Timeout when fetching license information

[erri120]

The timeout of 30 seconds is a bit too short for larger projects:

##[debug]Retrieving license information for 500 components...
##[warning]Error encountered while fetching license information from API, resulting SBOM may have incomplete license information: The request was canceled due to the configured HttpClient.Timeout of 30 seconds elapsing.

Would it be possible to increase the timeout or have a configuration option?

https://github.com/microsoft/sbom-tool/blob/0b4db48ca4f235cb75d9deaff2e094f710d55b2d/src/Microsoft.Sbom.Api/Executors/LicenseInformationService.cs#L23

https://github.com/microsoft/sbom-tool/blob/0b4db48ca4f235cb75d9deaff2e094f710d55b2d/src/Microsoft.Sbom.Api/Executors/LicenseInformationService.cs#L41

[LucaBlackDragon]

I'm facing the same issue in what I'd consider a small project (102 components in total, 27 explicitly referenced). Maybe using a lower batchSize would help preventing timeouts: https://github.com/microsoft/sbom-tool/blob/0b4db48ca4f235cb75d9deaff2e094f710d55b2d/src/Microsoft.Sbom.Api/Executors/LicenseInformationService.cs#L34 But it would also increase the risk of hitting the documented rate limits, so all things considered, I think a configurable timeout would be the best solution.

EDIT: I tried to make a PR about this, but can't build the solution, see #687.

[cz-dev-ge]

Same here. But I don't know the root cause for the timeout. Very large project.

[philipp-naused]

We have a project with 121 components that times out every single time. Please make this configurable.

[kidcline1]

I've submitted a PR that adds a CLI argument to configure this.

[erri120]

PR is #773.

[DaveTryon]

Update: This will be in our next release. We have some internal dependencies that are delaying that release, but we expect this to occur sometime in February 2025. Thanks for your continued patience on this!

[DaveTryon]

This was released in version 3.1.0, released on 4 February 2025. I forgot to close this out after the release.