Scanning and Automated Discovery

This release includes the following enhancements to Code Insight scans and the Automated Analysis techniques used to discover and report inventory during scans.

Support for Codebase Uploads Using iso and ova Archives

Code Insight now supports the upload of codebases in .iso and .ova archives in the use interface.

Note:The Upload Project Files REST API does yet support these archives for upload.

Expansion of ova Archives

Code Insight now supports the expansion of an uploaded .ova archive, including the expansion of its .vmdk archives (usually found at the first level in the .ova file) and the .img archives (usually found in the .vmdk file). Other archives, such as .iso files, might be part of codebase upload; and these too are expanded, as long as their expansion is supported by Code Insight.

Expansion of Sources and Uber Jars Now Supported

Code Insight now supports the expansion of the following jars:

•

Sources jar, which contains all the source code (that is, the .java and .class files) of a compiled Java program.

•

Uber (or fat) jar, which contains all the source code of the compiled Java program but also embeds the program’s dependencies, thus providing an “all-in-one” distribution of the software. An uber jar can contain other uber and sources jars in addition to regular jars.

A new project setting, Expand Source and Uber jar files, has been added to enable the expansion of these jars.

A top-level sources or uber jar must be archived and uploaded in another upload-archive type supported by Code Insight. You cannot directly upload one of these jars.

Note:As in previous releases, Code Insight does not support the expansion of regular jars.

Reporting of Dependency Scopes in NPM Packages

Code Insight now reports the Runtime or Non-runtime scope for dependencies found in NPM ecosystems, specifically in the following manifest files: package.json, package-lock.json, or npm-shrinkwrap.json.