Reduce ERROR notifications for certain "normal" metadata scenarios (i.e. 404)

[valentijnscholten]

Current Behavior

I noticed that every non 2xx http response code triggers an ERROR notification to be raised for metadata analysis:

https://github.com/DependencyTrack/dependency-track/blob/45982a2e1a12a0b0de17f955b856b27008fee02a/src/main/java/org/dependencytrack/tasks/repositories/AbstractMetaAnalyzer.java#L78-L89

Proposed Behavior

I propose to make this less noisy. The logging is already on DEBUG level, maybe the notification should be on DEBUG as well. At least for 404 which can be quite normal, at least for the Composer Package Repository (#4470) Maybe other 4xx and 5xx errors could/should trigger WARN or ERROR.

Checklist

• [x] I have read and understand the contributing guidelines
• [x] I have checked the existing issues for whether this enhancement was already requested

[ryhoo2]

+1

I'd like to upvote the resolution of this issue. Currently we have 15k projects in the database and I get ~1000 error email notifications like this EVERY DAY. This is super annoying. Being able to filter out those specific emails would be great.

Example:

Repository Error

--------------------------------------------------------------------------------

Level:     ERROR
Scope:     SYSTEM
Group:     REPOSITORY

--------------------------------------------------------------------------------

An error occurred while communicating with an NUGET repository. URL: https://api.nuget.org/v3/registration5-semver1/microsoft.dotnet.scaffolding.shared/9.0.0.json HTTP Status: 404. Check log for details.

Thank You!

[anantk24]

@nscuro please assign it to me. I would like to work on this. I guess, We would need to introduce debug level notification at alpine server module. Please confirm whether we would do it for every repository api call , or only for NuGet as composer repository 404 is already handled.