Improve component search performance with JDBI#1867
Merged
Conversation
nscuro
requested changes
Mar 12, 2026
2 tasks
nscuro
requested changes
Mar 23, 2026
nscuro
requested changes
Mar 30, 2026
Up to standards ✅🟢 Issues
|
| Category | Results |
|---|---|
| Complexity | 2 medium |
🟢 Metrics 100 complexity
Metric Results Complexity 100
🟢 Coverage 73.03% diff coverage · -0.51% coverage variation
Metric Results Coverage variation ✅ -0.51% coverage variation (-1.00%) Diff coverage ✅ 73.03% diff coverage (70.00%) Coverage variation details
Coverable lines Covered lines Coverage Common ancestor commit (1fc7e2a) Report Missing Report Missing Report Missing Head commit (4305f10) 42700 (+13899) 35892 (+11536) 84.06% (-0.51%) Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch:
<coverage of head commit> - <coverage of common ancestor commit>Diff coverage details
Coverable lines Covered lines Diff coverage Pull request (#1867) 241 176 73.03% Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified:
<covered lines added or modified>/<coverable lines added or modified> * 100%1 Codacy didn't receive coverage data for the commit, or there was an error processing the received data. Check your integration for errors and validate that your coverage setup is correct.
TIP This summary will be updated as you push new changes. Give us feedback
nscuro
requested changes
Apr 14, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces a new v2 components listing/search endpoint backed by an optimized JDBI query, aiming to improve component identity search performance and expand response data (project + metrics).
Changes:
- Added
GET /api/v2/componentswith filtering, sorting, and keyset pagination implemented viaComponentDao.listComponents(...). - Extended v2 API models/mapping to include project info and dependency metrics in component responses.
- Updated OpenAPI definitions and tests, and introduced dedicated schemas for project-components listing responses.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| apiserver/src/test/java/org/dependencytrack/resources/v2/ComponentsResourceTest.java | Adds test coverage for /api/v2/components pagination, sorting, filtering, ACL behavior, and error cases. |
| apiserver/src/test/java/org/dependencytrack/resources/v1/ComponentResourceTest.java | Fixes a test bug setting PURL on the wrong component instance. |
| apiserver/src/main/java/org/dependencytrack/resources/v2/mapping/ModelMapper.java | Adds mapping helpers for ComponentProject and DependencyMetrics. |
| apiserver/src/main/java/org/dependencytrack/resources/v2/WorkflowsResource.java | Exposes a sort-direction converter (now reused elsewhere). |
| apiserver/src/main/java/org/dependencytrack/resources/v2/ProjectsResource.java | Switches project-components listing response types to new ListProjectComponentsResponse* models. |
| apiserver/src/main/java/org/dependencytrack/resources/v2/ComponentsResource.java | Implements listComponents endpoint using JDBI, with input parsing/validation and mapping to v2 models. |
| apiserver/src/main/java/org/dependencytrack/persistence/jdbi/PaginationSupport.java | Adds bounded-total-count helper that can apply the API project ACL condition. |
| apiserver/src/main/java/org/dependencytrack/persistence/jdbi/ComponentDao.java | Adds the optimized JDBI query + pagination logic for listing/searching components (plus optional metrics loading). |
| api/src/main/openapi/paths/projects_uuid_components.yaml | Updates response schema reference for project components listing. |
| api/src/main/openapi/paths/components.yaml | Adds OpenAPI definition for GET /components (v2) with filtering/sorting/pagination. |
| api/src/main/openapi/components/schemas/list-project-components-response.yaml | New paginated schema for project components listing. |
| api/src/main/openapi/components/schemas/list-project-components-response-item.yaml | New response-item schema for project components listing. |
| api/src/main/openapi/components/schemas/list-components-response-item.yaml | Extends components list item schema with project and metrics; removes occurrence_count. |
| api/src/main/openapi/components/schemas/dependency-metrics.yaml | Adds schema for dependency metrics. |
| api/src/main/openapi/components/schemas/component-project.yaml | Adds schema for embedding project info in component responses. |
Comments suppressed due to low confidence (1)
apiserver/src/main/java/org/dependencytrack/resources/v2/WorkflowsResource.java:289
- Making
convert(SortDirection)publicon this resource appears to be only to support reuse from other resources (e.g., components). To avoid exposing resource-internal helpers as API surface, consider moving this mapping into a small shared utility class (or into the pagination/common layer) and keep this methodprivatehere.
public static org.dependencytrack.common.pagination.@Nullable SortDirection convert(
@Nullable SortDirection sortDirection) {
return switch (sortDirection) {
case ASC -> org.dependencytrack.common.pagination.SortDirection.ASC;
case DESC -> org.dependencytrack.common.pagination.SortDirection.DESC;
case null -> null;
};
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
nscuro
approved these changes
Apr 15, 2026
nscuro
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Old and existing:
/api/v1/component/identityNew:
/api/v2/componentsAddressed Issue
Closes DependencyTrack/hyades#2049
Additional Details
Frontend changes: DependencyTrack/hyades-frontend#438
Checklist