Core Server
Code Insight 6.14.2
User must be logged in to the Code Insight application, which provides all the usual security benefits, including use of the CSRF Token.
User must be the project's owner or one of the project's auditors.
Core.properties
If any of the following properties are set inappropriately, the Upload to Scan feature will not run:
| • | upload.to.scan.enable.core must be “true” (without quotes). |
| • | upload.to.scan.max.file.size must be an integer greater than zero. Leave this property blank if you decide not to limit the size of the file. |
| • | upload.to.scan.scanner.alias must be a string. |
The Core Server handles all interactions with the user; the user will never directly access a Scan Server.
Uploaded files are managed by the Core Server as a simple array of bytes in memory (i.e., never written to disk), ensuring that potentially malicious files are never a threat to the Core Server.
A user performs a standard HTTP file transfer to upload files through the Code Insight application. In general, users require no additional physical or special permissions to access any Code Insight server; and they need no other software aside from their web browser to access the Code Insight application.