cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
lpopescu
Level 5

FNCI 6.13.3 - CodeAware Now Replacing Analyzer .

In your release notes for 6.13.3 it states: "CodeAware has now replaced the Analyzer as an analysis technique for scans and reporting."

Yet on the on the Automated Analysis tab you still have this note:
"If a project workspace was previously scanned with Analyzer, you are strongly recommended not to enable CodeAware (either in conjunction with or in place of Analyzer) for subsequent scans, as this can result in duplicate groups."

Has this issue been fixed, or we are going to have to deal with duplicates since ALL our projects were scanned with the Analyzer. 

We are going to set disableAnalyzer = false since Analyzer is still our preferred scan engine.

CodeAware is faster and does a better job for pypi and npm's in creating the components, but it does not find the correct license and copyright info as the Analyzer does.  

Thanks,

LP

 

Labels (1)
(2) Replies
nsingh4
Revenera
Revenera

If you are going to enable analyzer, the statement on the "Automated Analysis" tab is still valid. This means you cannot have both Analyzer and CodeAware enabled else there will be duplication in findings.

if you want to switch to CodeAware instead of Analyzer, you can go ahead and do so and there will not be any duplication in findings(may see additional findings since CodeAware has more capability). 

0 Kudos

Thank you for the reply.

We were really happy with the added "CodeAware" feature in FNCI 6.13.2 and were looking forward to use it in parallel  with Palamida Analyzer.

The way we were planning on using the Code Aware feature was as follow:

In a project we would have workspaces scanned by the Palamida Analyzer and in the same project we also created workspaces for pypi, and bower that were scanned with Code Aware (IMO CodeAware does a better job for those packages).

About 98% of our projects are scan with Palamida Analyzer.

Since the GUI for Palamida Analyzer was removed on FNCI 6.13.3, the only way to enable the Analyzer is through the scanEngine.properties file.  If we turn ON the Analyzer using "disableAnalyzer = false" in the config file, the Analyzer is turned on for ALL the projects/workspaces, even for the ones that are marked to be scanned with Code Aware only.

If we want to scan one workspace with Code Aware, we would now have to stop Palamida, replace the disableAnalyzer flag, and restart palamida scanner, then we can scan the workspace.

is this correct?

Lauren

0 Kudos