Dec 08, 2020
04:14 AM
Below is the bug reported by customer where PDL component "jodaorg-joda-time" (id: 276750) has invalid license specified under Research tab.
Expected fix version: PDL-2020-06-R2
Steps to reproduce the issue:
Please follow below steps to check the license listed for component id: 276750
1.Login to FNCI V6 UI as an Admin
2.Navigate to 'Research' tab
3.Go to 'Important Only' search tab and search for 'jodaorg-joda-time'
4.From the search result expand component name 'jodaorg-joda-time' and check the licenses listed.
Component has 2 licenses listed, "Apache 2.0" and "OSI Approved".
And "OSI Approved" is not a valid license
Screenshot attached for reference.
‘If you believe you have encountered this issue, please raise a new case with our Technical Support team quoting the URL of this article and case number 02142929’
Please note this bug has been fixed as apart of PDL-2020-06-R2 release version.
... View more
Sep 24, 2020
02:45 AM
1 Kudo
Below is the way how you can check for newly detected vulnerabilities for already registered inventories in FNCI V7 instance.
Project owner can also receive an email from FNCI if any inventory item for any of the project have new security vulnerability detected during electronic update process by doing following settings. 1.Navigate to project summary page 2.Click on Manage Project 3.Click on Edit Project 4.Go to 'Review and Remediation Settings' tab 5.Click on 'Automatically create a manual review task' option under 'Manual Review Options' and do rest of the required settings based on your requirements. 6.Click on 'Automatically create a remediation task and external work item' option under 'Remediation Options' and do rest of the required settings based on your requirements. Then save the changes.
After making above changes project owner will get notified if any inventory item for any of the project have new security vulnerability detected during electronic update process
... View more
Sep 02, 2020
02:44 AM
Solid state drives (SSDs) are faster than conventional hard disk drives (HDDs) and they are also more reliable and use less power. A standard SSD can read sequential data at a speed of about 550 megabytes per second (MBps) and write it at 520 MBps. In contrast, a fast HDD may carry out sequential reads and writes at just 125MBps.
A USB2 gives 200 iops and USB3 gives 750 iops
We recommend a standard USB3 connection for a compliance library as a USB3 connection is always better and will provide faster scan speeds.
Hence USB3 and SSD is the optimal solution for a compliance library as they are capable to provide better scan speed while lots of reads and writes happens with more number of DB transactions.
... View more
Aug 19, 2020
12:13 AM
To know the supported tomcat version in FNCI V6 instance, please navigate to <Installed dir>\tomcat\lib\ folder. Search for 'tomcat-api.jar (Executable Jar file)' inside lib folder. Extract the jar file and open it. Then open META-INF file and inside that you will be able to see 'MANIFEST.MF' file. Open the MANIFEST.MF' file and you will be able to see the details for supported tomcat version.
Please note to extract the Jar file (tomcat-api.jar) to a location outside of FlexNet Code Insight while leaving the original file in place while checking for the tomcat version so that nothing happens to the original file.
... View more
Aug 18, 2020
11:58 PM
In FNCI V7, docker scanning is using a project type as inventory which means a remote scanning where Compliance Library is not included. So here is a way to scan a docker image with exact matches and fingerprint matches enabled (with Compliance Library).
The alternative way can be as below: 1. Export the docker image into an archive file.
2. Then create a standard project in the FNCI
3. And now upload this archive file by selecting 'Uploaded file and all contained archives' and then scan the project by selecting comprehensive scan profile (with Compliance Library attached).
This approach will allow you to scan a docker image with Compliance Library included.
... View more
Jul 30, 2020
04:39 AM
Below is the bug reported by customer where Audit Notes are disappearing on some inventory items.
Affected version: 2020 R1 Expected fix version: 2020 R3, 2020 R4
Audit Notes are disappearing on some inventory items after publishing.
Steps to reproduce: 1. Login to FlexNet Code Insight 2020 R1 2. Use an empty project with no codebase files and no inventory items. 3. Navigate to Analysis Workbench page and create and save an inventory item without audit notes attached. 4. Now include Audit Notes and save them. 5. Without publishing, close the inventory item and go to the Project Inventory page. > At this point audit note is getting saved in database under 'AUDITOR_REVIEW_NOTES_' column which can be checked with the following database query: > " SELECT * FROM pse_inventory_groups WHERE PROJECT_ID_ = “project id ”; " 6. Now go back to Inventory Details page in Analysis Workbench and open the inventory Item created and saved before. Click on the publish button without having clicked on “Notes” tab. 7. At this point the audit note is missing from the database under 'AUDITOR_REVIEW_NOTES_' column. > " SELECT * FROM pse_inventory_groups WHERE PROJECT_ID_ = “project id”; " 8. Close the inventory item and then navigate to the Project Inventory. 9. Click on the inventory item, and notes are not there.
Expected Result: Audit note should get saved after publishing Actual Result: Audit note is missing from notes tab after publishing.
The root cause for this is that the notes are overwritten when the Publish button is clicked without the Notes page being opened. As the notes page has not been opened the original notes are not loaded. This results in an empty field being used when writing to the database.
Please note this bug has been fixed as apart of 2020 R3 release.
... View more
Jun 18, 2020
04:53 AM
Below is the enhancement request raised by customer where customer need an option to sort inventory items by #File column in Analysis workbench page
Expected fix version: 2020 R3
As of now we do not have a way to sort inventory items by ‘#File’ column. We only have option to sort by ‘Name’ column in Analysis workbench page.
Hence customer has requested for an option to sort inventory items by ‘#File’ column as well in Analysis workbench page.
Please refer to the screen shot attached (inventory_list.png).
Steps to Reproduce:
Scan any project with a codebase
Navigate to AWB(Analysis workbench page)
Observe Inventory list on the right-hand side as shown in the attached screen shot
Actual Result: There is no way to sort inventories based on the number of files
Expected Result: User should be able to sort the inventories by # of files in ascending or descending order
‘If you believe you have encountered this, please raise a new case with our Technical Support team quoting the URL of this article and case number 02002184.
... View more
Labels:
Jun 04, 2020
12:59 AM
Below is the bug reported by customer where the PDL component "gnu-gcc" (id: 705368) has several invalid versions specified under Research tab.
Affected version: 6.13.2
Fix version: PDL-2020-05-R2
Please follow below steps to check the version listed for component id: 705368
1.Login to FNCI V6 UI as an Admin
2.Navigate to 'Research' tab
3.Go to 'Important Only' search tab and search for 'gnu-gcc'
4.From the search result expand component name 'gnu-gcc' and check the version listed.
From the listed version name, Invalid versions are all 77.* versions (e.g. 77.2.95, 77.3, 77.3.0.1)
Screenshot attached for reference.
Actual Result: Correct version should get displayed
Expected Result: Invalid version are getting displayed.
Above bug has been fixed as apart of PDL-2020-05-R2 release version.
... View more
Jun 04, 2020
12:52 AM
If FNCI is already running as a service in your instance and you are installing another instance in a different drive you may get below error in catalina.out file.
“apache.catalina.core.StandardServer.await StandardServer.await: create[localhost:8005]: java.net.BindException: Address already in use: JVM_Bindat java.net.DualStackPlainSocketImpl.bind0(Native Method)at java.net.DualStackPlainSocketImpl.socketBind(Unknown Source)”
As FNCI was already running as a service before and the port has already been allocated. So we have to change the port in server.xml file as more privilege is given to service always.
Do the following changes in ‘<Install Directory>/tomcat/conf/Server.xml’ folder.
1.Navigate to line no 22: Replace the <Server port="8082" shutdown="SHUTDOWN"> with <Server port="8005" shutdown="SHUTDOWN">
Navigate to line no 69: Replace the <Connector port="8888" protocol="HTTP/1.1 with <Connector port="9999" protocol="HTTP/1.1"
Navigate to line no 96: Replace <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> with <Connector port="8084" protocol="AJP/1.3" redirectPort="8443" />
If issue still persists
Navigate to line no 71: change redirectPort="8443" to redirectPort="443"
Then restart the tomcat and change the port as 9999 while hitting FNCI V7 URL .
... View more
Labels:
May 06, 2020
04:27 AM
1 Kudo
Below is the bug reported by customer where license name is getting changed after clicking on save button on policy details screen.
Affected version: 2020 R1
Expected fix version: 2020 R3
license name is showing different for a already registered license
Steps to reproduce:
Login to FNCI as an Admin and click on open menu icon
Go to policy tab and click on Add policy
Enter a name under general section
Select 'BSD 2-clause "Simplified" or "FreeBSD" License' from the dropdown in add license section.
Click on add license
Click on Save button
Post saving you will notice license name has changed to 'BSD 2-clause "Simplified" License from 'BSD 2-clause "Simplified" or "FreeBSD" License'
Actual Result: Same license name should display after saving.
Expected Result: License name is changing post saving to 'BSD 2-clause "Simplified" License post saving.
Please refer to the attached screen shot .
‘If you believe you have encountered this issue, please raise a new case with our Technical Support team quoting the URL of this article and case number 02080893 .
... View more
Labels:
Mar 19, 2020
01:35 AM
Below is the bug reported by customer where rescan does not appear to work as expected.
Affected version: 6.13.3
Expected fix version: 6.14.1
Rescanning the reviewed file is not changing the status as unreviewed.
Steps to reproduce the issue:
1.upload a codebase (I have used e-Portal-1.3) on workspace.
2.Schedule a scan
3.Launch the detector client for that workspace
4.Mark the files as reviewed and close the detector.
5.Modify the files
6.Rescan the codebase again and check for file status which are marked as reviewed before.
Expected behavior: File status has to change to unreviewed
Current behavior: File status is not changing to unreviewed
‘If you believe you have encountered this issue, please raise a new case with our Technical Support team quoting the URL of this article and case number 01960469 ’
... View more
- Tags:
- Code Insight v6
Feb 14, 2020
12:18 AM
There are multiple criteria based on which scan speed depends, some of which are detailed below: 1. For Standalone instances (Core server, Scan server and database in one machine) recommended memory should be 64 GB.
2. For Double instances (Core server, Scan Server/Compliance Library on one machine and Database in a different machine) recommended memory should be 32GB per machine. 3. If you are using Mysql database, check the mysql.cnf file (In Linux) and my.ini file (In Windows) setting located in C:\ProgramData\MySQL\<MySQL Server version> to ensure the required settings are correctly defined.
- Please check for "Required MySQL Database Settings" guide in “FlexNet Code Insight 2019 R4 Installation and Configuration Guide” for mysql.cnf and my.ini file configuration.
4. If you are using SQL server database, Ensure the Maintenance job is running to completion on a regular basis. 5. Scans may take more time based on type of scanning you have selected (Basic or standard scan profiles)
6. Scan may take more time if the “Is Dependencies enabled” feature is enabled.
7. If you are using proxy or reverse proxy server, and communication is slow, scans may take more time.
8. Scan speed also depends on Codebase composition. (If you are using archival/zip, JavaScript or .dll files, scans may take more time)
... View more
- Tags:
- Code Insight v7
Jan 30, 2020
12:35 AM
Once you get a request where customer has asked for a new hard drive with the latest compliance library on it, Below are the steps where we can guide the customer to download the compliance library installer from the PLC.
1.Login to Product and license center 2.Go to "download" section 3.Click on "search download" 4.Now search with key word "compliance library" and download the required file.
• For Windows, FlexNetCodeInsightComplianceLibrary-version.exe • For Linux, FlexNetCodeInsightComplianceLibrary-version.bin
5.Once you completed downloading ComplianceLibraryInstaller, Navigate to the directory where you have downloaded the installer. 6.Launch the installer(Double click). 7.Follow the prompts to install the CL. 8. When the installation is complete, navigate to the Scan Servers tab on the Administration page to configure the CL for use by future scans.
You can also refer to the logs for debugging if necessary.
To check the logs navigate to the installation directory, in the 'log' folder and will have a name similar to 'FlexNet_Code_Insight_Compliance_Library_Install_05_22_2019_03_26_31.log'.
... View more
Latest posts by mkhamari
Subject | Views | Posted |
---|---|---|
430 | Dec 08, 2020 04:14 AM | |
256 | Sep 24, 2020 02:45 AM | |
227 | Sep 02, 2020 02:44 AM | |
229 | Aug 19, 2020 12:13 AM | |
249 | Aug 18, 2020 11:58 PM | |
198 | Jul 30, 2020 04:39 AM | |
269 | Jun 18, 2020 04:53 AM | |
147 | Jun 04, 2020 12:59 AM | |
201 | Jun 04, 2020 12:52 AM | |
355 | May 06, 2020 04:27 AM |
Activity Feed
- Posted PDL component "jodaorg-joda-time" (id: 276750) has invalid license specified on Code Insight Knowledge Base. Dec 08, 2020 04:14 AM
- Posted How to check for newly detected vulnerabilities for already registered inventories. on Code Insight Knowledge Base. Sep 24, 2020 02:45 AM
- Posted Recommenced number of input/output operations per second (IOPS) for the compliance library SSD. on Code Insight Knowledge Base. Sep 02, 2020 02:44 AM
- Posted How to check supported tomcat version for FNCI V6 instance on Code Insight Knowledge Base. Aug 19, 2020 12:13 AM
- Posted How to scan a docker image with Compliance Library included in FNCI V7 on Code Insight Knowledge Base. Aug 18, 2020 11:58 PM
- Posted Audit notes are getting disappear on Code Insight Knowledge Base. Jul 30, 2020 04:39 AM
- Posted Option to sort inventory items by the '#Files' column on Code Insight Knowledge Base. Jun 18, 2020 04:53 AM
- Posted PDL component "gnu-gcc" (id: 705368) has several invalid versions specified under Research tab. on Code Insight Knowledge Base. Jun 04, 2020 12:59 AM
- Posted Kb on running multiple instance of FNCI V7 in a single system on Code Insight Knowledge Base. Jun 04, 2020 12:52 AM
- Posted Kb article on license name getting changed on Code Insight Knowledge Base. May 06, 2020 04:27 AM
- Posted rescan does not appear to work as expected on Code Insight Knowledge Base. Mar 19, 2020 01:35 AM
- Posted suitable scan environment and causes for slow scan on Code Insight Knowledge Base. Feb 14, 2020 12:18 AM
- Posted How to request an SCA hard drive on Code Insight Knowledge Base. Jan 30, 2020 12:35 AM