Summary The ndtrack component of the FlexNet inventory agent may result in high amounts of CPU resources being consumed, especially if no other processes require CPU resources at the same time. Synopsis When the FlexNet Inventory Agent ndtrack component is running to gather inventory, it is normally run with a "low" process priority while otherwise proceeding with its work as quickly as possible. If no other processes are competing for CPU resources at the same time, this may result in high CPU usage by the ndtrack process. This is a feature of the agent by design. Running with a "low" process priority allows the operating system to optimally manage resources according to need. If no other processes running with a higher priority need CPU resources then the ndtrack process will typically be given as much CPU resource as it can consume. Discussion The inventory component's LowProfile preference setting determines the CPU priority the ndtrack process runs with. When set to True (the default), the process runs with low priority. For UNIX-like systems, this sets the "niceness" level of the process to 10. On recent Windows platforms, it uses background processing mode (PROCESS_MODE_BACKGROUND_BEGIN). On legacy Windows platforms where this is not supported (such as Windows XP and earlier), it uses a priority of idle (IDLE_PRIORITY_CLASS). When the LowProfile preference is set to False, the processes runs with normal priority (the same priority as most other typical processes). This is likely to result in the ndtrack being given more CPU resources when other processes are also competing for CPU. It will have negligible effect in a situation where other processes are not competing for CPU resources. The ndtrack process is not multi-threaded, so will generally only use a single CPU thread. It is possible that other processes invoked by the ndtrack process may be multi-threaded. Configuring the LowProfile preference setting Set the LowProfile preference to the non-default value of False to cause the agent to potentially use more CPU and complete its work faster. This can be done on managed devices as you would set other general inventory agent preference values. For example: On Windows: Set the registry entry HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ManageSoft Corp\ManageSoft\Tracker\CurrentVersion\LowProfile to the value False This might be done at agent installation time using settings such as the following in the mgssetup.ini configuration file: [Tracker] desc0 = LowProfile val0 = False See the following documentation page for more information: Agent third-party deployment: Edit the Configuration File for Microsoft Windows. On UNIX-like operating systems: Configure the following setting by running mgsconfig  as described on the documentation page  Agent third-party deployment: Updating config.ini on a UNIX Device: [ManageSoft\Tracker\CurrentVersion] LowProfile=False​ Impact of file evidence scanning settings on CPU usage Gathering large amounts of file details is one common cause of high CPU usage during inventory gathering. This may be particularly evident if you are gathering file details on a computer running a UNIX-like operating system with a large filesystem. Settings to control which directories file details are gathered from can be configured in the Discovery & Inventory > Settings > File evidence section in the Web UI: See also Gathering FlexNet inventory guide: LowProfile (inventory component) ... View more

This article aims to provide some guidance on how to gather the relevant information required by our Technical Support teams to provide a timely response to any issues encountered while using FlexNet Code Insight. When contacting our Technical Support team with a new FlexNet Code Insight issue, please include the logs from the following locations: <Install Directory>\tomcat\logs\ <Install Directory>\logs\ Please also include screenshots of the issue where appropriate and details of any operations that had been performed prior to the error occurring such as upgrades or scans. FlexNet Code Insight 6.X Detector Client Issues: If you encounter an issue when using the Detector Client on the FlexNet Code Insight 6.X products, please also include the Detector Logs from the local machine that is running the Detector Client. The logs are available from the following location: C:\Users\<USERNAME>\.palamida\config\detector\logs\ ScriptRunner Issues: If you encounter an error during the use of scriptRunner, please attach a copy of the script that you are attempting to use to the case.  If the error you receive states there is an issue with the JWT token you have provided, please use the following instructions to clear the cached JWT tokens before retrying the script: Shut down tomcat Navigate to C:\Users\Username\.palamida\scriptrunner\ Delete the file named scriptrunner.properties Restart tomcat and retry the script For more information on scripting you can also look at our Scripting - Getting Started article which provide additional information on scriptRunner. SCM Connections: If you encounter an issue with any of the SCM connections available in FlexNet Code Insight 6.X, please clearly identify which SCM connection you have attempted to use as well as the version details for the SCM Client that is running on your FlexNet Code Insight server. FlexNet Code Insight 7.X Plugins: If you encounter an issue with any of the Plugins available to FlexNet Code Insight 7.X, please clearly identify which plugin you have attempted to use, including the version, as well as the version details for any client that is running on your FlexNet Code Insight server. ... View more

Symptoms: The following error may be encountered during an installation of FlexNet Code Insight: Preparing to install  Extracting the JRE from the installer archive...  Unpacking the JRE...  Extracting the installation resources from the installer archive...  Configuring the installer for this system's environment...  Launching installer...  JRE libraries are missing or not compatible....  Exiting.... Diagnosis: This issue is typically caused by insufficient privileges on the 'tmp' directory Solution: To correct this issue, cutomers will need to create a new "temp" directory in a location where you do have the proper permissions (for example, /opt/fnci/tmp), and then set an environment variable called "IATEMPDIR".  Example: mkdir /opt/fnci/tmp export IATEMPDIR=/opt/fnci/tmp You should now be able to successfully launch the installer without encountering the "JRE libraries are missing or not compatible" error. ... View more

Symptoms: An issue has been identified when using the 'httpclient.proxy-autodetect=false' setting to force the system to use the HTTP proxy settings in core.proxy.server.properties and using a proxy server which authenticates via LDAP. When an electronic update is scheduled, the update fails with the following shown in core.update.log: 2019-01-11 11:38:57 ERROR   [http-bio-8888-exec-8]   [UpdateServiceImpl]   java.net.UnknownHostException: updates.palamida.com 2019-01-11 11:38:57 ERROR   [http-bio-8888-exec-8]   [UpdateServiceImpl]   Error checking for updates com.palamida.appsec.BusinessException: Error download from HTTPS: updates.palamida.com at com.palamida.appsec.service.impl.UpdateServiceImpl.downloadHTTPS(UpdateServiceImpl.java:1449) at com.palamida.appsec.service.impl.UpdateServiceImpl.downloadFromUpdatesHTTPS(UpdateServiceImpl.java:1386) at com.palamida.appsec.service.impl.UpdateServiceImpl.isManifestFileAvailable(UpdateServiceImpl.java:1216) at com.palamida.appsec.service.impl.UpdateServiceImpl$$FastClassBySpringCGLIB$$33823c93.invoke(<generated>) at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) Diagnosis: By default Oracle Java disables Basic authentication when proxying HTTPS as follows: (jdk.http.auth.tunneling.disabledSchemes = "Basic") Solution: Customers wishing to setup HTTPS proxy authentication can enable "Basic" authentication by removing the Basic from following property in the CATALINA_OPTS variable of the catalina.* file located at <Install Dir>/tomcat/bin/catalina.* jdk.http.auth.tunneling.disabledSchemes = "" For further information on this property please see: https://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html ... View more

Summary This article discusses how to configure TFS for use with HTTPS in FlexNet Code Insight Synopsis Steps to resolve the issue TFS HTTPS(sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException) 1.Get TFS server certificate(HTTPS) and file look like <"XYZ.cer">. i.Go to server machine where tfs server is installed. ii.Go to IE browser settings: Select Internet option==> Got content tab. iii.Click on certificate ==> trusted root certificate autority ==> export the certificate with <hostname>. 2.Import <"XYZ.cer"> certificate to "\jre1.8.0\lib\security"(where CodeInsight application is installed) by using below command. keytool -keystore cacerts -importcert -file <"XYZ.cer"> -alias tfs Note: After executing above command, give the password and Accept the trusted certificate by giving yes value. 3.Download and extract TFS client(add to Path environment variable). 4.Enable the tfs option,in "scm.properties" file. 5.Start the tomcat server with new command line session. Below are the scenario covered. 1. Verified the option of "TFS Update To" .i.e "Latest Changeset","Specific Changeset" and "Label" ==> Working as expected. 2. Verified below URL format for TFS 2015(http and https): http://<server>:<port>/<tfsroot>/<collection>/<project> http://<server>/<tfsroot>/<collection>/<project> https://<server>:<port>/<tfsroot>/<collection>/<project> https://<server>/<tfsroot>/<collection>/<project> 3. Verified below URL format for TFS 2017(http and https): http://<server>/<collection>/<project> https://<server>/<collection>/<project> 4. Verified below URL format for TFS 2012 update1(http): http://<server>/<tfsroot>/<collection>/<project> Covered below SCM: Perforce HTTP , Git , SVN HTTP ... View more

Summary This article documents the accessibility of Secunia research through FlexNet Code Insight following the closure of the Secunia Community site in February 2019 Synopsis The Secunia Community site will become inaccessible at the end of February. A future release of Code Insight will incorporate the following changes to ensure access to Secunia data: Deliver additional Secunia Advisory properties (currently visible on the Secunia Community site) to Code Insight through the Electronic Update service. Provide a new Get Vulnerability Details REST API to obtain the additional Secunia Advisory data. Develop a new "vulnerability details" interface to display additional Secunia Advisory data. Meanwhile, if you want to temporarily disable Secunia Advisories from Code Insight, refer to the instructions below for your version of the product. Code Insight 6.13.0 (or later) Follow the steps below to disable Secunia Advisories from Code Insight v6 (JIRA: SCA-8639) Update the following properties in /FNCI_ROOT/config/core/core.properties : disable.secunia=true (value is false by default) enable.forceupdate=true (value is false by default) Restart Code Insight Force an electronic update Log in as an Administrator Navigate to Administration >> Updates Manually trigger an Electronic Update Code Insight 2019 R1 (or later) Follow the steps below to disable Secunia Advisories from Code Insight v7 (JIRA: SCA-12114) Execute the following database SQL insert statement using a database client of your choice: INSERT INTO PAS_GLOBAL_PROPERTIES (SERVER_ID_, KEY_, VALUE_, ENCRYPTED_) VALUES (0, 'disable.secunia', 'true', 0); Restart Code Insight Force an electronic update Log in as an Administrator Navigate to Administration >> Electronic Update Check the Force Full Electronic Update option Click the Schedule Update button ... View more

Summary Palamida Analyzer - Quick Assessment and Group Builder fail Due to certificate issues. This issue has been identified as a bug under reference SCA-14890. This article contains a workaround to allow the reports to be generated Symptoms A bug has been identified in the Analyzer - Quick Assessment and Analyzer - Group Builder reports due to a certification issue. The following error can be observed in the catalina.out log file under <Install Dir>/tomcat/logs/: 2019-02-06 23:46:15,741 ERROR [http-apr-8888-exec-8] [AnalyzerTask] Error running Palamida Analyzer: class javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed at com.palamida.sdk.impl.PalamidaService.get(Unknown Source) at com.palamida.sdk.impl.PalamidaService.get(Unknown Source) at com.palamida.repoanalyzer.impl.DataServiceSource.testConnection(DataServiceSource.groovy:159) at com.palamida.repoanalyzer.WorkspaceProcessor.process(WorkspaceProcessor.groovy:201) at com.palamida.repoanalyzer.ReportTask.process(ReportTask.groovy:176) at palamida_analyzer_task.run(palamida_analyzer_task.groovy:75) Resolution A bug for this issue has been reported under reference SCA-14890. The following workaround has been made available to allow the reports to be used: - Rename analyzer.properties.example to analyzer.properties - Add following property in analyzer.properties- dataServicesUrl = https://api.palamida.io - Restart FNCI - Now the group builder and quick assessment reports from analyzer are working fine ... View more

Summary This article documents the Oracle License Optimization Report noted in FNMS-26234 Symptoms Enhancement FNMS-26234 discusses new Oracle License Optimization Reports. The scripts to create these reports are attached to this article. Resolution Only one script should be used in each environment, please select the script appropriate to your environment from the options below: - OracleOptimizationReport.sql - This script should be applied to multi tenant environments - OracleOptimizationReportSingleTenant.sql - This script should be used in single tenant environments ... View more

Summary This article provides steps to investigate an issue where the OS freezes during scanning Symptoms The following problems occurred at customer 's environment. OS freezes during scan execution. Resolution Customer confirmed the issue no longer appears. No further access to the database to test resolution. ... View more