On Saturday, October 19th, we identified an issue where FlexNet Code Insight scans began to fail. However, a subsequent re-scan of the same project completed without errors.
Upon further analysis, we identified the root cause for the failure to be an issue with the National Vulnerability Database (NVD) security vulnerability update that is performed prior to each scan.This failure occurs during the first update after restarting the FlexNet Code Insight server (Tomcat).
This issue impacts both v6 and v7 versions of the product since they share the same automated discovery engine.
Prior to each scan, FlexNet Code Insight calls out to the National Vulnerability Database (NVD) to check if there is a new security vulnerability data feed available. If the data feed is available, it is downloaded and processed to update the FlexNet Code Insight database with the latest security vulnerability information.
Recently, the NVD deprecated the format of its manifest file which we check for update versions. This caused our update check to fail. The consequence of this failed check is that the subsequent scan is also aborted, leading to the failed scan issue.
This issue only occurs during the first scan following an FlexNet Code Insight server (Tomcat) startup and will not occur again until the FlexNet Code Insight server (Tomcat) is restarted.
If you experience a failed scan, please schedule another scan for the same project. The subsequent scan will succeed. This error may occur every time the FlexNet Code Insight server is restarted, so repeat this step following the failed scan after every restart.
Version Fix Target
A version fix target is not available at this time. Please subscribe to this knowledge base article to be notified when this knowledge base article is updated with a version fix target.
Multiple potential fixes are currently being assessed.