fix: use cpuset instead of cpusnano on synology devices#1782
Merged
Conversation
🔍 Deadcode AnalysisFound 3 unreachable functions in the backend. View detailsOnly remove deadcode that you know is 100% no longer used.
|
Contributor
|
Container images for this PR have been built successfully!
Built from commit 467a933 |
d616004 to
100fdec
Compare
|
This pull request has merge conflicts. Please resolve the conflicts so the PR can stay up-to-date and reviewed. |
100fdec to
952ebfe
Compare
794232c to
852fa9f
Compare
Member
Author
|
Just to let you know: depending on Synology model / kernel version the Synology DS220+ (Kernel 4.x) Synology DS925+ (Kernel 5.x) |
852fa9f to
467a933
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.

What This PR Implements
Related issue
Related Issue
Fixes # #1727
Changes Made
Testing Done
./scripts/development/dev.sh startjust lint all)just test backendChecklist
mainbranchAI Tool Used (if applicable)
AI Tool:
Assistance Level:
What AI helped with:
I reviewed and edited all AI-generated output:
I ran all required tests and manually verified changes:
Additional Context
Disclaimer Greptiles Reviews use AI, make sure to check over its work.
To better help train Greptile on our codebase, if the comment is useful and valid Like the comment, if its not helpful or invalid Dislike
Greptile Summary
This PR addresses Synology NAS compatibility (issue #1727) by replacing Docker's
NanoCPUsresource limit withCpusetCpuson Synology hosts, where the NanoCPUs API is unsupported. Beyond the core fix, the PR significantly expands the vulnerability scanning infrastructure:docker infoand converts NanoCPU limits to cpuset-based CPU pinning.trivyConcurrentScanContainerssetting (default 1) with slot-based concurrency control and per-slot cache directories to avoid Trivy fs-cache lock contention.ScanPhasetracking (creating_container,scanning_image,storing_results) surfaced to the frontend as a progress indicator.--outputfile-based result collection with tar extraction from containers, plus fallback JSON extraction that handles noisy/concatenated output from Docker stream variants.The scope is substantially larger than the PR title suggests.
Confidence Score: 3/5
breakinside aselectstatement insaveScanResultWithRetryInternalis a known Go gotcha that will cause unnecessary retries on a cancelled context. The large scope of changes (~1750 lines added) touches critical scanning infrastructure and warrants careful testing on actual Synology devices.backend/internal/services/vulnerability_service.gocontains the retry loop bug and the bulk of the new infrastructure code.Important Files Changed
breakinselectfails to exit the retry loop on context cancellation.ScanPhasetype with constants and addsScanPhasefield to bothScanResultandScanSummarytypes.Last reviewed commit: 852fa9f