In order for an artifact in Artifactory to be scanned by Xray, the component must first be indexed by Xray. This is how Xray parses the component and finds all of the applicable licenses, dependencies, etc.
Sometimes, when indexing a package, we see the following type of error in the Xray logs:
Caused by: Index worker 3 failed to index artifact --- at /go/src/jfrog.com/xray/internal/workers/index_worker.go:186 (IndexWorker.IndexFile) --- Caused by: failed to extract file FILE NAME (root path: default/dev-generic-local/). --- at /go/src/jfrog.com/xray/indexer/indexer_core/archive_mgr.go:244 (ArchiveManager.deepArchiveScanWrapper) --- Caused by: failed to extract file large.zip (root path: default/dev-generic-local/). --- at /go/src/jfrog.com/xray/indexer/indexer_core/archive_mgr.go:244 (ArchiveManager.deepArchiveScanWrapper) --- Caused by: Irrecoverable Error: --- at /go/src/jfrog.com/xray/common/common_utils/fileutil.go:352 (SaveBinFile) --- --- at /go/src/jfrog.com/xray/common/common_utils/fileutil.go:347 (SaveBinFile.func1) --- Caused by: total bytes limit reached
This error is caused by the fact that Xray has a limitation on the compression ratio for packages that are indexed. The purpose of this limit is in order to prevent a zip bomb attack.
In order to solve this issue, we can use the RationLimit parameter in the Xray system.yaml file to increase the allowed compression ratio by Xray. For instance, in order to increase the allowed ratio from 200 (default) to 500, add the following to the system.yaml:
indexer:
compress:
RationLimit: 500