we noticed that service/rest/v1/search API is performing poorly for hosted docker repo with large (332123) number of components. We did some profiling, and it looks like most of the CPU time is taken up by ContentAuthPluginScript, You can see that in the attached FlameGraph.
After enabling TRACE logging on org.sonatype.nexus.security.SecurityHelper, I can see that for one search request (service/rest/v1/search?format=docker&repository=my-repo), permissions are checked 332173 times, although only 50 results are returned by API.
I think it is a performance bug, search doesn't scale well with number of components in a repo. Could it be possible to limit the number of permission checks performed or cache the result of a permission check for given repo?