Skip TS containerprofiles for relevancy scans

[matthyx]

Summary by CodeRabbit

• Bug Fixes
  • Scanning efficiency improved by preventing unnecessary reprocessing of items already handled within the same request, reducing computational overhead.
  • Resource optimization enhanced through metadata-driven conditional logic that intelligently skips redundant operations when applicable, ensuring better overall system performance.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request optimizes container scanning by adding early-skip conditions to prevent redundant processing. When a container profile has already been scanned, remaining containers from the same workload are skipped. Additionally, timestamp-based profiles are now skipped if a specific metadata key is present in annotations.

Changes

Cohort / File(s)	Summary
Container Scanning Optimization mainhandler/handlerequests.go, utils/containerprofile.go	Added early-skip conditions to prevent processing duplicate container profiles. Handler now checks if a workload slug was already scanned before processing additional containers. Profile validation now skips when ReportSeriesIdMetadataKey is present in annotations, bypassing subsequent validation logic.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Hoppy hops through scanning gates,
Skips the ones that duplicates,
One workload checked, no more repeat,
Efficiency makes the diff complete!
⚡✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Skip TS containerprofiles for relevancy scans' directly reflects the main change: skipping TimeSeries container profiles during relevancy scans, as evidenced by the ReportSeriesIdMetadataKey check in containerprofile.go and the early-skip condition in handlerequests.go.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch skip-ts

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@utils/containerprofile.go`:
- Around line 29-31: The SkipContainerProfile function currently returns early
for any profile with helpersv1.ReportSeriesIdMetadataKey which globally changes
behavior; revert that TS-specific check out of SkipContainerProfile and restore
generic validation there, then add a new relevancy-specific helper or extend the
relevancy scan call path (e.g., in watcher/containerprofilewatcher.go or the
relevancy scorer) to perform the ReportSeriesIdMetadataKey check and skip TS
profiles only during relevancy scans; update callers of SkipContainerProfile to
call the new relevancy helper where appropriate so only the relevancy flow
excludes ReportSeriesIdMetadataKey profiles.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c95eda5e-508e-47e4-bcf7-231ef97283c7

📥 Commits

Reviewing files that changed from the base of the PR and between c00db62 and 8f670a8.

📒 Files selected for processing (2)

• mainhandler/handlerequests.go
• utils/containerprofile.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Scope this TS skip to relevancy flow only (Line 29).

This early return changes behavior for every caller of utils.SkipContainerProfile, including watcher/containerprofilewatcher.go (snippet 1), not just relevancy scans. Profiles carrying helpersv1.ReportSeriesIdMetadataKey will now be globally skipped.

Please keep generic validation in SkipContainerProfile and move TS-specific skipping into a relevancy-specific helper/call path.

Proposed refactor to limit behavior change to relevancy scan path

 func SkipContainerProfile(annotations map[string]string) (bool, error) {
@@
-	if _, ok := annotations[helpersv1.ReportSeriesIdMetadataKey]; ok {
-		return true, nil // skip TS profiles
-	}
 	if status, ok := annotations[helpersv1.StatusMetadataKey]; ok && !slices.Contains(ann, status) {
 		return true, fmt.Errorf("invalid status")
 	}
@@
 	return false, nil // do not skip
 }
+
+func SkipContainerProfileForRelevancyScan(annotations map[string]string) (bool, error) {
+	if _, ok := annotations[helpersv1.ReportSeriesIdMetadataKey]; ok {
+		return true, nil // skip TS profiles only for relevancy scans
+	}
+	return SkipContainerProfile(annotations)
+}
@@
-		if skip, err := SkipContainerProfile(profile.Annotations); skip {
+		if skip, err := SkipContainerProfileForRelevancyScan(profile.Annotations); skip {

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if _, ok := annotations[helpersv1.ReportSeriesIdMetadataKey]; ok {
	return true, nil // skip TS profiles
	}
	// SkipContainerProfile performs generic validation on container profile annotations
	if status, ok := annotations[helpersv1.StatusMetadataKey]; ok && !slices.Contains(ann, status) {
	return true, fmt.Errorf("invalid status")
	}
	return false, nil // do not skip
	}
	// SkipContainerProfileForRelevancyScan skips profiles for the relevancy scan path only
	func SkipContainerProfileForRelevancyScan(annotations map[string]string) (bool, error) {
	if _, ok := annotations[helpersv1.ReportSeriesIdMetadataKey]; ok {
	return true, nil // skip TS profiles only for relevancy scans
	}
	return SkipContainerProfile(annotations)
	}
	// In the relevancy scan caller:
	if skip, err := SkipContainerProfileForRelevancyScan(profile.Annotations); skip {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@utils/containerprofile.go` around lines 29 - 31, The SkipContainerProfile
function currently returns early for any profile with
helpersv1.ReportSeriesIdMetadataKey which globally changes behavior; revert that
TS-specific check out of SkipContainerProfile and restore generic validation
there, then add a new relevancy-specific helper or extend the relevancy scan
call path (e.g., in watcher/containerprofilewatcher.go or the relevancy scorer)
to perform the ReportSeriesIdMetadataKey check and skip TS profiles only during
relevancy scans; update callers of SkipContainerProfile to call the new
relevancy helper where appropriate so only the relevancy flow excludes
ReportSeriesIdMetadataKey profiles.

[matthyx]

it's on purpose, we should not react on TS profiles

[coderabbitai]

@matthyx, understood — skipping TS profiles (those carrying helpersv1.ReportSeriesIdMetadataKey) globally across all callers of SkipContainerProfile is intentional, not just for the relevancy scan path. Thanks for the clarification!

---

✏️ Learnings added

Learnt from: matthyx
Repo: kubescape/operator PR: 362
File: utils/containerprofile.go:29-31
Timestamp: 2026-03-26T15:05:03.285Z
Learning: In `kubescape/operator`, TS (time-series) container profiles — identified by the presence of `helpersv1.ReportSeriesIdMetadataKey` in their annotations — should be globally skipped across all callers of `utils.SkipContainerProfile` in `utils/containerprofile.go`. This is intentional design: no code path should react to TS profiles.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[github-actions]

Summary:

• License scan: success
• Credentials scan: failure
• Vulnerabilities scan: failure
• Unit test: success
• Go linting: failure