Below is the bug reported by customer where PDL component "jodaorg-joda-time" (id: 276750) has  invalid license specified under Research tab. Expected fix version: PDL-2020-06-R2 Steps to reproduce the issue: Please follow below steps to check the license listed for component id: 276750 1.Login to FNCI V6 UI as an Admin 2.Navigate to 'Research' tab 3.Go to 'Important Only' search tab and search for 'jodaorg-joda-time' 4.From the search result expand component name 'jodaorg-joda-time' and check the licenses listed.  Component has 2 licenses listed, "Apache 2.0"  and "OSI Approved". And "OSI Approved" is not a valid license  Screenshot attached for reference.   ‘If you believe you have encountered this issue, please raise a new case with our Technical Support team quoting the URL of this article and case number 02142929’   Please note this bug has been fixed as apart of PDL-2020-06-R2 release version. ... View more

Below is the way how you can check for newly detected vulnerabilities for already registered inventories in FNCI V7 instance. Project owner can also receive an email from FNCI if any inventory item for any of the project have new security vulnerability detected during electronic update process by doing following settings. 1.Navigate to project summary page 2.Click on Manage Project 3.Click on Edit Project 4.Go to 'Review and Remediation Settings' tab 5.Click on 'Automatically create a manual review task' option under 'Manual Review Options' and do rest of the required settings based on your requirements. 6.Click on 'Automatically create a remediation task and external work item' option under 'Remediation Options' and do rest of the required settings based on your requirements. Then save the changes.   After making above changes project owner will get notified if any inventory item for any of the project have new security vulnerability detected during electronic update process ... View more

Solid state drives (SSDs) are faster than conventional hard disk drives (HDDs) and they are also more reliable and use less power. A standard SSD can read sequential data at a speed of about 550 megabytes per second (MBps) and write it at 520 MBps. In contrast, a fast HDD may carry out sequential reads and writes at just 125MBps. A USB2 gives 200 iops and USB3 gives 750 iops We recommend a standard USB3 connection for a compliance library as a USB3 connection is always better and will provide faster scan speeds.   Hence USB3 and SSD is the optimal solution for a compliance library as they are capable to provide better scan speed while lots of reads and writes happens with more number of DB transactions. ... View more

To know the supported tomcat version in FNCI V6 instance, please navigate to <Installed dir>\tomcat\lib\ folder. Search for 'tomcat-api.jar (Executable Jar file)' inside lib folder. Extract the jar file and open it. Then open META-INF file and inside that you will be able to see 'MANIFEST.MF' file. Open the MANIFEST.MF' file and you will be able to see the details for supported tomcat version.   Please note to extract the Jar file (tomcat-api.jar) to a location outside of FlexNet Code Insight while leaving the original file in place while checking for the tomcat version so that nothing happens to the original file. ... View more

In FNCI V7, docker scanning is using a project type as inventory which means a remote scanning where Compliance Library is not included. So here is a way to scan a docker image with exact matches and fingerprint matches enabled (with Compliance Library).   The alternative way can be as below: 1. Export the docker image into an archive file. 2. Then create a standard project in the FNCI 3. And now upload this archive file by selecting 'Uploaded file and all contained archives' and then scan the project by selecting comprehensive scan     profile (with Compliance Library attached). This approach will allow you to scan a docker image with Compliance Library included. ... View more

Below is the bug reported by customer where Audit Notes are disappearing on some inventory items. Affected version: 2020 R1 Expected fix version: 2020 R3, 2020 R4 Audit Notes are disappearing on some inventory items after publishing. Steps to reproduce: 1. Login to FlexNet Code Insight 2020 R1 2. Use an empty project with no codebase files and no inventory items. 3. Navigate to Analysis Workbench page and create and save an inventory item without audit notes attached. 4. Now include Audit Notes and save them. 5. Without publishing, close the inventory item and go to the Project Inventory page. > At this point audit note is getting saved in database under 'AUDITOR_REVIEW_NOTES_' column which can be checked with the following database query: > " SELECT * FROM pse_inventory_groups WHERE PROJECT_ID_ = “project id ”; " 6. Now go back to Inventory Details page in Analysis Workbench and open the inventory Item created and saved before. Click on the publish button without having clicked on “Notes” tab. 7. At this point the audit note is missing from the database under 'AUDITOR_REVIEW_NOTES_' column. > " SELECT * FROM pse_inventory_groups WHERE PROJECT_ID_ = “project id”; " 8. Close the inventory item and then navigate to the Project Inventory. 9. Click on the inventory item, and notes are not there. Expected Result: Audit note should get saved after publishing Actual Result: Audit note is missing from notes tab after publishing. The root cause for this is that the notes are overwritten when the Publish button is clicked without the Notes page being opened. As the notes page has not been opened the original notes are not loaded. This results in an empty field being used when writing to the database.   Please note this bug has been fixed as apart of 2020 R3 release. ... View more

Below is the enhancement request raised by customer where customer need an option to sort inventory items by #File column in Analysis workbench page Expected fix version: 2020 R3 As of now we do not have a way to sort inventory items by ‘#File’ column. We only have option to sort by ‘Name’ column in Analysis workbench page. Hence customer has requested for an option to sort inventory items by ‘#File’ column as well in Analysis workbench page. Please refer to the screen shot attached (inventory_list.png). Steps to Reproduce: Scan any project with a codebase Navigate to AWB(Analysis workbench page) Observe Inventory list on the right-hand side as shown in the attached screen shot Actual Result: There is no way to sort inventories based on the number of files Expected Result: User should be able to sort the inventories by # of files in ascending or descending order   ‘If you believe you have encountered this, please raise a new case with our Technical Support team quoting the URL of this article and case number 02002184.   ... View more

Below is the bug reported by customer where the PDL component "gnu-gcc" (id: 705368) has several invalid versions specified under Research tab. Affected version: 6.13.2 Fix version:  PDL-2020-05-R2  Please follow below steps to check the version listed for component id: 705368 1.Login to FNCI V6 UI as an Admin 2.Navigate to 'Research' tab 3.Go to 'Important Only' search tab and search for 'gnu-gcc' 4.From the search result expand component name 'gnu-gcc' and check the version listed.   From the listed version name, Invalid versions are all 77.* versions  (e.g. 77.2.95, 77.3, 77.3.0.1) Screenshot attached for reference. Actual Result: Correct version should get displayed Expected Result:  Invalid version are getting displayed.   Above bug has been fixed as apart of PDL-2020-05-R2 release version. ... View more

If FNCI is already running as a service in your instance and you are installing another instance in a different drive you may get below error in catalina.out file. “apache.catalina.core.StandardServer.await StandardServer.await: create[localhost:8005]: java.net.BindException: Address already in use: JVM_Bindat java.net.DualStackPlainSocketImpl.bind0(Native Method)at java.net.DualStackPlainSocketImpl.socketBind(Unknown Source)”   As FNCI was already running as a service before and the port has already been allocated. So we have to change the port in server.xml file as more privilege is given to service always.                               Do the following changes in ‘<Install Directory>/tomcat/conf/Server.xml’ folder.   1.Navigate to line no 22: Replace the <Server port="8082" shutdown="SHUTDOWN">  with  <Server port="8005" shutdown="SHUTDOWN"> Navigate to line no 69: Replace the <Connector port="8888" protocol="HTTP/1.1 with <Connector port="9999" protocol="HTTP/1.1" Navigate to line no 96: Replace <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> with <Connector port="8084" protocol="AJP/1.3" redirectPort="8443" /> If issue still persists Navigate to line no 71: change redirectPort="8443" to redirectPort="443"   Then restart the tomcat and change the port as 9999 while hitting FNCI V7 URL . ... View more

Below is the bug reported by customer where license name is getting changed after clicking on save button on policy details screen. Affected version: 2020 R1 Expected fix version: 2020 R3  license name is showing different for a already registered license Steps to reproduce: Login to FNCI as an Admin and click on open menu icon Go to policy tab and click on Add policy Enter a name under general section Select 'BSD 2-clause "Simplified" or "FreeBSD" License' from the dropdown in add license section. Click on add license Click on Save button Post saving you will notice license name has changed to 'BSD 2-clause "Simplified" License from  'BSD 2-clause "Simplified" or "FreeBSD" License' Actual Result: Same license name should display after saving.  Expected Result:  License name is changing post saving to 'BSD 2-clause "Simplified" License post saving. Please refer to the attached screen shot .   ‘If you believe you have encountered this issue, please raise a new case with our Technical Support team quoting the URL of this article and case number 02080893 .   ... View more

Below is the bug reported by customer where rescan does not appear to work as expected. Affected version: 6.13.3 Expected fix version: 6.14.1   Rescanning the reviewed file is not changing the status as unreviewed. Steps to reproduce the issue: 1.upload a codebase (I have used e-Portal-1.3) on workspace. 2.Schedule a scan 3.Launch the detector client for that workspace 4.Mark the files as reviewed and close the detector. 5.Modify the files 6.Rescan the codebase again and check for file status which are marked as reviewed before. Expected behavior: File status has to change to unreviewed Current behavior: File status is not changing to unreviewed   ‘If you believe you have encountered this issue, please raise a new case with our Technical Support team quoting the URL of this article and case number 01960469 ’   ... View more

There are multiple criteria based on which scan speed depends, some of which are detailed below: 1. For Standalone instances (Core server, Scan server and database in one machine) recommended memory should be 64 GB. 2. For Double instances (Core server, Scan Server/Compliance Library on one machine and Database in a different machine) recommended memory should be 32GB per machine. 3. If you are using Mysql database, check the mysql.cnf file (In Linux) and my.ini file (In Windows) setting located in C:\ProgramData\MySQL\<MySQL Server version> to ensure the required settings are correctly defined. - Please check for "Required MySQL Database Settings" guide in “FlexNet Code Insight 2019 R4 Installation and Configuration Guide” for mysql.cnf and my.ini file configuration. 4. If you are using SQL server database, Ensure the Maintenance job is running to completion on a regular basis. 5. Scans may take more time based on type of scanning you have selected (Basic or standard scan profiles) 6. Scan may take more time if the “Is Dependencies enabled” feature is enabled. 7. If you are using proxy or reverse proxy server, and communication is slow, scans may take more time. 8. Scan speed also depends on Codebase composition. (If you are using archival/zip, JavaScript or .dll files, scans may take more time) ... View more

Once you get a request where customer has asked for a new hard drive with the latest compliance library on it, Below are the steps where we can guide the customer to download the compliance library installer from the PLC. 1.Login to Product and license center 2.Go to "download" section 3.Click on "search download" 4.Now search with key word "compliance library" and download the required file. • For Windows, FlexNetCodeInsightComplianceLibrary-version.exe • For Linux, FlexNetCodeInsightComplianceLibrary-version.bin 5.Once you completed downloading ComplianceLibraryInstaller, Navigate to the directory where you have downloaded the installer. 6.Launch the installer(Double click). 7.Follow the prompts to install the CL. 8. When the installation is complete, navigate to the Scan Servers tab on the Administration page to configure the CL for use by future scans. You can also refer to the logs for debugging if necessary. To check the logs navigate to the installation directory, in the 'log' folder and will have a name similar to 'FlexNet_Code_Insight_Compliance_Library_Install_05_22_2019_03_26_31.log'. ... View more