Goose Attack Report

Users: 5

Target Host: http://trustify:8080/

goose v0.18.0

Plan overview

Action Started Stopped Elapsed Users
Increasing25-09-28 02:20:3725-09-28 02:20:4200:00:050 → 5
Maintaining25-09-28 02:20:4225-09-28 02:25:4200:05:005
Decreasing25-09-28 02:25:4225-09-28 02:25:4800:00:060 ← 5

Request Metrics

Method Name # Requests # Fails Average (ms) Min (ms) Max (ms) RPS Failures/s
GET get_advisory_by_doc_id 100 (+35) 0 13.09 (-0.74) 3 (0) 62 (-2) 0.33 (+0.12) 0.00 (+0.00)
GET get_analysis_latest_cpe 100 (+35) 0 111.84 (-21.54) 31 (+1) 294 (-89) 0.33 (+0.12) 0.00 (+0.00)
GET get_analysis_status 100 (+35) 0 5.25 (+1.77) 1 (0) 51 (+14) 0.33 (+0.12) 0.00 (+0.00)
GET get_purl_details[b00df2ca-df21-5…874-304e9c54e2bd] 100 (+35) 0 808.06 (+37.97) 411 (+59) 1198 (+197) 0.33 (+0.12) 0.00 (+0.00)
GET get_purl_gc 100 (+35) 100 1.30 (+0.12) 1 (0) 6 (+2) 0.33 (+0.12) 0.33 (+0.12)
GET get_sbom[sha256:720e4451…a939656247164447] 100 (+35) 0 791.03 (-3.40) 137 (-38) 1777 (+170) 0.33 (+0.12) 0.00 (+0.00)
GET get_sbom_license_ids[urn:uuid:019731…104-331632a21144] 100 (+35) 0 791.82 (+25.34) 348 (+17) 1092 (+86) 0.33 (+0.12) 0.00 (+0.00)
GET list_advisory 100 (+35) 0 578.33 (+49.64) 301 (-43) 946 (+81) 0.33 (+0.12) 0.00 (+0.00)
GET list_advisory_paginated 100 (+35) 0 427.82 (+0.40) 214 (+78) 574 (-32) 0.33 (+0.12) 0.00 (+0.00)
GET list_importer 100 (+35) 0 2.80 (+0.63) 1 (0) 19 (+2) 0.33 (+0.12) 0.00 (+0.00)
GET list_organizations 100 (+35) 0 7.88 (+0.65) 2 (+1) 35 (-6) 0.33 (+0.12) 0.00 (+0.00)
GET list_packages 100 (+35) 0 522.51 (+20.11) 290 (-55) 929 (-20) 0.33 (+0.12) 0.00 (+0.00)
GET list_packages_paginated 100 (+35) 0 400.64 (+1.26) 58 (-56) 589 (-5) 0.33 (+0.12) 0.00 (+0.00)
GET list_products 100 (+35) 0 9.16 (+2.45) 2 (-2) 52 (+39) 0.33 (+0.12) 0.00 (+0.00)
GET list_sboms 100 (+35) 0 1275.98 (+254.58) 622 (+30) 1879 (+406) 0.33 (+0.12) 0.00 (+0.00)
GET list_sboms_paginated 100 (+35) 0 1555.38 (+372.93) 493 (-2) 3342 (+758) 0.33 (+0.12) 0.00 (+0.00)
GET list_vulnerabilities 100 (+35) 0 318.28 (+13.96) 97 (-35) 404 (+26) 0.33 (+0.12) 0.00 (+0.00)
GET list_vulnerabilities_paginated 100 (+35) 0 196.48 (+13.37) 108 (-6) 263 (+55) 0.33 (+0.12) 0.00 (+0.00)
GET sbom_by_package[pkg:maven/io.qu…dhat.com%2fga%2f] 100 (+35) 0 65.67 (+10.02) 9 (0) 195 (+15) 0.33 (+0.12) 0.00 (+0.00)
GET search_advisory 100 (+35) 0 946.52 (-8.85) 326 (-94) 1903 (-198) 0.33 (+0.12) 0.00 (+0.00)
GET search_exact_purl 100 (+35) 0 8.06 (-2.12) 2 (-3) 56 (+2) 0.33 (+0.12) 0.00 (+0.00)
GET search_purls 105 (+35) 0 5764.51 (-8047.37) 3041 (-3962) 6409 (-10339) 0.35 (+0.12) 0.00 (+0.00)
POST post_vulnerability_analyze[pkg:rpm/redhat/…h=noarch&epoch=1] 100 (+35) 0 491.90 (+22.90) 200 (-7) 842 (-131) 0.33 (+0.12) 0.00 (+0.00)
Aggregated 2305 (+805) 100 667.36 (-347.19) 1 (0) 6409 (-10339) 7.68 (+2.68) 0.33 (+0.12)

Response Time Metrics

Method Name 50%ile (ms) 60%ile (ms) 70%ile (ms) 80%ile (ms) 90%ile (ms) 95%ile (ms) 99%ile (ms) 100%ile (ms)
GET get_advisory_by_doc_id 5 (0) 7 (+1) 11 (+2) 17 (+5) 38 (-13) 55 (-2) 56 (-6) 62 (-2)
GET get_analysis_latest_cpe 91 (-19) 98 (-72) 130 (-50) 170 (-30) 210 (0) 240 (-40) 270 (-30) 290 (-90)
GET get_analysis_status 2 (0) 3 (+1) 3 (0) 4 (+1) 7 (0) 33 (+23) 50 (+22) 51 (+14)
GET get_purl_details[b00df2ca-df21-5…874-304e9c54e2bd] 800 (0) 800 (0) 900 (+100) 900 (+100) 900 (0) 1,000 (+100) 1,000 (+100) 1,000 (0)
GET get_purl_gc 1 (0) 1 (0) 1 (0) 1 (0) 2 (0) 3 (+1) 5 (+2) 6 (+2)
GET get_sbom[sha256:720e4451…a939656247164447] 600 (-100) 800 (0) 900 (0) 1,000 (0) 1,777 (+777) 1,777 (+777) 1,777 (+170) 1,777 (+170)
GET get_sbom_license_ids[urn:uuid:019731…104-331632a21144] 800 (0) 900 (0) 900 (0) 1,000 (+100) 1,000 (0) 1,000 (0) 1,000 (0) 1,000 (0)
GET list_advisory 500 (+10) 600 (+100) 600 (0) 700 (+100) 800 (+100) 900 (+100) 900 (+100) 900 (+35)
GET list_advisory_paginated 450 (+20) 470 (0) 490 (0) 500 (0) 500 (0) 500 (0) 574 (-26) 574 (-26)
GET list_importer 2 (0) 2 (0) 2 (0) 3 (0) 4 (+1) 14 (+10) 19 (+14) 19 (+2)
GET list_organizations 6 (+1) 7 (+1) 8 (0) 10 (-1) 16 (+3) 22 (+3) 34 (0) 35 (-6)
GET list_packages 470 (+20) 480 (+30) 500 (+40) 600 (+100) 800 (-100) 900 (0) 900 (0) 900 (0)
GET list_packages_paginated 420 (0) 430 (+10) 460 (+10) 480 (0) 500 (0) 500 (0) 589 (-5) 589 (-5)
GET list_products 6 (0) 7 (0) 7 (0) 9 (+1) 11 (+1) 46 (+35) 50 (+38) 52 (+39)
GET list_sboms 1,000 (0) 1,000 (0) 1,000 (0) 1,000 (0) 1,879 (+879) 1,879 (+879) 1,879 (+879) 1,879 (+879)
GET list_sboms_paginated 2,000 (+1,000) 2,000 (+1,000) 2,000 (+1,000) 2,000 (0) 2,000 (0) 2,000 (0) 3,000 (+1,000) 3,000 (+416)
GET list_vulnerabilities 340 (0) 350 (+10) 360 (+20) 370 (+10) 380 (+20) 390 (+20) 400 (+22) 400 (+22)
GET list_vulnerabilities_paginated 200 (+10) 200 (+10) 210 (+20) 220 (+20) 220 (+20) 240 (+32) 260 (+52) 260 (+52)
GET sbom_by_package[pkg:maven/io.qu…dhat.com%2fga%2f] 69 (+31) 75 (+11) 79 (+11) 95 (+6) 120 (0) 160 (0) 180 (+20) 195 (+15)
GET search_advisory 800 (0) 900 (-100) 1,000 (0) 1,000 (0) 1,903 (-97) 1,903 (-97) 1,903 (-97) 1,903 (-97)
GET search_exact_purl 4 (-3) 4 (-3) 5 (-3) 5 (-3) 9 (-1) 52 (0) 54 (+2) 56 (+2)
GET search_purls 6,000 (-9,000) 6,000 (-9,000) 6,000 (-10,000) 6,000 (-10,000) 6,000 (-10,748) 6,000 (-10,748) 6,000 (-10,748) 6,000 (-10,748)
POST post_vulnerability_analyze[pkg:rpm/redhat/…h=noarch&epoch=1] 490 (+40) 500 (0) 600 (0) 600 (0) 700 (0) 800 (0) 800 (0) 800 (-173)
Aggregated 350 (+10) 470 (+30) 600 (0) 800 (0) 1,000 (0) 2,000 (0) 6,000 (-10,000) 6,000 (-10,748)

Status Code Metrics

Method Name Status Codes
GET get_advisory_by_doc_id 100 [200]
GET get_analysis_latest_cpe 100 [200]
GET get_analysis_status 100 [200]
GET get_purl_details[b00df2ca-df21-5…874-304e9c54e2bd] 100 [200]
GET get_purl_gc 100 [403]
GET get_sbom[sha256:720e4451…a939656247164447] 100 [200]
GET get_sbom_license_ids[urn:uuid:019731…104-331632a21144] 100 [200]
GET list_advisory 100 [200]
GET list_advisory_paginated 100 [200]
GET list_importer 100 [200]
GET list_organizations 100 [200]
GET list_packages 100 [200]
GET list_packages_paginated 100 [200]
GET list_products 100 [200]
GET list_sboms 100 [200]
GET list_sboms_paginated 100 [200]
GET list_vulnerabilities 100 [200]
GET list_vulnerabilities_paginated 100 [200]
GET sbom_by_package[pkg:maven/io.qu…dhat.com%2fga%2f] 100 [200]
GET search_advisory 100 [200]
GET search_exact_purl 100 [200]
GET search_purls 105 [200]
POST post_vulnerability_analyze[pkg:rpm/redhat/…h=noarch&epoch=1] 100 [200]
Aggregated 2,205 [200], 100 [403]

Transaction Metrics

Transaction # Times Run # Fails Average (ms) Min (ms) Max (ms) RPS Failures/s
WebsiteUser
0.0 logon 0 (0) 0 (0) 0.00 (+0.00) 0 (0) 0 (0) 0.00 (+0.00) 0.00 (+0.00)
0.1 website_index 0 (0) 0 (0) 0.00 (+0.00) 0 (0) 0 (0) 0.00 (+0.00) 0.00 (+0.00)
0.2 website_openapi 0 (0) 0 (0) 0.00 (+0.00) 0 (0) 0 (0) 0.00 (+0.00) 0.00 (+0.00)
0.3 website_sboms 0 (0) 0 (0) 0.00 (+0.00) 0 (0) 0 (0) 0.00 (+0.00) 0.00 (+0.00)
0.4 website_packages 0 (0) 0 (0) 0.00 (+0.00) 0 (0) 0 (0) 0.00 (+0.00) 0.00 (+0.00)
0.5 website_advisories 0 (0) 0 (0) 0.00 (+0.00) 0 (0) 0 (0) 0.00 (+0.00) 0.00 (+0.00)
0.6 website_importers 0 (0) 0 (0) 0.00 (+0.00) 0 (0) 0 (0) 0.00 (+0.00) 0.00 (+0.00)
RestAPIUser
1.0 logon 100 (+35) 0 (0) 17.83 (+0.05) 9 (-2) 37 (+5) 0.33 (+0.12) 0.00 (+0.00)
1.1 list_organizations 100 (+35) 0 (0) 8.12 (+0.70) 2 (+1) 36 (-5) 0.33 (+0.12) 0.00 (+0.00)
1.2 list_advisory 100 (+35) 0 (0) 578.41 (+49.69) 301 (-43) 946 (+81) 0.33 (+0.12) 0.00 (+0.00)
1.3 list_advisory_paginated 100 (+35) 0 (0) 427.90 (+0.47) 214 (+78) 574 (-32) 0.33 (+0.12) 0.00 (+0.00)
1.4 get_advisory_by_doc_id 100 (+35) 0 (0) 13.12 (-0.77) 3 (0) 62 (-2) 0.33 (+0.12) 0.00 (+0.00)
1.5 search_advisory 100 (+35) 0 (0) 946.58 (-8.90) 326 (-94) 1903 (-198) 0.33 (+0.12) 0.00 (+0.00)
1.6 list_vulnerabilities 100 (+35) 0 (0) 318.31 (+13.94) 97 (-35) 404 (+26) 0.33 (+0.12) 0.00 (+0.00)
1.7 list_vulnerabilities_paginated 100 (+35) 0 (0) 196.51 (+13.37) 108 (-6) 263 (+55) 0.33 (+0.12) 0.00 (+0.00)
1.8 list_importer 100 (+35) 0 (0) 2.84 (+0.67) 1 (0) 19 (+2) 0.33 (+0.12) 0.00 (+0.00)
1.9 list_packages 100 (+35) 0 (0) 522.58 (+20.16) 290 (-55) 929 (-20) 0.33 (+0.12) 0.00 (+0.00)
1.10 list_packages_paginated 100 (+35) 0 (0) 400.68 (+1.22) 58 (-56) 589 (-5) 0.33 (+0.12) 0.00 (+0.00)
1.11 search_purls 105 (+35) 0 (0) 5764.61 (-8047.30) 3041 (-3962) 6409 (-10339) 0.35 (+0.12) 0.00 (+0.00)
1.12 search_exact_purl 100 (+35) 0 (0) 8.11 (-2.07) 2 (-3) 56 (+2) 0.33 (+0.12) 0.00 (+0.00)
1.13 list_products 100 (+35) 0 (0) 9.22 (+2.45) 2 (-2) 52 (+39) 0.33 (+0.12) 0.00 (+0.00)
1.14 list_sboms 100 (+35) 0 (0) 1276.02 (+254.59) 622 (+30) 1879 (+406) 0.33 (+0.12) 0.00 (+0.00)
1.15 list_sboms_paginated 100 (+35) 0 (0) 1555.41 (+372.89) 493 (-2) 3342 (+758) 0.33 (+0.12) 0.00 (+0.00)
1.16 get_analysis_status 100 (+35) 0 (0) 5.30 (+1.76) 1 (0) 51 (+14) 0.33 (+0.12) 0.00 (+0.00)
1.17 get_analysis_latest_cpe 100 (+35) 0 (0) 111.89 (-21.51) 31 (+1) 294 (-89) 0.33 (+0.12) 0.00 (+0.00)
1.18 get_purl_gc 100 (+35) 0 (0) 1.31 (+0.09) 1 (0) 6 (+2) 0.33 (+0.12) 0.00 (+0.00)
1.19 get_sbom[sha256:720e4451…a939656247164447] 100 (+35) 0 (0) 791.04 (-3.44) 137 (-38) 1777 (+170) 0.33 (+0.12) 0.00 (+0.00)
1.20 sbom_by_package[pkg:maven/io.qu…dhat.com%2fga%2f] 100 (+35) 0 (0) 65.80 (+10.11) 9 (0) 195 (+15) 0.33 (+0.12) 0.00 (+0.00)
1.21 get_sbom_license_ids[urn:uuid:019731…104-331632a21144] 100 (+35) 0 (0) 791.87 (+25.35) 348 (+17) 1092 (+86) 0.33 (+0.12) 0.00 (+0.00)
1.22 post_vulnerability_analyze[pkg:rpm/redhat/…h=noarch&epoch=1] 100 (+35) 0 (0) 491.96 (+22.87) 200 (-7) 842 (-131) 0.33 (+0.12) 0.00 (+0.00)
1.23 get_purl_details[b00df2ca-df21-5…874-304e9c54e2bd] 100 (+35) 0 (0) 808.15 (+38.03) 411 (+59) 1198 (+197) 0.33 (+0.12) 0.00 (+0.00)
Aggregated 2,405 (+840) 0 (0) 639.61 (-332.81) 1 (0) 6409 (-10339) 8.02 (+2.80) 0.00 (+0.00)

Scenario Metrics

Scenario # Users # Times Run Average (ms) Min (ms) Max (ms) Scenarios/s Iterations
WebsiteUser 0 (0) 0 (0) 0.00 (+0.00) 0 (0) 0 (0) 0.00 (+0.00) 0.00 (+0.00)
RestAPIUser 5 (0) 100 (+35) 14958.22 (-7002.47) 7778 (-3665) 16417 (-10533) 0.33 (+0.12) 20.00 (+7.00)
Aggregated 5 (0) 100 (+35) 14958.22 (-7002.47) 7778 (-3665) 16417 (-10533) 0.33 (+0.12) 20.00 (+7.00)

User Metrics

Errors

# Error
100 (+35) 403 Forbidden: get_purl_gc