Create (or Edit or View) Scan Profile Dialog

The following table describes the fields that define a standard or custom scan profile on the Create Scan Profile, Edit Scan Profile, and View Scan Profile dialogs. Code Insight System Administrators access these dialogs from the Scan Profiles tab on the Administration page.

The Create Scan Profile enables you to add a custom profile, the Edit Scan Profile lets you update a selected standard or custom profile, and the View Scan Profile shows a read-only view of the current settings for a selected scan profile.

For more information about using these dialogs, see “Managing Scan Profiles” in the “Configuring Code Insight” chapter in the Code Insight Installation & Configuration Guide.

About Standard Scan Profiles

The following are the standard (pre-defined) scan profiles that ship with Code Insight. You can modify these profiles (with the exception of the Standard Scan Profile), assign them to projects, or use them as templates for creating your own scan profiles.

•

Basic Scan Profile (without CL)—Defines a scan that uses Automated Analysis to detect evidence of open-source software (OSS) and third-party code in your codebase and generate an inventory of the findings. This scan does not perform exact-file or source-code matching and therefore does not use the Compliance Library (CL).

•

Standard Scan Profile—Defines a scan that includes the basic scan features but also performs exact-file matching (that is, identifies codebase files that have an exact MD5 match in the CL). This scan requires the CL. This is the scan profile used as a template when you create a new profile. It cannot be modified.

•

Comprehensive Scan Profile—Defines a scan that includes the basic scan features but also performs exact-file and source-code matching. (Source-code matches are strings in the codebase files that have an exact match to content in files in the CL). This scan requires the CL.

The table below shows the default value for a given setting in each of the standard scan profiles.

Scan Profile Settings

The following table defines that scan settings used to define a scan profile, custom or standard.

For your reference, the table contains additional columns (Basic, Standard, Comprehensive) to indicate the default value for a given setting in each of the standard scan profiles.

Scan Profile Dialog

Field

Description

Basic

Standard

Compre-hensive

Name

Enter or edit the profile name.

Basic Scan Profile

Standard Scan Profile

Compre-hensive Scan Profile

Perform Package/License Discovery in Archives

Select this option to have the Scan Server recursively perform package discovery and license detection within all archive files encountered in the project codebase. By default, this option is selected.

Selected

Dependency Support

Determine the level of dependency scanning to be performed by the Scan Server. The available options include:

•

No Dependencies—Only top-level inventory items are reported without any dependencies. (Default)

•

Only First Level Dependencies—Only first-level (or direct) dependencies are reported along with top-level inventory items.

•

All Transitive Dependencies—All first-level and transitive dependencies are reported along with top-level inventory items. The Scan Server calls out to the relevant package management repository to obtain transitive dependency information.

For a description of Code Insight dependency support for supported ecosystems, see “Automated Analysis” in the Code Insight User Guide.

No Depend-encies

Report Non-Runtime Dependencies

(Available if Only First Level Dependencies or All Transitive Dependencies is selected for Dependency Support) Specify whether the scan should report only runtime dependencies or both runtime and non-runtime dependencies. (Runtime dependencies are required during application runtime; non-runtime dependencies are not.) For more information, see Dependency Scopes.

•

Enabled—Report both runtime and non-runtime dependencies.

•

Disabled—Report only runtime dependencies.(Default)

N/A

Automatically Add Related Files to Inventory

Select this option to have the system associate additional files to existing inventory items based on the data available in automatic detection rules.

Selected

Rescan Options

By default, when a user initiates a regular rescan (that is, not a forced full rescan), only those files that have changed since the last scan are scanned. However, certain Code Insight events that have occurred since the previous scan can result in a rescan of all files (a full rescan). For a description of these events, see “Default Scan Behavior” in the Code Insight User Guide.

These options are used to override this default rescan behavior so that, even if any of the events that would normally call for a full rescan have occurred, all rescans will skip unchanged files and scan changed files only.

Do not rescan files that have not changed since previous scan

Select this option so that rescans always skip unchanged files and scan only those files that have changed since the last scan (even if events have occurred since the last scan that call for a full rescan).

Not selected

Apply this option to:

If the Do not rescan files... option is selected, further clarify which unchanged files to skip during the rescan:

•

All unchanged files

•

Only unchanged files marked as reviewed

•

Only unchanged files associated with inventory

•

Only unchanged files that are both marked as reviewed and associated with inventory

N/A

Exact Matches

Select this option to enable the detection and recording of scanned files that exactly match entire-file data in the Compliance Library (CL).

Disabled

Enabled

Source Code Matches

Select this option to enable the detection and recording of any source-code snippets in the scanned files that match data in the Compliance Library (CL).

If you enable this source-code matching, specify any of the following additional parameters for the matching process.

Disabled

Enabled

Include System- Identified Files

Select this option if you want the Scan Server to perform source-code matching for files that have already been associated with one or more inventory items during automated analysis.

N/A

Selected

Include Files with Exact Matches

Select this option if you want the Scan Server to perform source-code matching for files that have already been identified as having exact-file matches in the CL.

N/A

Selected

Minimum Source Code Matches

Enter the minimum number of source-code matches that the scan needs to detect in a given codebase file before reporting the file as having such matches. (A source-code match is a snippet of code in a codebase file that matches an open-source code snippet found in the CL data.)

Enter a new minimum value from 1 to 32767. (The default is 3.)

For example, if this value is increased to 10, ten code snippets in a given codebase file must match data in the CL before the scan reports the file as having source-code matches.

In general, the higher this value, the fewer source-code matches an analyzer has to review.

N/A

Search Terms

Provide a list of search terms to be used in the scan. Use the + button to add a term and the - button to remove a term.

Standard terms listed

Scan Exclusions

Provide a list of file extensions to be excluded from the scan. Use the + button to add an exclusion term and the - button to remove an exclusion. See “Creating Exclusion Patterns for Scan Profiles” in the Code Insight Installation & Configuration Guide for further instructions.

Standard exclusions listed