cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
sewechad
Occasional contributor

Source code matching analysis improvements

The current solution for source code matching identifies a lot of false positives. We would like the following capability to filter source code matches:

  1. Filter by percentage match where filters records out that are below a numeric value
  2. Filter by source matches with large blocks of code (i.e. >20 lines) matches

As an example, the following code was identified as a potential source match. We want to avoid looking at source file with low matching scores. It is a huge waste of time for the analyst.

SourceMatch.png

In addition, when comparing source code against remote file source, we want the ability to quickly align the code panels to see the code similarities. Currently you have to manually scroll each panel to compare the source files side by side.

2 Replies
Flexera dmcloughlin
Flexera

Re: Source code matching analysis improvements

In version 6.x you can set "Source Code Options" to help you with this.  See "19 Configuring Workspaces" in the User guide.  Look for a section entitled: Source Code Options Tab (p164) in most recent user guide.

To set the sensitivity of the workspace scan of the source code scan, do the following:
1. To access the Source Code Options tab, follow the instructions in the General Tab Tasks section.
2. Select the Source Code Options tab. The Source Code Options tab opens. You can adjust the sliders to narrow the
percentages of certain code elements and characteristics you want to see in a scan. This allows you to save time by
analyzing priority compliance issues instead of every issue that might appear in a code base.

In version 7 unfortunately we don't have those options, yet.  If you are using v7 take a look at technotes (attached).

It documents, among other settings and features, how to change the snippet level matching.  See the section entitled “Source Code Fingerprint (SCF) Minimum Match Count.”

0 Kudos
sewechad
Occasional contributor

Re: Source code matching analysis improvements

We are using FNCI_2019_R1 so not sure if this is version 6 or 7.

You should provide a definition for "snippet". How does this relate to lines of code?

The instructions in the Word document gives SQL commands "UPDATE PSE_SCAN_SETTINGS_SCF SET MIN_MATCHES_ = 7;" to modify this setting. This is a highly unusual recommendation to make configuration changes to commercial off-the-shelf product via a SQL command. This setting should have a corresponding administrator page to modify the configuration. 

0 Kudos