From d7bdb2ab88cbdd8a148e4c1746a9b225db27a374 Mon Sep 17 00:00:00 2001 From: David Caravello <119438707+dcaravel@users.noreply.github.com> Date: Wed, 1 Jul 2026 10:58:40 -0500 Subject: [PATCH 1/3] cap exponential backoff --- pkg/vulnloader/nvdloader/loader_feed.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/vulnloader/nvdloader/loader_feed.go b/pkg/vulnloader/nvdloader/loader_feed.go index 945d3f6d1..e50651f12 100644 --- a/pkg/vulnloader/nvdloader/loader_feed.go +++ b/pkg/vulnloader/nvdloader/loader_feed.go @@ -51,6 +51,7 @@ func (l *feedLoader) downloadFeedForYear(enrichments map[string]*FileFormatWrapp url := fmt.Sprintf("https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-%d.json.gz", year) const maxRetries = 10 + const maxBackoff = 5 * time.Minute backoff := 10 * time.Second var apiFeed *apischema.CVEAPIJSON20 for attempt := 1; ; attempt++ { @@ -65,6 +66,9 @@ func (l *feedLoader) downloadFeedForYear(enrichments map[string]*FileFormatWrapp log.Warnf("Feed year %d: attempt %d failed: %v; retrying in %s", year, attempt, err, backoff) time.Sleep(backoff) backoff *= 2 + if backoff > maxBackoff { + backoff = maxBackoff + } } cveItems, err := toJSON10(apiFeed.Vulnerabilities) From f8a9b1a0d54a9057861ee57825564bca349b99d7 Mon Sep 17 00:00:00 2001 From: David Caravello <119438707+dcaravel@users.noreply.github.com> Date: Wed, 1 Jul 2026 11:04:25 -0500 Subject: [PATCH 2/3] empty: trigger CI bundle gen From ffd911069ea7d4c09bac612ab6630c564adf69d0 Mon Sep 17 00:00:00 2001 From: David Caravello <119438707+dcaravel@users.noreply.github.com> Date: Wed, 1 Jul 2026 18:03:40 -0500 Subject: [PATCH 3/3] use predefined backoff values --- pkg/vulnloader/nvdloader/loader_feed.go | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/pkg/vulnloader/nvdloader/loader_feed.go b/pkg/vulnloader/nvdloader/loader_feed.go index e50651f12..38eea8d9a 100644 --- a/pkg/vulnloader/nvdloader/loader_feed.go +++ b/pkg/vulnloader/nvdloader/loader_feed.go @@ -51,8 +51,14 @@ func (l *feedLoader) downloadFeedForYear(enrichments map[string]*FileFormatWrapp url := fmt.Sprintf("https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-%d.json.gz", year) const maxRetries = 10 - const maxBackoff = 5 * time.Minute - backoff := 10 * time.Second + backoffs := []time.Duration{ + 15 * time.Second, + 30 * time.Second, + 1 * time.Minute, + 2 * time.Minute, + 4 * time.Minute, + 5 * time.Minute, + } var apiFeed *apischema.CVEAPIJSON20 for attempt := 1; ; attempt++ { var err error @@ -63,12 +69,9 @@ func (l *feedLoader) downloadFeedForYear(enrichments map[string]*FileFormatWrapp if attempt >= maxRetries { return errors.Wrapf(err, "failed to download feed for year %d after %d attempts", year, attempt) } + backoff := backoffs[min(attempt-1, len(backoffs)-1)] log.Warnf("Feed year %d: attempt %d failed: %v; retrying in %s", year, attempt, err, backoff) time.Sleep(backoff) - backoff *= 2 - if backoff > maxBackoff { - backoff = maxBackoff - } } cveItems, err := toJSON10(apiFeed.Vulnerabilities)