Performing the Codebase Upload

The Scan Server to which you are uploading the codebase must be running (that is, the Tomcat server installed on the same instance as the Scan Server must be running).

The size limit for a codebase upload in 10 GB.

Note:Although the 10 GB size limit for an upload cannot be changed, methods are available for providing a larger project codebase for scanning on the Scan Server. See Codebase Size Limitations for Uploads and Scans for more information.

The following describes how to upload the project codebase. You can repeat these steps to upload additional codebases for a project.

To upload a project codebase, do the following:

1.

Navigate to the Summary tab for the project for which you are uploading a codebase. (If necessary, see Opening the Project Summary Tab).

2.

Click the Upload Project Codebase button to open the File Upload dialog.

3.

Click Select Archive File to browse for the archive containing your codebase.

4.

(Optional) Select Delete existing project codebase files to have Code Insight delete previously uploaded codebase files.

•

By keeping this option unselected, you can append new files or codebases to the existing codebase. (Default)

•

By selecting this option, you overwrite the existing codebase with the new one.

Note:If you select to delete existing codebase files, a Warning dialog appears, asking you to confirm the deletion. Be aware that all existing codebase files for the project will be permanently removed from the Scan Server during the upload. If you rescan the project without replacing these files via a new upload, the scan results for the removed files will be permanently deleted.

5.

For Archive File Expansion Options, select the level of archive expansion you want to perform on the codebase:

•

Uploaded file only—Extract the files from the uploaded archive only. Any extracted archives are not expanded. (Default)

•

Uploaded file and first-level archives only—Extract the files from the uploaded archive and expand all first-level archives in the codebase. See the next step for additional configuration available when you select this option.

•

Uploaded file and all contained archives—Extract the files from the uploaded archive and expand archives at all levels (that is, archives within archives) in the codebase. See the next step for additional configuration available when you select this option.

For each expanded archive, the upload process extracts the archive contents to a folder automatically created with the archive name.

6.

Configure settings that define the behavior of the upload process once archives are expanded. These settings are optional and are enabled only if Uploaded file and first-level archives only or Uploaded file and all contained archives has been selected.

•

Delete archive files after expansion—Remove those archives that have been expanded during an upload. (The archive is removed from the uploaded codebase after the upload is finished.) If you leave this option unselected, the archive is retained as an additional file directly under its parent folder. For examples of codebase trees that result based on how this option is configured, see More About Archive Expansion Behavior During Codebase Uploads. (Unselected by default)

•

Append value to expanded archive directory name—(Optional) Define a string to append to the name of any folder automatically created during the upload to store an archive’s contents. After a scan, this appended string helps you to identify those folders in the codebase tree whose contents were extracted from archives, especially if the original archives were removed from the codebase during the upload (see the previous option).

For example, suppose the appended value is _archive, and the upload process extracts an archive called openssh-2.5.1. After the upload process expands the archive, the name of the folder containing the archive contents becomes openssh-2.5.1_archive, as shown in this example. Note that the example also shows that the openssh-2.5.1 archive has been removed due to the selection of Delete archives after expansion.

The appended value has a maximum of 20 characters and does not support certain special characters. (Hover over the icon next to the Append value to expanded archive directory name field for a list of unsupported characters.)

7.

Click Upload. Code Insight uploads your codebase file and attaches it to the selected project. You can now scan the uploaded codebase.

Codebase Size Limitations for Uploads and Scans

The size limit for a codebase upload is 10 GB and cannot be changed. However, the size of the project codebase that is actually scanned can be greater than 10 GB if you apply any of the following scenarios:

•

Upload multiple 10 GB (or less) codebases in separate uploads for the same project (without overwriting previous files).

•

Synchronize a codebase repository that is greater than 10 GB to the Scan Server (from Git, Subversion, or Perforce) using the Source Code Management functionality, as described in Configuring Source Code Management).

•

Copy codebase files directly to the scan root (assuming you have access to the file system on the Scan Server).

Code Insight has been tested and is certified to successfully scan codebases that are within the following size limitations:

•

When Code Insight uses a MySQL database, any codebase up to 35 GB in size and containing no more than 700,000 files.

•

When a SQL Server database is used, any codebase up to 15 GB in size and containing no more than 300,000 files.