Scanning the Codebase (Server Scans)
Code Insight 2021 R2
After a project’s codebase has been uploaded to (or synchronized to) the Scan Server and the appropriate scan profile is selected, you can perform a server scan the codebase. The Scan Server must be running (that is, the Tomcat server installed on the same instance as the Scan Server must be running). The following instructions describe how to start scan on your codebase.
Refer to the Code Insight User Roles and Permissions appendix for role requirements to scan a codebase.
For information about the differences between server and remotes scans, refer to About Code Insight Scans.
To start the scan, do the following:
| 1. | Navigate to the Summary tab for the project that you want to scan. (If necessary, see Opening the Project Summary Tab). |
| 2. | Click the Start Scan button (or the link in Scan Status) to start the scan. If other scans are running, the scan is queued and will automatically run based on queue order. (Click the link in Past Server Scans to view details about the scheduled scan.) |
Note:If the Start Scan button is disabled, see Actions to Take When the Start Scan Button is Disabled.
Information about the scan’s progress appears in the Scan Status section on the Summary tab.
When the scan completes, Last Server Scan will display one of the following messages:
| • | Completed—The scan succeeded with no warnings during scan or analysis. This message appears on the screen in green. |
| • | Completed with warnings—The scan succeeded but the analysis produced warnings. For more information, check the scanEngineDetail log for the Scan Server. |
| • | Failed—The scan failed. This message appears on the screen in red. For more information, see Scan Failure Reasons and Troubleshooting Measures. |
For an overall understanding of the scan results, see Overview of Scan Results.
| 3. | Do any of the following: |
| • | Manage the project. For example, you can assign users to project analyzer or reviewer roles, define the project’s scan settings, configure an automated review and remediation workflow, configure a connection to a remote data source such as Perforce or Jira, and more. See Managing a Project from the Summary Tab for details. |
| • | Analyze the scan results, as described in Auditing Scan Results in the Analysis Workbench . |
| • | Generate the following standard reports and any applicable custom reports that have been added: |
| • | Project Report |
| • | Audit Report |
| • | Notices Report |
Actions to Take When the Start Scan Button is Disabled
The Start Scan button on the Summary page for a project is disabled if the Scan Server associated with the project is not available for scanning. In the button is disabled, check with the Code Insight System Administrator to determine the actual status of the server. If the administrator determines that the server is temporarily shut down, you can use the link in Scan Status on the Summary page to queue the scan. The scan will automatically run based on queue order once the server is active again.
However, if the server is disabled, you will need to create a new project for the codebase and associate it with an enabled Scan Server.
Scan Failure Reasons and Troubleshooting Measures
The following lists possible causes and troubleshooting help for the failures of a server scan.
|
Scan Failure Cause |
Troubleshooting Measures |
|||||||||||||||
|
Scan server is not accessible |
Verify that the correct hostname and port for the selected Scan Server have been identified in Code Insight. |
|||||||||||||||
|
Scan server is unable to access or read the CL files |
Verify that the correct Compliance Library (CL) path has been identified for the Scan Server. |
|||||||||||||||
|
Scan server ran out of memory |
Ensure that the JVM heap (memory) size is adequate for running the Scan Server. (Recommended JVM heap sizes are listed in the Code Insight Installation and Configuration Guide.) |
|||||||||||||||
|
Codebase file(s) are not accessible and cannot be read |
Verify (and adjust if necessary) the codebase file permissions. |
|||||||||||||||
|
Codebase file(s) are encrypted and cannot be read |
Attempt to open the codebase files in 7-zip or winzip. This application might provide a clearer description of the error than the scan process can. |
|||||||||||||||
|
Codebase file(s) are corrupted and cannot be read |
Attempt to open the files in an external text editor. The editor might provide a clearer description of the error than the scan process can. |
|||||||||||||||
|
Codebase file(s) contain unparseable characters |
This type of error is rare. Should it occur, verify that your database character set and collation settings are correct and that they match the requirements listed in the Code Insight Installation and Configuration Guide. |
|||||||||||||||
|
Indexing of the scanned codebase files and results failed |
To help you identify the problem and troubleshoot, review the scanEngineDetail log for the Scan Server. |
|||||||||||||||
|
Unable to communicate with CodeAware |
This scan failure can occur when both of these conditions exist:
The Scan Server must call Code Insight Automated Analysis to analyze the codebase files. If the time required by Automated Analysis to analyze files exceeds the proxy server “read timeout” limit, the scan fails (even though Automated Analysis might still finish). Try either of these methods to resolve this scan-failure issue:
The Code Insight Installation and Configuration Guide provides information about configuring Code Insight to run in SSL mode or in a proxy-enabled environment. |
|||||||||||||||
|
No alternative DNS name found that matches localhost |
This scan failure occurs when all these conditions exist:
Try these methods to resolve the scan-failure issue:
The Code Insight Installation and Configuration Guide provides information about configuring Code Insight to run in SSL mode or in a proxy-enabled environment. |
|||||||||||||||
|
Unable to find valid certificate |
This scan failure can occur when both of these conditions exist:
The scan fails when the Core Server is unable to communicate with the Scan Server. Ensure that the Secure Site SSL certificate on each instance is valid and has been properly imported. (The Code Insight Installation and Configuration Guide provides information about procuring and importing these certificates as part of the SSL configuration for Code Insight.) |