cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
alexrybak
Revenera
Revenera

FlexNet Code Insight - NVD sync issue

This notice is to inform you that we have identified an issue in FlexNet Code Insight related to synchronizing with the National Vulnerability Database (NVD) to download the latest security vulnerabilities.

We are in process of determining the root cause of this issue, and expect to post an update by the end of the day tomorrow (September 29, 2020).

If you know of team members in your organization who should be made aware of these issues, please either forward this post or point them in the direction of our Customer Success team.

We apologize for any dissatisfaction this causes and appreciate your continued patience as we work through this issue.

Your FlexNet Code Insight Team

20 Replies
alexrybak
Revenera
Revenera

Re: FlexNet Code Insight - NVD sync issue

NVD sync issue update for September 29, 2020

Upon further analysis, we have determined that the NVD sync issue impacts the following areas:

  • Code Aware free NVD update function
  • Code Insight pre-scan NVD update function
  • Code Insight remote scan agent pre-scan NVD update function
  • Content team NVD collection function and in turn the data in the update service for Code Insight

We are exploring various options for a timely resolution.

We will continue to update this post as progress is made and an estimated resolution date can be provide.

Your FlexNet Code Insight Team

0 Kudos
alexrybak
Revenera
Revenera

Re: FlexNet Code Insight - NVD sync issue

NVD sync issue update for September 30, 2020

Upon further analysis, we have identified 2 key pieces of work that need to be done to address this issue:

  • Update our code to consume the new NVD feed which recently replaced the feed we currently leverage
  • Update our implementation for mapping CVEs to component versions that currently relies on the "affects" data element in the NVD feed which has been removed in the latest version

We continue to discuss the various approaches to address these issues and will provide an estimate for resolution as soon as we can.

Thank you for your patience.

Your FlexNet Code Insight Team

 

alexrybak
Revenera
Revenera

Re: FlexNet Code Insight - NVD sync issue

NVD sync issue update for October 6, 2020

We have performed additional analysis since the previous update, and are focusing our efforts at fixing the NVD collector to bring back online the electronic update service. One that is fixed, we will be able to push new CVEs from NVD via the electronic update.This fix will NOT require a Code Insight service pack since the fix is on the update data file preparation side.

After this is fixed, we will focus on fixes to Code Insight.

Until Code Insight is fixed and released, we plan on increasing the production frequency of electronic updates to twice a week.

We will soon be able to provide an estimated fix data for the electronic update service. At that point, we recommend that customers check that their Code Insight system is configured to check for electronic updates nightly.

Thank you for your continued patience.

Your FlexNet Code Insight Team

0 Kudos
alexrybak
Revenera
Revenera

Re: FlexNet Code Insight - NVD sync issue

NVD sync issue update for October 21, 2020

We have made some significant progress in resolving this issue:

  • We have implemented a fix to our NVD collection module that now utilizes the latest NVD data API
  • We have delivered this fix internally via an updated shared library that is used by multiple SCA products
  • We have published a new electronic update package with the latest CVEs (vulnerabilities) from NVD; both Code Insight v6 and Code Insight v7 can process this update
  • For the foreseeable future, we plan on increasing the frequency of electronic updates to twice a week to keep up with the latest NVD updates until the fixes are propagated to the products
  • We are working on the product fixes for both Code Insight 6.14.2 and Code Insight 2020 R4

Again, thank you for your patience while we work through the fixes to this issue.

Your FlexNet Code Insight Team

remi_r_grenier
Flexera beginner

Re: FlexNet Code Insight - NVD sync issue

Hello, how/where download the "updated shared library" ?
Thanks
0 Kudos
alexrybak
Revenera
Revenera

Re: FlexNet Code Insight - NVD sync issue

Apologies for the confusion. The shared library is internally used by Code Insight v6 and v7 as well as Code Aware. It is not distributed externally. It contains the fix for the NVD sync issue.

0 Kudos
remi_r_grenier
Flexera beginner

Re: FlexNet Code Insight - NVD sync issue

Airbus Amber
Oh OK, so the shared library will be updated with the latest Electronic update ?

_______________________________
Rémi Grenier
TZIEF - System & Software Engineering

AIRBUS Defence & Space
P2-119
31, rue des cosmonautes - Z.I. du Palays
31402 Toulouse Cedex 4
France
Tel : +33 5 82 52 11 15
Mob :+33 6 18 41 74 41
Email : remi.r.grenier@airbus.com



THIS DOCUMENT IS NOT SUBJECT TO EXPORT CONTROL.

The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, please notify Airbus immediately and delete this e-mail.
Airbus cannot accept any responsibility for the accuracy or completeness of this e-mail as it has been sent over public networks. If you have any concerns over the content of this message or its Accuracy or Integrity, please contact Airbus immediately.
All outgoing e-mails from Airbus are checked using regularly updated virus scanning software but you should take whatever measures you deem to be appropriate to ensure that this message and any attachments are virus free.
0 Kudos
alexrybak
Revenera
Revenera

Re: FlexNet Code Insight - NVD sync issue

The shared library will be part of the product fix in Code Insight 6.14.2 and Code Insight 2020 R4.

Meanwhile, the electronic updates will provide the up to date set of new vulnerabilities from NVD.

remi_r_grenier
Flexera beginner

Re: FlexNet Code Insight - NVD sync issue

Airbus Amber
Understodd. When the RC4 will be delivered ?

_______________________________
Rémi Grenier
TZIEF - System & Software Engineering

AIRBUS Defence & Space
P2-119
31, rue des cosmonautes - Z.I. du Palays
31402 Toulouse Cedex 4
France
Tel : +33 5 82 52 11 15
Mob :+33 6 18 41 74 41
Email : remi.r.grenier@airbus.com



THIS DOCUMENT IS NOT SUBJECT TO EXPORT CONTROL.

The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, please notify Airbus immediately and delete this e-mail.
Airbus cannot accept any responsibility for the accuracy or completeness of this e-mail as it has been sent over public networks. If you have any concerns over the content of this message or its Accuracy or Integrity, please contact Airbus immediately.
All outgoing e-mails from Airbus are checked using regularly updated virus scanning software but you should take whatever measures you deem to be appropriate to ensure that this message and any attachments are virus free.
0 Kudos