How much memory does the scorecard application need to perform checks on a repository? #2500
-
|
I need to allocate appropriate resources to a container running the scorecard application. How much memory does the application need relative to the size of the scanned repository? Also, when I perform a scan on a repository, does the scorecard application clone the entire repository to perform all checks? I had a bit of a hard time to find the relevant code in pkg in order to figure it out myself. A rough figure would totally suffice! Thanks a lot! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi @denizmgun, the Scorecard cron job which analyzes 1M+ repos weekly assigns min of 5GB and max of 12GB memory to the container running Scorecard (https://github.com/ossf/scorecard/blob/main/cron/k8s/worker.yaml#L39). I would say these limits should suffice for most repositories and are a good starting point for your application. Scorecard downloads a compressed archive of the repository - https://github.com/ossf/scorecard/blob/main/clients/githubrepo/tarball.go to perform its checks. |
Beta Was this translation helpful? Give feedback.
-
|
This was exactly what I needed to know. Great answer! |
Beta Was this translation helpful? Give feedback.
Hi @denizmgun, the Scorecard cron job which analyzes 1M+ repos weekly assigns min of 5GB and max of 12GB memory to the container running Scorecard (https://github.com/ossf/scorecard/blob/main/cron/k8s/worker.yaml#L39). I would say these limits should suffice for most repositories and are a good starting point for your application.
Scorecard downloads a compressed archive of the repository - https://github.com/ossf/scorecard/blob/main/clients/githubrepo/tarball.go to perform its checks.