Application onboarding with Fast Scan - validate the Fast Scan

Introduction

When the Fast Scan is complete (see Application onboarding with Fast Scan - onboard your application source code for more information about starting this process), the results are displayed automatically in the Application - Overview with Fast Scan page:

In addition, the Application is marked as Discovered in the AIP Console - Application Management page:

Checks

You should first check each of the following sections:

Zip Content/Folder Content

The Zip Content/Folder Content section provides details of the source code that has been uploaded (either via a ZIP file or via the source folder location) with the means to filter (i.e. exclude) certain files and folders.

Check all source code is present

  • In Console ≥ 2.10, all files are displayed regardless of whether they can be analyzed or not. Files that cannot be analyzed (i.e. image files) will not be sent for analysis, even though they are displayed.
  • In older releases, Console will automatically filter files that are not source code (i.e. image files), therefore these files are never displayed and are never analyzed.

You should check that all source code that you provided is displayed in the left hand panel. Select the root folder in the left hand panel - the centre and right hand sections will update to show you the files that have been automatically selected for deep analysis:

Click to enlarge:

You can click specific folders in the left hand panel to check their contents:

Or you can click a specific file type in the centre panel:

If certain files or folders are not present and you would expect them to be present, you can run a new scan by clicking the New Scan button - doing so will allow you to upload a new ZIP file, or choose a new source folder location. The Fast Scan process will be actioned again on the new source code:

Exclude files and folders

If there are files that should not be analyzed, you can exclude them manually. There are various ways to do this:

Exclude folders using the left hand panel

Click the highlighted icon - it will change colour to red and the center and right hand panel will update to show the excluded files:

Exclude individual files using the right hand panel

Browse through the folder tree in the left hand panel and then untick the files you want to exclude in the right hand panel:

Excluded folders/files based on regular expressions

See Zip Content/Folder Content in Application - Overview with Fast Scan for more information about how to use this option.

Click the File Filter option:

Enter your regular expression to filter the content:

After setting exclusions, CAST highly recommends using the Update Data option so that the details in the Application - Overview with Fast Scan page are updated based on the existing source code and the new exclusions:

Check project exclusion rules

Check that the project exclusion rules are set as required - if in doubt leave them in their default positions:

After changing rules, CAST highly recommends using the Update Data option so that the details in the Application - Overview with Fast Scan page are updated based on the existing source code and the new rule positions:

Other sections

You should now check the following sections:

Software Composition

See Software Composition in Application - Overview with Fast Scan:

If a red shield is displayed in the Will Be Analyzed column as shown above, this indicates that the relevant technology will not be analyzed correctly by CAST because there is currently no official or User Community extension available to handle it. If this is the case then you should expect your analysis results to be impacted. You may wish to consider excluding the technology/files.

Architecture Preview

See Architecture Preview in Application - Overview with Fast Scan:

The section's primary aim is to help check the completeness of the source code that has been delivered. Use the icon indicated with the red arrow to enlarge the preview.

Identified Frameworks

See Identified Frameworks in Application - Overview with Fast Scan:

If a red shield is displayed against a framework as shown above, this indicates that the relevant framework will not be analyzed correctly by CAST because there is currently no official or User Community extension available to handle it. If this is the case then you should expect your analysis results to be impacted. You may wish to consider excluding the associated technology/files.

Check code readiness

Information about the readiness of the delivered source code for analysis is provided based on the initial fast scan. If no "issues" are found then the "all clear" is given:

If issues are found, then a warning is given with an explanation, for example in the screenshot below Console is warning that the delivered source code has links from Hibernate/JPA/Spring Data to SQL, however, no SQL source has been delivered. In this situation, a warning does not mean that the analysis cannot proceed, however, coherent results may not be produced.

If you know that source code is missing, CAST highly recommends that you upload new source code / add the correct source code to the source code location and then run a new Fast Scan on this new source code using the New Scan button:

What next?

The next step is described in Application onboarding with Fast Scan - check and configure extensions.