Vulnerability scans are taking longer to return due to upstream provider issue

The upstream provider has resolved the issues on their end by scaling up the cluster for the impacted service. Internal testing indicates that the timeout issues are mitigated.

We have also released new versions of our scanners which now automatically back off calling Maven in the event that the timeout issues occur again.

https://github.com/lacework/lacework-vulnerability-scanner/releases/tag/v0.14.2

Internal testing indicates that this issue may still be occurring and we have alerted the upstream service provider.

Inline and proxy scanner scanning performance issues arising from Maven timeouts may be mitigated by setting the JAVA_OFFLINE_MODE environment variable to true in the latest release of the scanners.

This will disable calls to Maven only and degrade Maven java dependancy package scanning only. Other library packages will not be impacted.

https://github.com/lacework/lacework-vulnerability-scanner/releases/tag/v0.14.1

Internal testing indicates that this issue is mitigated, however we are awaiting confirmation from the upstream service provider.

Our Vulnerability scans are currently taking longer to complete or timing out due to an upstream issue with a service we use for package data, we have raised the issue with provider.

As a temporary workaround, please disable 'Scan Language Libraries' for help on this if unsure, please consult our docs or reach out to the Support team

Our Vulnerability scans are currently taking longer to complete or timing out due to an upstream issue with a service we use for package data, we have raised the issue with provider.