel boolean which simply represented if BD sever version exists and it is >=2023.1.1. 2023.1.x has reached end of support.
4. Docs: release note + updating wait property to indicate iac and impact analysis tools are not applicable.
Note on where we still use notification APIs:
In the case of a binary scan against a BD version < 2024.7.0, we use pre-SCASS binary scan with legacy upload mechanism (no multiparty upload possible). In this specific case, we mustWaitAtBomSummaryLevel for completion if detect.wait.for.results is set to TRUE. Though we will no longer make API calls to determine most recent notification, we will still eventually poll the notifications endpoint. In this case, we will see in the logs: