Performance Tuning¶

Optimize the CBOM Generator scan performance.

Symptoms¶

Scans take too long
High memory usage
System becomes unresponsive during scan

Performance Factors¶

Factor	Impact	Mitigation
File count	Linear	Target specific directories
Thread count	Parallelism	Adjust `--threads`
Output size	Memory	Use deduplication
Service discovery	Adds overhead	Disable if not needed

Thread Optimization¶

Default Behavior¶

By default, CBOM Generator uses CPU count threads:

# 4-core system → 4 threads
# 8-core system → 8 threads

Adjusting Threads¶

# Reduce for low-memory systems
./build/cbom-generator --threads 2 --output cbom.json

# Increase for high-core systems (up to 32)
./build/cbom-generator --threads 16 --output cbom.json

# Single-threaded (sequential)
./build/cbom-generator --threads 1 --output cbom.json

Performance Impact¶

Threads	Time (294 certs)	Speedup
1	0.36s	baseline
4	0.22s	1.64x

Scan Scope Optimization¶

Target Specific Directories¶

# Instead of entire filesystem
./build/cbom-generator --output cbom.json /

# Target specific directories
./build/cbom-generator --output cbom.json \
    /etc/ssl /etc/pki /etc/ssh /usr/share/ca-certificates

Exclude Non-Crypto Directories¶

The scanner automatically skips hidden directories (.cache, .config, etc.), but you can further optimize by specifying only relevant paths.

Deduplication for Output Size¶

Large scans can produce huge output files:

# Strict deduplication for minimal output
./build/cbom-generator --dedup-mode=strict --emit-bundles --output cbom.json

Mode	Output Size	Use Case
off	Largest	Forensic analysis
safe	Medium (default)	General use
strict	Smallest	Large enterprise scans

Memory Optimization¶

For Large Scans¶

# Reduce thread count to lower memory usage
./build/cbom-generator --threads 2 --output cbom.json

# Scan in batches
./build/cbom-generator --output cbom-etc.json /etc
./build/cbom-generator --output cbom-usr.json /usr

Monitor Memory Usage¶

# Watch memory during scan
watch -n 1 'ps -o rss,vsz,comm -p $(pgrep cbom-generator)'

Service Discovery Performance¶

Service discovery adds overhead. Disable if not needed:

# Without service discovery (faster)
./build/cbom-generator --output cbom.json /etc/ssl

# With service discovery (slower, more complete)
./build/cbom-generator --discover-services --plugin-dir plugins --output cbom.json

Caching¶

CBOM Generator includes SQLite-based persistent caching:

10x+ improvement on repeated scans
Cache stored automatically
No configuration needed

Clear Cache (if needed)¶

rm -rf ~/.cache/cbom-generator/

Benchmarking¶

Time a Scan¶

time ./build/cbom-generator --output cbom.json /etc/ssl

TUI Progress Monitoring¶

# Visual progress indication
./build/cbom-generator --tui --output cbom.json

Recommended Settings¶

Desktop/Development¶

./build/cbom-generator \
    --dedup-mode=safe \
    --output cbom.json

Server/Production¶

./build/cbom-generator \
    --threads 4 \
    --dedup-mode=safe \
    --no-personal-data \
    --output cbom.json

Large Enterprise¶

./build/cbom-generator \
    --threads 8 \
    --dedup-mode=strict \
    --emit-bundles \
    --no-personal-data \
    --output cbom.json