Skip to main content
Skip table of contents

Legacy Mend UI Slowness

Loading data in the UI can sometimes take longer than usual for different reasons. This article contains a checklist to help aid in improving the performance of your UI experience.

Update your Unified Agent version

The Unified Agent version can affect processing time. We always recommend scanning with the latest version of the Unified Agent, as it contains fixes and upgrades to the previous versions. Please refer to the following link to download the latest Unified Agent version: Product Downloads

A large number of projects and alerts

Having a large amount of data can cause slowness issues within the UI. We recommend cleaning up(deleting) your older products/projects that may no longer be in use.

We recommend using our self-hosted CLI tool, which helps to clean up projects and generate reports before deleting any project data in your Organization: https://github.com/mend-toolkit/sca-cleanup-tool

Disabling alerts

Disabling alerts can also help with UI slowness. Especially when there are many alerts. This is especially when there are many alerts reported within your Organization, as this can affect the loading time of the UI when attempting to load this data.

To disable alerts, you can navigate to Admin > Alerts and disable the alert type you are not using. Then, click on Save and Apply:

Filtering reports for deleting specific projects

In the “Projects” tab, you can filter the project list by date and check if you have old projects that can be deleted. You can also filter by name if you set a type of project name that now might not be in use, such as “test” projects, that can be deleted.

Unified Agent parameters

FileSystemScan

There are two basic scan stages in the Unified Agent, the package manager resolution and the flat file system scan.

During the first stage, the package manager resolution, the Unified Agent resolves dependencies based on the manifest files (such as the package.json in JavaScript) for the package manager(s) parameters specified in the Unified Agent configuration file. So, for our JavaScript example, npm install downloads dependencies defined in a package.json file and generates a node_modules folder with the installed modules. From here, we pull the dependencies.

During the second stage, the flat file system scan, if fileSystemScan=true, the Unified Agent performs a "flat" scan of your entire project. The Unified Agent looks for files/extensions specified in the "includes" and "excludes" parameters in the config file. During this stage, the Unified Agent detects source files and matches them against the Mend index of files.

The intended use for fileSystemScan is for projects where we don't support package managers and for users who want a complete inventory report of the files in their project. The fileSystemScan can only provide best-effort matches. We have an algorithm that runs on the back end responsible for matching the source files to libraries based on a number of factors such as SHA-1, repo URL, license, etc. Since it's not guaranteed to be a perfect match, this is why it's labeled as best effort. As the Unified Agent has developed over the years, this method has slowly been getting phased out due to us increasing the number of package managers that we support.

By setting fileSystemScan=false, the Unified Agent will not perform the flat file system scan. The Unified Agent will then only perform the package manager resolution step. This can not only reduce scan time but can also provide more precise results.

Building your project prior to the Unified Agent scan

You can set one of your pipeline steps to run the installation of the build tool, for example, mvn install. This command will build your Maven project and installs the project files to the local repository. You can then set maven.runPreStep=false (which, when set to true, runs mvn clean install) in your Unified Agent configuration, as you have already built your project prior to the Mend scan. This can reduce scan time.

Checking policies

checkPolicies=false

This is the parameter default setting. By having this configuration, the scan will end with SUCCESS. The Inventory will be updated regardless of policy violations, and no policy-related data will be generated. This means that the Policies Report won't be generated.
forceUpdate=false

This is the parameter default setting. The scan will not update the organization inventory, regardless of policy violations.

Dependency Resolutions

Disabling irrelevant dependency resolutions can save scan time and performance by setting the following parameter in the Unified Agent:

resolveAllDependencies=false

This will tell the Unified Agent to only scan the package managers you’ve explicitly enabled and set to true, for example, npm.resolveDependencies=true(This would scan for NPM dependencies). This will improve scan time, as the Unified agent will now only look for NPM dependencies, compared to looking for all of the package managers we support.

Continuing with our NPM example, setting npm.identifyByNameAndVersion=true will tell the Unified Agent to only use the name and version of the package. It will not fetch package data from the npm registry (either private or public).

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close