This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
lpopescu
Level 5
‎Apr 17, 2019 04:50 PM

FNCI (2018 – 2019.R1) “Upload Project Codebase” and “Version Control Instances” do not coexist?

“Upload Project Codebase” and “Version Control Instances” do not coexist under the same “numbered” Directory Structure.

When using “Version Control Instances” to automatically download GitHub sources, if you have other codebase stored under the project’s scan path, it will get removed every time you sync/update the Version Control Instances.


Example:
Project ID #22
Scan Path: /sources/22

  1. I use “Upload Project Codebase” to place sources and artifacts into my scan directory: "/sources/22".
  2. I’ve also setup the "Version Control Instances" for GitHub to automatically download latest codebase from our internal repo into the same project.

Once I start the scan, all my code and artifacts in /sources/22 is removed including the codebase I uploaded with “Upload Project Codebase”, and then my codebase directory content is automatically refreshed with latest GitHub sources placed under: /sources/22/git.0, git.1, git2 ...

Workaround:

For FNCI 2018:

  1. I created a separate directory structure "/sources/project-22" where I can manually upload my project codebases.
  2. Setup “Version Control Instances” for GitHub to automatically download the latest codebase (under the Project’s numbered path)
  3. "Edit Project" --> "Scan Settings" make sure you add the "/sources/project-22" to the scan path of your project in addition to your “numbered” folder path(/sources/22).
  4. Start your scan.

 

For FNCI 2019.R1:

FNCI 2019.R1 by default restricts what you can see under your directory structure to only the “numbered scan-path”. (See FNCI-RN-2019R1.pdf, page 9 “Restricted Access to Scan Server Filesystem”)

The workaround I had for 2018 no longer worked.  The new workaround for 2019.R1 is as follows:

  1. Open Ticket with Flexera Customer support and request access to "Restricted Access to Scan Server Filesystem" as per FNCI-2019R1 Release Notes.pdf) on page 9.
  2. Setup “Version Control Instances” for GitHub to automatically download the latest codebase (under the Project’s numbered path)
  3. Create a new directory structure "/sources/project-22" <-- you will need to manually extract the codebase.zip file in this directory structure. (If you use FNCI's "Upload Project Codebase" feature, it will upload the extracted zip file into the project's main numbered folder). That folder gets removed by the FNCI GitHub syncing every time you start a scan.)
  4. In FNCI 2019.R1 "Edit Project" --> "Scan Settings" make sure you add the "/sources/project-22" to the scan path of your project in addition to your main folder path("/sources/22").
  5. Start your scan.

Hope this will save you some time or let me know if there is a better workaround.

LP

(2) Replies
jwilliams
Revenera
Revenera
‎Apr 18, 2019 01:45 AM

Hi @lpopescu,

You are correct that the access to the scan server has been restricted in the 2019 R1 release. The steps to reverse this change are included below:

This setting is controlled by the show.full.scan.server.file.system.tree value in the PAS_GLOBAL_PROPERTIES database table. The current value of this variable can be determined using the following query:

SELECT * FROM PAS_GLOABL_PROPERTIES;

This value should be set to false. If this is set to false use the following query to update this to true:

update PAS_GLOBAL_PROPERTIES set VALUE_='true' where KEY_='show.full.scan.server.file.system.tree';

Once this has been set, restart tomcat to ensure the new settings have been read.

These changes will allow unrestricted access to the scan server as seen in the 2018 R4 and earlier releases.

Kind Regards,

Jon

lpopescu
Level 5
‎Jul 24, 2019 11:05 AM

This workaround seems to be broken in latest version of FNCI 2019.R2

e.g.

I created my first project in 2019.R2 and also added a second path "tlc-latest" where we rsync our latest codebase to be scanned.

/tw-src/1                    (created by default my palamida)
/tw-src/tlc-latest   

Under the "Version Control Settings" of my project I added a Git Repo that should also be scan.

In the past during a scan, the Git Repo would be placed by default under  "/tw-src/1/git.0".

However, in FNCI.2019* the git.0 is not following the usual placement in "/tw-src/1" but now is getting created inside my second path "/tw-src/tlc-latest/git.0".  Since is created into my second path, our codebase is being removed my the git.0 sync.

Where is git.0 repo supposed to be created? 

"/tw-src/1" or "/tw-src/tlc-latest"?

 

Thanks,

LP

0 Kudos