Data Library, Library Refreshes, and Electronic Updates

The following are known issues related to the Code Insight data library, the daily Library Refresh, which reports new vulnerabilities associated with inventory, or the Electronic Update, which keeps Code Insight systems up to date with the latest data-library information.

SCA-51662: Electronic Update banner and job showing status as active when job is actually waiting for scans to complete

The Electronic Update banner and the PDL Update job for an Electronic Update is showing that the job is active when it is actually waiting for scans to complete, as recorded correctly in the log.

Workaround: None exists.

SCA-51313: Electronic Update banner displaying even though the Update is not executing

The Electronic Update banner, indicating that an update is currently running, is being displayed even though the Update is not running. This error occurs under these circumstances:

•

An Electronic Update that is added to the Jobs queue during a currently running scan or rescan is flagged as Active in the queue even though its state should be Scheduled. (However, the Update is actually waiting for the scan or rescan to finish.) See SCA-51296: Electronic Update or License Refresh showing “Active” when added to Jobs queue during an “Active” scan or rescan .

•

An Electronic Update is added to the Jobs queue while a License Refresh is currently running. (The Electronic Update is properly placed in a Scheduled state and is waiting for the Refresh to finish.)

Workaround: None exists.

SCA-51296: Electronic Update or License Refresh showing “Active” when added to Jobs queue during an “Active” scan or rescan

An Electronic Update or Library Refresh that is added to the Jobs queue during a currently running scan or rescan is flagged as Active in the queue even though its state should be Scheduled. Note, however, that the Update or Refresh is actually waiting for the scan or rescan to finish, as correctly recorded in the log file.

Workaround: None exists.

SCA-51293: Electronic Update or License Refresh failing with “Cannot delete or update a parent row: a foreign key constraint fails”

An Electronic Update or License Refresh can fail when orphan custom components (that is, custom component versions not linked to any inventory items) have licenses mapped to them.

Workaround: Run a SQL query to clean the component version and their licenses. Contact Revenera Support for details.

SCA-43568: Sequential creation of multiple custom components with similar names resulting in incorrect component search counts and pagination

As of 2022 R4, Code Insight starts the background process of indexing a custom component in the Code Insight data library as soon as the component is created or updated. If multiple custom components with similar names are sequentially created/updated and indexed in the background, the search results for these components might show incorrect search counts and pagination.

Workaround: After the custom-component updates are indexed, run an Electronic Update to fix the indexes.

SCA-40194: Duplicate inventory issues for MIT-related components

The Code Insight MIT data-library update does not fix inventory items with names that include multiple licenses separated by commas (instead of ORs), as shown in this example:

jquery (MIT, MIT License)

On a rescan, duplicates might be created for such inventory items:

jquery (MIT, MIT License)

jquery (MIT)

Two possible workarounds are available.

Workaround 1: Before starting the rescan, select the option On data import or rescan, delete inventory with no associated files on the Manage Project > Edit Project > General tab accessed from the project’s Summary tab. This option deletes the original inventory item as long as it is system-generated.

Workaround 2: Manually delete the original inventory item in the Analysis Workbench by right clicking the item and selecting Delete inventory. You must repeat this step for each such inventory item.