Enabling MSI Scanning in FlexNet Code Insight 2018 R1

Enabling MSI Scanning in FlexNet Code Insight 2018 R1

Summary

This article discusses how to enable MSI scanning in FlexNet Code Insight 2018 R1

Synopsis

How can we enable MSI scanning in FlexNet Code Insight 2018 R1?

Discussion

How to enable PE scanning to detect MSI files during scans

'To process exe and dll files during a scan, FlexNet Code Insight Automated Discovery may be configured to scan Portable Executable (PE) header files and generate inventory based on these findings. Follow these steps to turn on PE header scanning during Automated Discovery analysis:

1. Open the codeaware.properties file located in FNCI_INSTALL_DIR/config directory. If the file does not exist, create a new file with just the properties listed in the following step.

2. Add or modify the following property. Set it to ?true?.

enable.assembly.analyzer=true

3. Save the file

4. Restart Tomcat'

How Archives are Processed

FlexNet Code Insight archives scanning is supported for the following archive types ".tar", ".zip", ".cab", ".cpio", ".dmg", ".iso", ".tgz", ".gzip", ".gz", ".bz2", ".bzip2", ".tbz2", ".tbz", ".xz", ".7z", ".initrd", ".tar.lzma", ".tarz", ".tlz", ".ear", ".war", ".jar", ".msi". The files are extracted using an external extractor and scanned to produce any of the following types of inventory:

1. An outer file stand-alone inventory item created for the outermost archive file and contains the component name, version (if available) and license (if available) in the inventory name based on existing naming conventions (typically done for jar, rpm, etc.; but not for tar, tar.gz, zip, etc.).

2. A sub-component inventory item bundled with one or more stand-alone parent inventory items (jar, rpm, etc.). Each identified sub-component is represented by a new inventory item, and the outer most file is added to the new inventory item.

3. A contained inventory item found inside one or more archive files, but does not have a parent stand-alone inventory item (tar, tar.gz, zip, etc.). Each identified sub-component is represented by a new inventory item and the outer-most file is added to the new inventory item.

How to Configure Deep Scanning for Archives

By default, the archive scanner will scan all folders found inside the archive. The default depth may be changed via codeaware.properties file with an entry such as <archivetype>.archive.depth=<value>.

For example:

zip.archive.depth=1 will enable zip archive to be extracted only to one level
zip.archive.depth=0 will mean to not extract zip archives at all.

1. Open the codeaware.properties file located in FNCI_INSTALL_DIR/config directory. If the file does not exist, create a new file with just the properties listed in the following step.
2. Add and/or modify the following properties based on the desired archive depth for each archive type.
zip.archive.depth=
3. Save the file
4. Restart Tomcat'
Was this article helpful? Yes No
No ratings
Version history
Revision #:
1 of 1
Last update:
‎Nov 06, 2018 06:52 PM
Updated by: