calledplugin-container.exe

FlexNetCodeInsight2018R3Installation&ConfigurationGuideLegalInformationBookName:FlexNetCodeInsight2018R3InstallationandConfigurationGuidePartNumber:FNCI-2018R3-IG00ProductReleaseDate:October2018CopyrightNoticeCopyright2018Flexera.
ThispublicationcontainsproprietaryandconfidentialinformationandcreativeworksownedbyFlexeraanditslicensors,ifany.
Anyuse,copying,publication,distribution,display,modification,ortransmissionofsuchpublicationinwholeorinpartinanyformorbyanymeanswithoutthepriorexpresswrittenpermissionofFlexeraisstrictlyprohibited.
ExceptwhereexpresslyprovidedbyFlexerainwriting,possessionofthispublicationshallnotbeconstruedtoconferanylicenseorrightsunderanyFlexeraintellectualpropertyrights,whetherbyestoppel,implication,orotherwise.
Allcopiesofthetechnologyandrelatedinformation,ifallowedbyFlexera,mustdisplaythisnoticeofcopyrightandownershipinfull.
IntellectualPropertyForalistoftrademarksandpatentsthatareownedbyFlexera,seehttps://www.
flexera.
com/producer/company/about/intellectual-property/.
AllotherbrandandproductnamesmentionedinFlexeraproducts,productdocumentation,andmarketingmaterialsarethetrademarksandregisteredtrademarksoftheirrespectiveowners.
RestrictedRightsLegendTheSoftwareiscommercialcomputersoftware.
IftheuserorlicenseeoftheSoftwareisanagency,department,orotherentityoftheUnitedStatesGovernment,theuse,duplication,reproduction,release,modification,disclosure,ortransferoftheSoftware,oranyrelateddocumentationofanykind,includingtechnicaldataandmanuals,isrestrictedbyalicenseagreementorbythetermsofthisAgreementinaccordancewithFederalAcquisitionRegulation12.
212forcivilianpurposesandDefenseFederalAcquisitionRegulationSupplement227.
7202formilitarypurposes.
TheSoftwarewasdevelopedfullyatprivateexpense.
Allotheruseisprohibited.
FlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential3Contents1InstallingFlexNetCodeInsight9SystemRequirements9PlatformSupport.
10DatabaseSupport10MySQLRequiredComponents.
10SQLServerRequiredComponents.
11BrowserSupport11RecommendedHardware12DeploymentModels.
12ConfigurationGuidelines12RecommendedSoftware14DatabaseClient.
14PreparingtoInstallFlexNetCodeInsight.
14SettingUptheDatabase14SettingUptheMySQLDatabase14SampleProcedureforCreatinganAppropriateDatabaseSchemaandUser15MySQLDatabaseSettings.
15SettingUptheSQLServerDatabase18Phase1:InstalltheSQLServerInstance18Phase2:SetUptheSQLServerDatabase.
19NetworkandFirewallConsiderations.
20SettingtheOpenFileLimitforLinux/Unix.
20EnablingSecureHTTPOverSSL.
21EnablinganHTTPSConnection21PurchasingaSecureSiteSSLcertificate.
22CreatingaKeystoreforaPurchasedSecureSiteSSLCertificate--Example.
23GeneratingaSelf-signedCertificate23UsingaSelf-signedCertificate--Example24ConfiguringaNetworkingProxyServerConnection.
24Contents4CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideInstallingFlexNetCodeInsight25GatheringtheRequiredFiles.
25LaunchingtheInstaller.
25RunningFlexNetCodeInsightasaService.
26InaWindowsEnvironment26InaLinuxEnvironment27Starting&StoppingTomcat.
28OpeningFlexNetCodeInsight28UninstallingFlexNetCodeInsight29UninstallingonWindows.
29UninstallingonLinux30DroppingtheSQLServerDatabase.
30ContactingSupport302ConfiguringFlexNetCodeInsight31CreatingorEditingaScanServer31ManagingUsers32CreatingorEditingUsers32FindingUsers33DisablingUserAccounts.
34SettingtheElectronicUpdateFrequency.
34ConfiguringanEmailServer.
35ConfiguringLDAP36SynchronizingUserNameData36SettingUpaUserSearchFilter.
36SampleSearchQuery37ServerPaging37UserAuthentication37LDAPoverSSL37ImplementingLDAP37ConfiguringFlexNetCodeInsighttoUseSingleSign-On38PrerequisiteTasksforConfiguringCodeInsightforSSO38ConfigureHTTPSontheFlexNetCodeInsightServer38SetUpSSOUsers39ConfiguringCodeInsightforSSO.
39Step1:CopytheDirectoryThatWillContainProviderMetadata39Step2:PreparetheEnvironmentPropertiesFile39Step3:ConfiguretheSSOCommonPropertiesFile.
40Step4:CustomizetheSampleServiceProviderMetadataFile41Step5:ObtaintheIdentityProviderMetadataFile42LogInUsingSSOCredentials42ExampleOktaSetupforCodeInsightSSO.
42ContentsFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential5ManagingScanProfiles43CreatingorEditingScanProfiles43ScanProfileFields.
44AboutScanningwithouttheComplianceLibrary45CreatingExclusionPatternsforScanProfiles.
45SettingProjectDefaults47AboutFlexNetCodeInsightServerRESTAPIs503Installing&ConfiguringFlexNetCodeInsightPlugins.
51AboutPlugins51GeneratingaJWTAuthorizationToken52DownloadingPlugins.
53TheJenkinsPlugin.
53PrerequisitefortheJenkinsPlugin54SettingHeapSizefortheJenkinsPlugin54SettingUptheCodeInsightJenkinsPlugin55SupportfortheJenkinsPipeline56ProvidingthePipelineScriptfortheScanStep.
56PipelineCodeExamplesforRunningtheScan56ExampleDeclarativePipelineCodetoRuntheScan57ExampleScriptedPipelineCodetoRuntheScan57TheScanSchedulerPluginforJenkins.
58TheJFrogArtifactoryPlugin59PrerequisitesfortheArtifactoryPlugin59InstallingtheArtifactoryPlugin59ScanninganArtifactoryRepositoryUsingaCronJob60ScanninganArtifactoryRepositoryUsingRESTAPI60RequirementsWhenUsingRESTAPItoScanRepositories.
61PrerequisiteforScanningRepositories61RequiredOptionWhenUsingthe"https"Protocol61ScanningAllRepositories.
61ScanningaSpecificRepository.
61ReloadingtheArtifactoryPlugin.
62ScanResults62TheDockerImagesScanPlugin62InstallingandLaunchingtheDockerImagesPlugin62TheBambooPlugin64Installing&ConfiguringtheBambooPlugin64TheMavenPlugin.
65MoreAbouttheMavenScanPlugin.
65PrerequisitesfortheMavenScanPlugin65InstallingandConfiguringtheMavenScanPlugin66CleaningtheApplicationProject68RunningtheMavenGoalfortheCodeInsightScan.
68Contents6CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideTheGradlePlugin.
68InstallingandConfiguringtheGradlePlugin69TheApacheAntPlugin.
70ConfiguringthePlugin70ExecutingtheScan71TheVisualStudioTeamServices(VSTS)Extension.
72Prerequisite.
72InstallingtheFlexNetCodeInsightVSTSExtension72AddingaFlexNetCodeInsightScanTasktoYourAgentJob73ScanIntegrationWithBuildEnvironmentsThroughtheGenericScanPlugin74DownloadingtheGenericScanPlugin75PrerequisitesforUsingtheGenericScanPlugin75TheTeamCityPlugin75Prerequisites.
76InstallingtheGenericScanAgentonTeamCityAgentConfiguredonWindows.
76ConfiguringaBuildtoRunaCodeInsightScan76ExecutingtheBuild78TheGitLabPlugin.
78Prerequisites.
78InstallingtheGenericScanAgentonGitLabRunnerConfiguredonWindows78ConfiguringtheCI/CDPipelinetoRunaCodeInsightScan.
79ExecutingtheBuild804IntegratingwithSourceCodeManagement81WhyUseSourceCodeManagement(SCM)81ConfiguringSCM.
81Prerequisites.
82SCMCommandLineClient82RecommendedClients82SettingtheEnvironmentVariable83GitProtocolOptions83AnonymousHTTP84AuthenticatedHTTP84SSH84SSHOverHTTP86PerforceProtocolOptions86TFSProtocolandCredentialsConfiguration86HTTPSProtocolSupport86SpecialRequirementforVSTSProjectsinTFS875IntegratingwithApplicationLifecycleManagement89AboutIntegrationwithApplicationLifecycleManagement(ALM)Systems89TheJiraPlugin89PrerequisitesfortheJiraPlugin.
90ContentsFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential7ConfiguringtheJiraPlugin90AddingaJiraInstance.
90UsingCodeInsightVariables91SynchronizingWorkItems92DeletinganALMInstance93Contents8CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuide1FlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential9InstallingFlexNetCodeInsightThissectioncontainsthefollowingtopicscoveringtheinstallationandstartupofFlexNetCodeInsight:SystemRequirementsPreparingtoInstallFlexNetCodeInsightInstallingFlexNetCodeInsightRunningFlexNetCodeInsightasaServiceStarting&StoppingTomcatOpeningFlexNetCodeInsightUninstallingFlexNetCodeInsightContactingSupportSystemRequirementsBeforeinstallingFlexNetCodeInsight,ensurethatthefollowingareinstalledonyoursystem:Asupporteddatabaseinstanceanditsassociatedconnector.
SeeDatabaseSupportforadescriptionofsupporteddatabasesandconnectors.
AFlexNetCodeInsightlicensekeyfile(codeinsight.
key)OnLinuxmachines,ensurethatthenumberofopenfilehandlesismorethan50k,whichistypicallysetwiththeulimitcommand.
Formoreinformationabouttheopenfilelimit,seeSettingtheOpenFileLimitforLinux/Unix.
AnyrequirementsspecifictoyourFlexNetCodeInsightpluginandremotedatasource.
NoteTheJREisincludedintheinstallation;aseparatedownloadisnotnecessary.
OnlyJRE8issupported.
Chapter1InstallingFlexNetCodeInsightSystemRequirements10CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideThefollowingprovidesadditionalrequirements:PlatformSupportDatabaseSupportBrowserSupportRecommendedHardwareRecommendedSoftwarePlatformSupportFlexNetCodeInsightsupportsthefollowingplatforms:WindowsServer2012WindowsServer2016RHEL6.
x,7.
xCentOS6.
x,7.
xDatabaseSupportFlexNetCodeInsightrequiresthateitheraMySQLorSQLServerdatabasebeinstalled.
ThefollowinglistscomponentsrequiredtoinstallandconfigureadatabaseforusebyCodeInsight:MySQLRequiredComponentsSQLServerRequiredComponentsMySQLRequiredComponentsThefollowingdescribesthecomponentsneededtoinstallandrunMySQLastheFlexNetCodeInsightdatabase:MySQL5.
7communityedition,downloadedfromhttps://dev.
mysql.
com/downloads/mysql/5.
7.
html.
NoteCodeInsightdoesnotsupporttheDockerversionofMySQL.
(Itsupportsthenativeversiononly.
)TheJDBCdriverconnectorfile,mysql-connector-java-5.
1.
x-bin.
jar.
Youcandownloadthisfilefromhttp://dev.
mysql.
com/downloads/connector/j/5.
1.
html.
ThisconnectorisrequiredtoenableFlexNetCodeInsighttoconnecttotheMySQLdatabase.
AnenvironmentthatcansupporttherequiredsizesettingslistedinMySQLDatabaseSettings.
Chapter1InstallingFlexNetCodeInsightSystemRequirementsFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential11SQLServerRequiredComponentsThefollowingliststherequiredcomponentsneededtoinstallandrunSQLServerastheCodeInsightdatabase:SQLServer2016Sp2(recommendedversionforbestperformance).
TheJDBCdriverconnectorfile,mssql-jdbc-6.
4.
0.
jre8.
jar.
Youcandownloadthisfilefromhttps://www.
microsoft.
com/en-us/download/details.
aspxid=56615.
ThisconnectorisrequiredtoenableCodeInsighttoconnecttotheSQLServerdatabase.
Thepackagesql_server_pre_install_scripts.
zipcontainingthescriptsneededtosetuptheSQLServerdatabaseforCodeInsight.
SeeDownloadingtheScriptsNeededtoSetUptheSQLServerDatabaseforinstructionsonthedownloadprocess.
Atleastonedisk(OSornon-OS)with100GBfreespace.
DownloadingtheScriptsNeededtoSetUptheSQLServerDatabaseUsethefollowingstepstodownloadthepackagecontainingthescriptfilesneededtosetuptheSQLServerdatabaseforCodeInsight.
TaskTodownloadthepackagecontainingthescripts1.
LogintotheCustomerCommunitypageoftheFlexerawebsite:https://flexeracommunity.
force.
com/customer/2.
ClickDownloads.
3.
ClicktheAccessbuttonunderFlexNetCodeInsight.
TheProductandLicenseCenterpageappears.
4.
SelectFlexNetCodeInsightfromtheYourDownloadslist.
5.
SelecttheversionofFlexNetCodeInsightfromthelist.
TheDownloadspageappears.
6.
Downloadthesql_server_pre_install_scripts.
zipfile.
7.
Whenthedownloadfinishes,extractthefollowingfilestoalocationaccessibleforlaterexecutionusingtheSQLServerconsole,asdescribedinSettingUptheSQLServerDatabase:palamida_serversettings.
sqlpalamida_db_creation_with_maintainenceplan.
sqlAthirdscript,palamida_db_drop_with_maintainenceplan.
sql,isusedtodropthedatabaseandisnotusedaspartofthedatabasesetup.
InstructionsfordroppingthedatabasearefoundinDroppingtheSQLServerDatabase.
BrowserSupportFlexNetCodeInsightsupportsthefollowingbrowsers:Chrome(lateststableversion)InternetExplorer(lateststableversion)Firefox(lateststableversion)Chapter1InstallingFlexNetCodeInsightSystemRequirements12CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideNoteFlexNetCodeInsightnolongerallowsuppercaseormixedcasewhenenteringtheapplication'sURL.
TostartFlexNetCodeInsightinabrowser,youmustentercodeinsightinlowercase.
RecommendedHardwareTherecommendeddeploymentsandconfigurationsareexplainedinthissection:DeploymentModelsConfigurationGuidelinesDeploymentModelsTheFlexNetCodeInsightdeploymentmodelmaybeconfiguredasasingle-nodeoramulti-nodedeployment.
Eachdeploymentconsistsofthefollowingelements:Table1-1DeploymentModelsEntityDescriptionCoreServerMaininterfacetoFlexNetCodeInsight.
ScanServerContainscodebasetobescanned(requiredforlocalscansonly,notrequiredforremotescans)andtheComplianceLibrary(CL),whichisrequiredforExactandsourcecodefingerprint(SCF)matching.
DatabaseCentraldatabasecontainingalllibrarymetadatasuppliedbyelectronicupdateandallstoredscanresults.
ConfigurationGuidelinesThefollowingconfigurationsaresupported.
Chapter1InstallingFlexNetCodeInsightSystemRequirementsFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential13NoteForoptimumperformance,itishighlyrecommendedthatyouusetheSingleServerConfiguration,inwhichtheCoreServer,ScanServer,andDatabasearelocatedonthesamemachine.
Table1-2SupportedConfigurationsConfigurationCPU(Cores)MemoryDiskSpaceSingleServer:CoreServerScanServerDatabase2-CPU(eachatleast2GHZ+)with8+coresontheserver64GBServer:500GBHigh-speedDiskfortheDatabase(SSDRecommended)500GBHigh-speedDiskfortheCore/Scannertostorethecodebase1TBSSDDiskfortheComplianceLibrary(CL)Server1:Core/ScannerServer2:Database2-CPU(eachatleast2GHZ+)8+coresoneachserverServer1:32GBServer2:32GBServer1:500GBHigh-speedDiskforCore/Scannertostorethecodebase1TBSSDDiskfortheComplianceLibrary(CL)Server2:500GBHigh-speedDiskfortheDatabase(SSDRecommended)Server1:CoreServer2:ScannerServer3:Database2-CPU(eachatleast2GHZ+)8+coresoneachserverServer1:32GBServer2:32GBServer3:32GBServer1:250GBHigh-speedDiskforCoreServer2:500GBHigh-speedDiskforCore/Scannertostorethecodebase1TBSSDDiskfortheComplianceLibrary(CL)Server3:500GBHigh-speedDiskforCore/ScannertostorethecodebaseNoteAmulti-scandeploymentmodelisnotavailableinthisrelease.
Chapter1InstallingFlexNetCodeInsightPreparingtoInstallFlexNetCodeInsight14CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideRecommendedSoftwareThefollowingsoftwareisrecommendedforFlexNetCodeInsight.
DatabaseClientASQLclientorcommand-lineinterfaceisnecessarytorundatabasescripts.
ThefollowingfreeSQLclientsareavailable:HeidiSQL:http://www.
heidisql.
com/download.
phpMySQLWorkbench:http://www.
mysql.
com/products/workbench/PreparingtoInstallFlexNetCodeInsightInstallingFlexNetCodeInsightisasimple,prompt-drivenprocess,butbeforebeginningtheinstallation,youwillneedtodothefollowing:EnsurethatyouhavemettheprerequisitesinSystemRequirements.
FollowtheprocedureinSettingUptheDatabase.
PerformanyadditionalenvironmentalandcommunicationconfigurationforCodeInsight,suchasthefollowing:NetworkandFirewallConsiderationsSettingtheOpenFileLimitforLinux/UnixEnablingSecureHTTPOverSSLConfiguringaNetworkingProxyServerConnectionSettingUptheDatabaseBeforeyouinstallFlexNetCodeInsight,adatabaseadministratormustsetuptheMySQLorSQLServerdatabaseforusebyCodeInsight:SettingUptheMySQLDatabaseSettingUptheSQLServerDatabaseSettingUptheMySQLDatabaseThedatabaseadministratorneedstoperformthefollowingstepstosetuptheMySQLdatabaseforFlexNetCodeInsight.
Chapter1InstallingFlexNetCodeInsightPreparingtoInstallFlexNetCodeInsightFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential15TaskTosetuptheMySQLdatabaseforCodeInsight:1.
InstalltheMySQLinstance.
NoteInstallingtheinstanceonaserverotherthantheoneonwhichCodeInsightisinstalledmightcauseperformancedegradation.
2.
ConfigurethedatabaseinstanceasdescribedinMySQLDatabaseSettings.
3.
Createadatabaseschema(witharecommendednameofcodeinsight)andauserwhohasappropriateaccessprivilegestoaccessthedatabase.
TheproceduredescribedinSampleProcedureforCreatinganAppropriateDatabaseSchemaandUsercanbeusedtoperformthesetasks.
SampleProcedureforCreatinganAppropriateDatabaseSchemaandUserThefollowingisasampleprocedurethatthedatabaseadministratorcantocreateaCodeInsightdatabaseschemaandadatabaseuser.
TaskTocreateadatabaseschemaanduser:1.
Atthecommandline,logintoMySQLastherootuser:mysql-uroot-p2.
TypetheMySQLrootpassword,andpressEnter.
3.
Tocreateadatabaseanduser,typethefollowingcommand,replacingtheusername(fnciuser)withtheuseryouwanttocreate,andreplaceFnci%1234withtheuser'spassword:CREATEDATABASEcodeinsight;CREATEUSERfnciuserIDENTIFIEDBY'Fnci%1234';GRANTALLONcodeinsight.
*TO'fnciuser'@'%';4.
ProvidetheusernameandpasswordandthedatabaseschematothepersonwhowillinstallCodeInsight.
MySQLDatabaseSettingsFlexNetCodeInsightrequiresthefollowingMySQLdatabaseconfigurationtoensurebestperformance.
NoteThesesettingscanbeeditedonlybyrootortheDBA.
Table1-3RequiredMySQLDatabaseSettingsPropertySystemVariableRecommendedValueStorageEnginedefault-storage-engineinnodbCharacterSet/Collationcharacter-set-serverUTF-8InnoDBBufferPoolSizeinnodb_buffer_pool_size12GBInnoDBLogFileSizeinnodb_log_file_size8GBMaximumAllowedPacketsmax_allowed_packet100MBChapter1InstallingFlexNetCodeInsightPreparingtoInstallFlexNetCodeInsight16CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideNoteThefollowingsettingsmayonlybeeditbytheroot/Administratoruseronthedatabaseserver.
StorageEngineSelectInnoDBasthestorageengine.
InMySQL5.
7,InnodDBisthedefaultengine,soachangeisunlikelytobenecessary.
Toverifythecurrentstorageengine,usethefollowing:SELECT*FROMINFORMATION_SCHEMA.
ENGINES;Tochangethedefaultstorageengine,useeitherofthesenextprocedures.
LinuxAsarootuser,editthemy.
cnffile(typicallylocatedin/etc/my.
cnf)byediting(oradding)thefollowinglineinthe[mysqld]section,andthenrestartingthedatabaseserver:default-storage-engine=innodbWindowsAsanadministratoronthesystem,editthemy.
inifile(typicallylocatedinC:\ProgramData\MySQL\)byediting(oradding)thefollowinglineinthe[mysqld]sectionandrestartingthedatabaseserver:default-storage-engine=innodbCharacterSet/CollationSelectUTF-8asthecharactersetwheninstallingtheFlexNetCodeInsightMySQLdatabaseserver.
Toverifythecurrentcharactersetandcollation,usethefollowingcommands:SELECT@@character_set_database,@@collation_database;Tochangethecharacterset,useeitherofthesenextprocedures.
Chapter1InstallingFlexNetCodeInsightPreparingtoInstallFlexNetCodeInsightFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential17LinuxAsarootuser,editthemy.
cnffile(typicallylocatedin/etc/my.
cnf)byediting(oradding)thefollowinglineinthe[mysqld]sectionandrestartingthedatabaseserver.
character-set-server=utf8collation-server=utf8_general_ciWindowsAsanadministratoronthesystem,editthemy.
inifile(typicallylocatedinC:\ProgramData\MySQL\)byediting(oradding)thefollowinglineinthe[mysqld]sectionandrestartingthedatabaseserver.
character-set-server=utf8collation-server=utf8_general_ciInnoDBBufferPoolSizeSettheInnodDBbufferpoolsizetoatleast12GB.
ToverifythecurrentInnoDBbufferpoolsetting,usethefollowingcommand.
(TheresultingvalueisinGBs.
)SELECT@@innodb_buffer_pool_size/1024/1024/1024;TochangetheInnoDBbufferpoolsize,useeitherofthesenextprocedures.
LinuxAsarootuser,editthemy.
cnffile(typicallylocatedin/etc/my.
cnf)byediting(oradding)thefollowinglineinthe[mysqld]sectionandrestartingthedatabaseserver:innodb_buffer_pool_size=12GWindowsAsanadministratoronthesystem,editthemy.
inifile(typicallylocatedinC:\ProgramData\MySQL\)byediting(oradding)thefollowinglineinthe[mysqld]sectionandrestartingthedatabaseserver:[mysqld]innodb_buffer_pool_size=12GInnoDBLogFileSizeSettheInnoDBlogfilesizetoatleast8GB.
ToverifythecurrentInnoDBlogfilesize,usethefollowingcommand:showvariableslike'innodb_log_file_size%';TochangetheInnoDBlogfilesize,useeitherofthesenextprocedures.
LinuxAsarootuser,editthemy.
cnffile(typicallylocatedin/etc/my.
cnf)byediting(oradding)thefollowinglineinthe[mysqld]section:innodb_log_file_size=8GRestartthedatabaseserver.
Chapter1InstallingFlexNetCodeInsightPreparingtoInstallFlexNetCodeInsight18CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideWindowsAsanadministratoronthesystem,editthemy.
inifile(typicallylocatedinC:\ProgramData\MySQL\)byediting(oradding)thefollowinglineinthe[mysqld]section,andthenrestartthedatabaseserver:innodb_log_file_size=8GMaximumAllowedPacketsSetthemaximumpacketsizeto100MB.
Toverifythecurrentmaximumpacketsize,usethefollowingcommand:SHOWVARIABLESLIKE'max_allowed_packet';Tochangethemaximumpacketsize,useeitherofthesenextprocedures.
LinuxAstherootuser,editthemy.
cnffile(typicallylocatedin/etc/my.
cnf)byediting(oradding)thefollowinglineinthe[mysqld]sectionandrestartingthedatabaseserver:max_allowed_packet=100MWindowsAsanadministratoronthesystem,editthemy.
inifile(typicallylocatedinC:\ProgramData\MySQL\)byediting(oradding)thefollowinglineinthe[mysqld]sectionandrestartingthedatabaseserver:max_allowed_packet=100MSettingUptheSQLServerDatabaseSettinguptheSQLServerdatabaseforCodeInsightinvolvestwophases:Phase1:InstalltheSQLServerInstancePhase2:SetUptheSQLServerDatabaseTheDBAperformsthesesteps.
Phase1:InstalltheSQLServerInstanceTaskToinstalltheSQLServerinstance:1.
InstalltheSQLServerinstance,followingtheinstructionsincludedwiththeSQLServerinstaller.
Duringtheinstallation,selecttheappropriateoptionsthatdothefollowing:Setthecharacterset(orcollation)istoSQL_Latin1_General_CP1_CI_AS.
EnabletheSQLServerAgent.
Chapter1InstallingFlexNetCodeInsightPreparingtoInstallFlexNetCodeInsightFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential192.
Whentheinstallationiscomplete,startuptheSQLServerAgentusingtheinstructionsprovidedintheSQLServerdocumentation.
ThisarequiredstepforsettinguptheSQLServerdatabase,describedinthenextsection,Phase2:SetUptheSQLServerDatabase.
Phase2:SetUptheSQLServerDatabaseOnceyouhaveinstalledtheSQLServerinstanceandhavestarteduptheSQLServerAgent,usethefollowinginstructionstosetuptheSQLServerdatabaseforCodeInsight.
TaskTosetuptheSQLServerdatabaseforCodeInsight:1.
EnsurethatyouhavedownloadedandextractedtherequiredtheCodeInsightscripts,asdescribedinDownloadingtheScriptsNeededtoSetUptheSQLServerDatabase.
2.
Understandthepurposeofthescriptsbeforeexecutingthem:palamida_serversettings.
sql—ThisscriptconfiguresthedatabaseservertoenablethemaximumperformanceforCodeInsight.
Thescriptsetsthefollowingserverparameters:Costofparallelism:15(thethresholdatwhichtheoptimizerchoosesparallelprocessing)Maxdegreeofparallelism:Numberofthreadscreatedspecificallyforthisconfiguration.
Maxmemoryconfiguration:Theserver'smaximumutilization(60percent)oftotalmemory.
TF:Traceflags111,1118,2371.
Youarestronglyrecommendedtoreviewexistingconfigurationsinthisscriptandnotetheirvaluesincasearollbackisneeded.
However,donoteditthisscript.
palamida_db_creation_with_maintainenceplan.
sql—Thisscriptcreatesthedatabaseandschedulesmaintenancejobs.
Specifically,itperformsthefollowingoperations:Createsadatabasewith4datafilesand1logfile.
CreatesanewfoldercalledMSSQLDATAonanon-OSdisk.
Ifonlyonedriveexists,thedatabaseiscreatedontheOSdriveitself.
CreatesasubfolderwiththedatabasenameundertheMSSQLDATAfolder.
CreatesadailymaintenancejobtoperformanUpdateStatisticsevery6hours(nodowntimeneeded).
CreatesmaintenancejobtoperformanUpdateStatisticsandIndexReorgeverytwoweeks(nodowntimeneeded).
Thedefaultistorunat10pmperservertimezoneeverytwoweeks.
YoucaneditsomesettingsinthisscriptasdescribedinStep4.
3.
EnsurethattheSQLServerAgentisrunning.
4.
Openthepalamida_serversettings.
sqlscript,andexecuteit.
Donoteditthisscript.
5.
Openthepalamida_db_creation_with_maintainenceplan.
sqlscript,editthe@dbnamesettingifnecessary,andthenexecutethescript.
Chapter1InstallingFlexNetCodeInsightPreparingtoInstallFlexNetCodeInsight20CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideThedefaultvaluefor@dbnameisfnciv7.
Toeditthissetting,simplyoverwritethecurrentvaluewiththepreferreddatabasename.
Ifyouprovideadatabasenamethatalreadyexists,thescriptexecutionwillfail.
6.
CreateauserwhohasREADandWRITEpermissionsonthedatabase(thatis,theDBOrole).
ThisistheuserwhowillaccesstheCodeInsight(SQLServer)databasefromtheCodeInsightapplication.
NetworkandFirewallConsiderationsConfiguretheserversbyspecifyingafullyqualifieddomainname(forexample,hostname.
domain.
com)orIPaddress.
EnablethoseportnumbersusedbyFlexNetCodeInsightinallofthefirewalls.
Youmayusethedefaultportnumberslistedbeloworconfiguretheapplicationtousecustomports.
Table1-4DefaultPortNumbersUsedbyFlexNetCodeInsightPort#Details3306MySQLDatabaseServerAccessPort8888/443Tomcat(http/https)465ExternalSMTP(mail)Server389ExternalAuthenticationDirectoryServer(ActiveDirectory/LDAP)8005and8009TomcatConnectorandTomcatShutdownPorts(localaccessonly)SettingtheOpenFileLimitforLinux/UnixTheopenfilelimitisasettingthatcontrolsthemaximumnumberofopenfilesforaspecificuser.
Thedefaultopenfilelimitistypically1024,butcanbesetwiththeulimitcommandbytherootuser.
ForFlexNetCodeInsighttofunctionproperlyinaLinux/Unixenvironment,theopenfilelimitmustbesettohandlemorethan50kfiles.
ImportantThisproceduretoincreaseopenfilesizeisabsolutelyessentialforFlexNetCodeInsighttofunctionproperlyonUnix/Linuxplatforms.
Thefollowingaresomewaysthatopenfilelimitsaremanaged,dependingontheuser'sroleinthesystem:softlimit:setin/etc/security/limits.
confbyanormaluser.
hardlimit:setin/etc/security/limits.
confbyrootuser.
systemwidelimit:setin/etc/sysct1.
confbyrootuser.
Softlimitsarethecurrentlyenforcedlimits,andhardlimitsarethemaximumlimitsonthesystem.
Itisrecommendedthatyouloginastherootusersobothtypesoflimitsmaybesetaccordingly.
TaskTosetopenfilelimitsonaLinuxRedHatsystem,dothefollowing:1.
Inaterminalwindow,typeulimit-atoseealistofcurrentfilelimits.
Chapter1InstallingFlexNetCodeInsightPreparingtoInstallFlexNetCodeInsightFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential212.
Locatetheopenfiles(-n)setting:Ifthesettingislessthan50K,continuetothenextstep.
Ifthesettingismorethan50K,youdonotneedtoperformthisprocedure.
3.
Openthefile/etc/security/limits.
confandaddthefollowingentries:softnofile65536hardnofile655364.
Savethefileandloginagainforthechangestotakeeffect.
5.
Onthecommandline,typeulimit-a,andverifythattheopenfiles(-n)settingreads65536.
NoteOtherdistributions,suchasaUbuntuandCentOSmayrequireadifferentsetting.
SeeinstructionsforyourspecificLinuxdistributionandshelltype.
EnablingSecureHTTPOverSSLToimplementSSL,aSecureSiteSSLCertificatemustexistforeachCodeInsightCoreandScanserverthatacceptssecureconnections.
Refertohttp://en.
wikipedia.
org/wiki/HTTP_Secureandhttp://tomcat.
apache.
org/tomcat-8.
0-doc/ssl-howto.
htmlformoredetailsregardingHTTPS.
UsetheseinstructionsforenablinganHTTPSconnection,includinghowtoprocureacertificate:EnablinganHTTPSConnectionPurchasingaSecureSiteSSLcertificateGeneratingaSelf-signedCertificateNoteForsecurity,werecommendthatFlexNetCodeInsightalwaysbeinstalledoverSSH.
EnablinganHTTPSConnectionUsetheseinstructionstoenabletheHTTPSconnection.
TaskToenableanHTTPSconnection,dothefollowing:1.
Editthe\tomcat\bin\catalina.
bat(orcatalina.
shdependingonyouroperatingsystem):set-Dcodeinsight.
ssl=true(defaultvalueisfalse)2.
Backupthe\tomcat\conf\server.
xmlfiletoanotherdirectory(outsideofconf)andthencopytheserver.
xmlfrom\tomcat\httpsto\tomcat\conf.
Theserver.
xmlfilecontainsadefaultconfigurationthatreferencesakeystoreat\tomcat\codeinsight.
jks.
Youcreateorobtainacertificateandsaveitinakeystore.
Seestep4formoreinformation.
Chapter1InstallingFlexNetCodeInsightPreparingtoInstallFlexNetCodeInsight22CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuide3.
Searchforthetext,FNCISSL:Editthissectiontomatchyourcertificateinformation.
Thedefaultvaluesareshownbelow:4.
PurchaseaSecureSiteSSLcertificateorgenerateyourownself-signedcertificate.
Theproceduresforusingapurchasedcertificateandforgeneratingyourowndiffer.
Dependinguponyourtypeofcertificate,consultoneofthefollowingsections:PurchasingaSecureSiteSSLcertificateGeneratingaSelf-signedCertificate5.
Updatetheserver.
xmlfilewiththefollowingparameters:keystoreFile:thefilenameofthekeystorecontainingthecertificatekeystorePass:thepasswordofthekeystorekeyAlias:thealiasforthecertificateentryinthekeystorekeyPass:thepasswordforthecertificateentryNoteIfthekeystoreandaliaspasswordsarethesame,youcanspecifykeyPass,keystorePassorboth.
6.
RestarttheTomcatserveraftermakingchangestotheserver.
xmlfileortoakeystore.
Formoreinformation,seeStarting&StoppingTomcat.
PurchasingaSecureSiteSSLcertificateThefollowingaretwosourcesforpurchasingaSecureSiteSSLCertificate:http://www.
verisign.
com/ssl/buy-ssl-certificates/secure-site-ssl-certificates/index.
htmlhttps://www.
thawte.
com/ssl-digital-certificates/ssl/index.
htmlFollowyourvendor'sinstructionsforgeneratingacertificatesigningrequest(CSR)andimportingthecertificateintothekeystore.
Chapter1InstallingFlexNetCodeInsightPreparingtoInstallFlexNetCodeInsightFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential23CreatingaKeystoreforaPurchasedSecureSiteSSLCertificate--ExampleThefollowingisanexampleofacommandtocreateakeystoreforaSecureSiteSSLCertificateontheserver:keytool-import-alias""-file-keystore\tomcat\-storepass""TaskTouseapurchasedSecureSiteSSLCertificate,youcandothefollowing:1.
Exportthecertificateandimportitintocacerts,whichisin\jre\lib\security.
keytool-export-alias""-file.
crt-keystore.
jkskeytool-delete-alias""-keystorecacertskeytool-import-alias""-keystorecacerts-file.
crtNoteThedefaultpasswordforcacertsischangeit.
2.
(Optional)Tocheckthecontentsofthekeystore,enterthefollowingcommand:keytool-list-keystorecacertsshowskeystorecontents.
GeneratingaSelf-signedCertificateTaskTogenerateyourownself-signedcertificatewithakeystoreinplaceofapurchasedone,dothefollowing:1.
ExecutethefollowingcommandfoundintheJDK:keytool-genkey-keyalgRSA-sigalgSHA256withRSA-alias""-keystore-storepass""-validity-keysize20482.
Entertheserver'shostnameorIPaddresswhenprompted,Whatisyourfirstandlastname3.
Leavetherestofthepromptsblank,exceptforthelastone:IsCN=,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=UnknowncorrectForthisprompt,typeyes.
4.
Copythegeneratedkeystoreto\tomcat\.
5.
Updatethe\tomcat\conf\server.
xmlfilewiththevaluesyouprovidedinthecommandabovesoTomcatcanaccessthegeneratedcertificate.
Ifaself-signedcertificateisusedontheFlexNetCodeInsightserver,eachclientmachinethatisusedtoaccessFlexNetCodeInsightshouldaddacertificateexceptiontothebrowser.
Chapter1InstallingFlexNetCodeInsightPreparingtoInstallFlexNetCodeInsight24CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideUsingaSelf-signedCertificate--ExampleThefollowingexampleusesaself-signedcertificateandcodeinsightforkeystore,aliasandpasswords:1.
Incatalina.
bat,makethefollowingchanges:-Dcodeinsight.
ssl=truetomcat\conf\server.
xmlreplacedbytheserver.
xmlintomcat\httpscdC:\myworkkeytool-genkey-keyalgRSA-sigalgSHA256withRSA-aliascodeinsight-keystorecodeinsight.
jks-storepasscodeinsight-validity3600-keysize2048keytool-export-aliascodeinsight-filecodeinsight.
crt-keystorecodeinsight.
jkskeytool-delete-aliascodeinsight-keystoreC:\FlexNetCodeInsight\jre\lib\security\cacertskeytool-import-aliascodeinsight-keystoreC:\FlexNetCodeInsight\jre\lib\security\cacerts-fileC:\mywork\codeinsight.
crtkeytool-v-list-keystoreC:\FlexNetCodeInsight\jre\lib\security\cacerts-aliascodeinsightcopyc:\mywork\codeinsight.
jksC:\FlexNetCodeInsight\tomcat\2.
RestartTomcat.
Formoreinformation,seeStarting&StoppingTomcat.
3.
Openabrowserandenterhttps://:8888/codeinsight.
4.
NavigatetotheSystemConfigurationpage,andupdatethescanserverconfiguration.
AddaNewscanserverorselectascanserverandeditit.
SettheHostname.
SetthePorttothehttpsport.
NoteYoumayneedtoacceptbrowserwarningsthefirsttimethattheapplicationcomesup;thesemessagesshouldgoawayaftertheinitialsessionisover.
ConfiguringaNetworkingProxyServerConnectionBydefault,FlexNetCodeInsightusesautomaticproxyserversettingsto.
However,FlexNetCodeInsightcanbemanuallyconfiguredtoanenterpriseproxywithcompanyITpolicies.
TaskTomanuallyconfigureaproxyserverconnection,dothefollowing:1.
Navigatetothetomcat/binfolder.
ThisfolderresidesinthedirectorywhereFlexNetCodeInsightisinstalled.
2.
Opencatalina.
batorcatalina.
shforediting.
3.
Findline209anduncommentit:remsetCATALINA_OPTS=%CATALINA_OPTS%-Dhttps.
proxyHost=-Dhttps.
proxyPort=:-Dhttps.
proxyUser=-Dhttps.
proxyPassword=4.
Setthefollowingvaluesfortheproxyserver:ProxyHost:IPorHostnameoftheproxy.
PorxyPort:Portbeingusedforproxy.
Chapter1InstallingFlexNetCodeInsightInstallingFlexNetCodeInsightFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential25ProxyUser:Usernameusedtoauthenticatetheproxy.
Omitthisvalueforatransparentproxyconnection.
ProxyPassword:Passwordusedtoauthenticatetheproxy.
Omitthisvalueforatransparentproxyconnection.
5.
RestarttheTomcatserversotheproxyserverchangestakeeffect.
ForinformationaboutrestartingTomcat,seeStarting&StoppingTomcat.
InstallingFlexNetCodeInsightUsethefollowinginstructionstoinstallFlexNetCodeInsight:GatheringtheRequiredFilesLaunchingtheInstallerGatheringtheRequiredFilesWhileinstallingFlexNetCodeInsight,youwillbeaskedtoprovideyourlicensekeyanddirectorypathsforfilesthatareneededfortheapplicationtofunction.
Inaddition,youwillchoosethetypeofinstallationtoperform.
Thefollowingisalistoftheitemsandinformationtocollectbeforebeginningtheinstallation:Thelicensekeyfile,codeinsight.
key.
Ifyoudonothavealicensekeyfile,visittheFlexeraCustomerCommunityathttps://flexeracommunity.
force.
com/customer/CCContactSupport.
TheappropriateJDBCdriverconnectorfileforthedatabase:ForMySQL:Theconnectorfilemysql-connector-java-5.
1.
41-bin.
jar.
Ifyoudonothaveaconnectorfile,downloadonefromtheOracleMySQLwebpage:https://dev.
mysql.
com/downloads/connector/j/.
ForSQLServer:Theconnectorfilemssql-jdbc-6.
4.
0.
jre8.
jar.
Ifyoudonothaveaconnectorfile,downloadonefromtheMicrosoftwebpage:https://www.
microsoft.
com/en-us/download/details.
aspxid=56615.
Thetypeofinstallationyouwillperform:Standalone:Configureyourcomputerasboththecoreandscanserver.
Thisistherecommendedconfiguration.
Core:Configureyourcomputerasthecoreserver.
Scanner:Configureyourcomputerasthescanserver.
TheCoreServercontrolsyourWebUIClient.
TheScanServeriswhereactualscanningisperformed.
Additionally,ensurethatyouhavemettheprerequisiteslistedinSystemRequirements.
LaunchingtheInstallerAfteryoucreateadatabasewithremoteaccessprivileges,youcanusetheInstallertoinstallFlexNetCodeInsightinaWindowsorLinuxenvironment.
NoteYoucancanceltheinstallationbyclickingCancelonanyinstallationpanel.
Chapter1InstallingFlexNetCodeInsightRunningFlexNetCodeInsightasaService26CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideTaskToinstallFlexNetCodeInsight,dothefollowing:1.
Followtheinstallationstepsforyourenvironment:OnWindowsDownloadtheWindowsinstaller(FlexNetCodeInsight.
exe),andthennavigatetothedirectorywhereyoudownloadedthefile.
Double-clickthefilenameandfollowthepromptstoinstallFlexNetCodeInsightinaWindowsenvironment.
OnLinuxDownloadtheLinuxinstallerfile(FlexNetCodeInsight.
bin),andthennavigatetothedirectorywhereyoudownloadedthefile.
LaunchFlexNetCodeInsight.
binandfollowthepromptstoinstallFlexNetCodeInsightinaLinuxenvironment.
2.
Whentheinstallationiscomplete,dothefollowing:a.
StarttheTomcatserverifitisnotalreadyrunning.
SeeStarting&StoppingTomcat.
b.
LaunchCodeInsightbyfollowingtheproceduresinOpeningFlexNetCodeInsight.
ImportantIftheinstallationdoesnotcomplete,contacthttps://flexeracommunity.
force.
com/customer/CCContactSupport.
RunningFlexNetCodeInsightasaServiceRunningFlexNetCodeInsightasaservicewheneveryoursystemstartsupcansavetime.
ThissectionprovidestheproceduretoconfigureFlexNetCodeInsightasaserviceinbothaWindowsenvironmentandaLinux(RedHat7,CentOS7)environment:InaWindowsEnvironmentInaLinuxEnvironmentInaWindowsEnvironmentPerformthefollowingproceduretorunFlexNetCodeInsightasaWindowsservice.
TaskTorunFlexNetCodeInsightasaWindowsservice,dothefollowing:1.
Usingthecommandprompt,navigateto:\tomcat\bin.
2.
StoptheTomcatserver.
SeeStarting&StoppingTomcat.
3.
Opentheservice.
batfilewithatexteditor.
Chapter1InstallingFlexNetCodeInsightRunningFlexNetCodeInsightasaServiceFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential274.
UndertheSetdefaultServicenamecomment,setthefollowingparameters:SERVICE_NAME=CodeInsightDISPLAYNAME=FlexNetCodeInsight5.
ChangetheDescriptiontoreflectthenameoftheservice,whichisCodeInsight.
6.
OntheJvmOptionsline,addthefollowingtothelist:-Dcodeinsight.
ssl=false-DcodeinsightInstallPath=ThecodeinsightrootdirectoryisthedirectorypathwhereFlexNetCodeInsightisinstalled.
NoteRemembertoseparatetheJvmOptionsentrieswithasemi-colon(;).
7.
ChangetheJvmMsinitialmemorysettingto8192m.
Thedefaultentryis128.
8.
ChangetheJvmMxmaximummemorysettingto16384m.
Thedefaultentryis256.
9.
Savetheservice.
batfileandexitthetexteditor.
10.
Executetheservice.
batinstallcommandtoinstalltheApacheTomcatWindowsservice.
11.
Whentheserviceisinstalled,openWindowsServicesandsearchfortheServicenameyouspecifiedinstep4.
Inthiscase,itisCodeInsight.
12.
RightclickontheCodeInsightserviceandselectStart.
InaLinuxEnvironmentPerformthefollowingproceduretorunFlexNetCodeInsightasaserviceonLinux(RedHat7orCentOS7).
TaskTorunFlexNetCodeInsightasaserviceinLinux,dothefollowing:1.
CreateafilenamedOpenSpecimen.
servicewiththefollowingcontents.
(Notethatthisfilenameiscase-sensitivewhenreferencedincommandsusedinthisprocedure.
)[Unit]Description=TomcatServiceOpenSpecimen.
serviceAfter=syslog.
targetnetwork.
target[Service]Type=forkingExecStart=/installpathoftomcat/bin/startup.
sh#Eg.
ExecStart=/home/qaadmin/FlexNetCodeInsight/tomcat/bin/startup.
shshExecStop=/bin/kill-15$MAINPID[Install]WantedBy=multi-user.
target2.
CopytheOpenSpecimen.
servicefiletothe/etc/systemd/systemdirectory.
3.
StoptheTomcatserver.
SeeStarting&StoppingTomcat.
Chapter1InstallingFlexNetCodeInsightStarting&StoppingTomcat28CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuide4.
ExecutethefollowingcommandtonotifysystemdthattheOpenSpecimenservicehasbeenadded:$sudosystemctldaemon-reload5.
Usethefollowingcommandstostart,stop,orrestarttheOpenSpecimenservice:$sudosystemctlstartOpenSpecimen.
service$sudosystemctlstopOpenSpecimen.
service$sudosystemctlrestartOpenSpecimen.
service6.
ExecutethefollowingcommandtoenablethestartingofOpenSpecimenuponbooting:systemctlenableOpenSpecimen.
serviceFromthispointon,whenyoustartyoursystem,FlexNetCodeInsightwillstartupautomatically.
Starting&StoppingTomcatFromtimetotime,itisnecessarytostartandstoptheTomcatserver.
Forexample,ifthisisthefirsttimeyouhaveinstalledFlexNetCodeInsight,orifyouhaverecentlyupgradedFlexNetCodeInsightorshutdownyourTomcatserver,youmustrestartitbeforeyoucanconnecttoFlexNetCodeInsightinabrowser.
TaskTostarttheTomcatserver,dothefollowing:1.
NavigatetothedirectorywhereFlexNetCodeInsightisinstalledandopenthetomcat\bindirectory.
Forexample,C:\FlexNetCodeInsight\tomcat\bin.
2.
Executethestartup.
batfileforWindowsorthestartup.
shfileforLinux.
AstheTomcatstartupruns,messagesaredisplayedontheTomcatconsole.
TheTomcatstartupmaytakeseveralminutestocomplete.
WhenastartupmessagesimilartothefollowingappearsintheTomcatconsole,youcanopenFlexNetCodeInsightinyourbrowser:10-Aug-201710:06:34.
796INFO[main]org.
apache.
catalina.
startup.
Catalina.
startServerstartupin58823msTaskToshutdowntheTomcatserver,dothefollowing:1.
NavigatetothedirectorywhereFlexNetCodeInsightisinstalledandopenthetomcat\bindirectory.
Forexample,C:\FlexNetCodeInsight\tomcat\bin.
2.
Executetheshutdown.
batfileforWindowsortheshutdown.
shfileforLinux.
OpeningFlexNetCodeInsightFlexNetCodeInsightrunsinyourwebbrowser.
ThissectionexplainshowtostartFlexNetCodeInsightandaccesstheDashboard.
Chapter1InstallingFlexNetCodeInsightUninstallingFlexNetCodeInsightFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential29TaskToopenFlexNetCodeInsight,dothefollowing:1.
LaunchawebbrowserandnavigatetothefollowingURL,enteringtheserverhostnameprovidedbyyourFlexNetCodeInsightadministrator:http://:PORTNUMBER/codeinsight/Forexample,http://localhost:8888/codeinsight/.
TheFlexNetCodeInsightLoginpageopens.
NoteIfyouareunsureaboutyourserverhostname,contactyoursystemadministratorforguidance.
2.
Enteryourusernameandpassword.
NoteThedefaultloginnameisadmin;thedefaultpasswordisPassword123.
Yourinstallationmayrequireadifferentloginnameandpassword.
Ifyouareunsureaboutwhattoenter,contactyoursystemadministratorforguidance.
3.
ClickLogin.
TheFlexNetCodeInsightDashboardappears.
UninstallingFlexNetCodeInsightAnuninstallerforFlexNetCodeInsightisavailableinthedirectorywheretheproductisinstalled.
ThefollowingproceduresshowyouhowtouninstallFlexNetCodeInsightinaWindowsandaLinuxenvironment.
InstructionsarealsoprovidedtodroptheSQLServerdatabaseusedastheCodeInsightdatabase,shouldthisactionbenecessary.
UninstallingonWindowsUninstallingonLinuxDroppingtheSQLServerDatabaseUninstallingonWindowsUsethefollowingproceduretouninstallCodeInsightonaWindowsmachine.
TaskTouninstallFlexNetCodeInsightinWindows:1.
NavigatetothedirectorywhereFlexNetCodeInsightisinstalled.
2.
OpentheUninstall_FlexNetCodeInsightfolder.
3.
Double-clickUnisnstallFlexNetCodeInsight.
exe.
4.
Followtheon-screenpromptstouninstallFlexNetCodeInsight.
Theuninstallprocesswillleavebehindsomefiles.
Reviewthemanddeleteasneeded.
Chapter1InstallingFlexNetCodeInsightContactingSupport30CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideUninstallingonLinuxUsethefollowingproceduretouninstallCodeInsightonaLinuxmachine.
TaskTouninstallFlexNetCodeInsightinLinux:1.
NavigatetothedirectorywhereFlexNetCodeInsightisinstalled.
2.
OpentheUninstall_FlexNetCodeInsightfolder.
3.
ExecuteUninstallFlexNetCodeInsightcommandandfollowtheon-screenpromptstouninstallFlexNetCodeInsight.
Theuninstallprocesswillleavebehindsomefiles.
Reviewthemanddeleteasneeded.
DroppingtheSQLServerDatabaseIfyouneedtodroptheSQLServerdatabaseusedastheCodeInsightdatabase,followthisprocedure.
Droppingthedatabasealsodropsitsmaintenanceplans.
TaskTodroptheSQLServerdatabaseanditsmaintenanceplans:1.
Ifyouhavenotalreadydoneso,downloadthepalamida_db_drop_with_maintainenceplan.
sqlscript.
SeeDownloadingtheScriptsNeededtoSetUptheSQLServerDatabase.
2.
Openthescript,andsetthe@dbnamevaluetothenameofthedatabasetobedropped(ifthevalueisnotsettothecorrectname).
3.
Executethescript.
ContactingSupportIfyouneedfurthersupport,pleasesubmityourquestionsthroughouronlineCustomerCommunityportal:https://flexeracommunity.
force.
com/customer/IfyoudonothavealogintotheCustomerCommunity,youcanrequestoneontheLoginRequestpageofoursite:https://flexeracommunity.
force.
com/customer/CCLoginRequestIfyouareunabletousethestepsabove,pleasevisitthefollowingsiteforotheroptionstoreachouttoFlexeraSupport:https://flexeracommunity.
force.
com/customer/CCContactSupport2FlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential31ConfiguringFlexNetCodeInsightAfterFlexNetCodeInsighthadbeeninstalled,theadministratormustperformanumberofconfigurationtasksbeforetheusercanbeginusingCodeInsight.
Thissectiondescribestheseconfigurationtasks:CreatingorEditingaScanServerManagingUsersSettingtheElectronicUpdateFrequencyConfiguringanEmailServerConfiguringLDAPConfiguringFlexNetCodeInsighttoUseSingleSign-OnManagingScanProfilesSettingProjectDefaultsAboutFlexNetCodeInsightServerRESTAPIsNoteThefirsttimeyouopenFlexNetCodeInsight,anelectronicupdatewillbegin.
Itmaytake2to4hoursfortheelectronicupdatetocomplete.
Youcannotusetheapplicationtoscanfilesuntiltheupdatefinishes.
However,youcanconfigureFlexNetCodeInsightwhiletheupdateisinprogress.
Additionally,seeAboutFlexNetCodeInsightServerRESTAPIsinthischapterforinformationaboutCodeInsightRESTAPIsthatenableyoutocreateyouradministrativetoolformanagingscanoperationsandretrievingdatafromscanresults.
CreatingorEditingaScanServerTheScanServerscansthesourcecodeandbinaryfilesthatmakeupyourcodebasestohelpyouidentifyopensourcecodethatmayexposeyourapplicationstocomplianceissuesandsecurityvulnerabilities.
Youmustsetupascanserverbeforescanningcode.
Chapter2ConfiguringFlexNetCodeInsightManagingUsers32CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideNoteFlexNetCodeInsightsupportsonlyonescan-serverconfiguration.
TaskTocreateoredityourscanserver,dothefollowing:1.
OntheFlexNetCodeInsightDashboard,clickadministration.
TheAdministrationpageappearswithalistofsidetabs.
2.
SelecttheScanServerstab.
3.
Ifyoudonothaveascanserverconfigured,clickNew;ortoedityouralready-definedscanserver,selectitfromtheScanServersdrop-downlist,andclickEdit.
TheScanServerdialogappears.
4.
Completeorupdatethefieldsonthedialog:Alias:Thenameforthescanserver.
Host:TheIPaddressofthehostcomputerforthescanserver.
Ifthescanserverisonthesamemachineasthecoreserver,enterlocalhost.
Port:Thehostportofthescanserver.
Bydefault,theportis8888.
CLPath(Optional):ThepathfortheFlexNetCodeInsightComplianceLibrary,whichisprovidedonanUSBSSDdrive.
However,usingFlexNetCodeInsight'sautomateddiscovery,youcantoperformascanevenbeforeobtainingtheComplianceLibraryorsettingupascanserver.
Formoreinformation,seetheFlexNetCodeInsightUserGuide.
CodebasePath:ThepathonthescanserverwhereFlexNetCodeInsightwillstoreandmanagealluploadedcode.
Youshouldhaveadequatediskspacetostorethecodebases.
Recommendedstartingsizeforthisdirectoryis500GB.
NoteIfyouareunsureaboutwhattoenterinanyofthesefields,contactSCASupportforguidance.
ManagingUsersThefollowingtopicsdescribehowtomanageFlexNetCodeInsightusers:CreatingorEditingUsersFindingUsersDisablingUserAccountsCreatingorEditingUsersThefollowingproceduredescribeshowtocreateoreditusersforyourFlexNetCodeInsightinstallation.
(IfyouareusinganLDAPservertosynctheuserdata,youcanskipthisprocedure.
ToconfigureanLDAPserver,seeConfiguringLDAP.
)Chapter2ConfiguringFlexNetCodeInsightManagingUsersFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential33NoteThefirsttimeyouopenFlexNetCodeInsight,anelectronicupdatewillbegin.
Itmaytake2to4hoursfortheelectronicupdatetocomplete.
Youcannotusetheapplicationtoscanfilesuntiltheupdatefinishes.
However,youcanconfigureFlexNetCodeInsightuserswhiletheupdateisinprogress.
TaskTocreateauser,dothefollowing:1.
OntheFlexNetCodeInsightDashboard,clickadministration.
TheAdministrationpageappearswithalistofsidetabs.
2.
SelecttheUserstab,whichlistsallcurrentusers.
3.
Tocreateanewuser,clickAddUser;ortoeditanexistinguser,clicktheEditicon.
TheAddUserorEditUserdialogappears.
4.
Enterinformationinthefieldstocreateoredittheuser:Login:Theuser'sloginname.
FirstName:Theuser'sfirstname.
LastName:Theuser'slastname.
Email:Theuser'semailaddress.
Password:Theuser'spassword,whichshouldbeaminimumof8characterswithnospacesandhaveatleastonenumberandonecapitalletter.
PasswordConfirm:Reenterthepasswordfromthefieldabove.
Question:Asecurityquestionthatcanbeansweredbytheusertoretrievealostpassword.
Thequestionmustbeaminimumof3characters.
Answer:Theanswertothesecurityquestion.
Permissions:Chooseoneorbothofthefollowingpermissions:Administrator:ProvidespermissiontomanageusersandapplicationconfigurationsettingsforFlexNetCodeInsight.
PolicyManagement:ProvidespermissiontomanagepoliciesinFlexNetCodeInsight.
5.
Whenyoufinishenteringinformationfortheuser,clickSubmit.
TheSuccessdialogappears,tellingyouthattheuserhasbeensaved.
6.
ClickOK.
Ifyoucreatedauser,theuserwillappearinthelist.
FindingUsersAsasystemadministratororprojectowner,youmightneedtofindFlexNetCodeInsightuserstomanagetheirpermissions.
YoucansearchforusersontheUserstaborontheProjectSummarypage.
Chapter2ConfiguringFlexNetCodeInsightSettingtheElectronicUpdateFrequency34CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideTaskTofindusers,dothefollowing:1.
OntheFlexNetCodeInsightDashboard,clickadministration.
TheAdministrationpageappearswithalistofsidetabs.
2.
SelecttheUserstab.
3.
IntheEnterSearchCriteriafield,enteracharacterstringbywhichtosearchuserinformationinanyofthefields.
4.
ClickSearch.
DisablingUserAccountsFlexNetCodeInsightsupportsdisablinguseraccountsinthebrowser.
NoteTheAdminuseraccountiscreatedautomatically;itcannotbedisabled.
TaskTodisableuseraccounts,dothefollowing:1.
OntheFlexNetCodeInsightDashboard,clickadministration.
TheAdministrationpageappearswithalistofsidetabs.
2.
SelecttheUserstab.
3.
ClicktheEditicon()intheActionscolumnfortheuseraccountyouwanttodisable.
TheEditUserdialogappears.
4.
SelecttheDisableAccountcheckbox,andclickSubmit.
TheSuccessdialogappears.
5.
ClickOK.
Theuseraccountisnowdisabled.
Theuserwillreceivethemessage,"InvalidUsernameand/orPassword.
Ifyoubelieveyouenteredavaliduser,pleasecontactyourSystemAdministrator"whenattemptingtologintoFlexNetCodeInsight.
SettingtheElectronicUpdateFrequencyFrequentupdatesenableyoutoreceivethelatestvulnerabilityorothercomponentinformationasquicklyasitisavailable.
However,scanscannotbeperformedduringtheupdateprocess,butascanprocessthatisalreadyunderwaywillnotbeinterruptedwhentheupdateprocessistriggered.
Thedefaultelectronicupdatetoproductdataisdailyat1am,butFlexNetCodeInsightprovidestheabilitytomanagethefrequencywithwhichproductdataisupdated.
Thefollowingprocedureexplainshowtosettheupdatefrequency.
TaskTosettheupdatefrequency,dothefollowing:1.
OntheFlexNetCodeInsightDashboard,clickadministration.
TheAdministrationpageappearswithalistofsidetabs.
2.
SelecttheElectronicUpdatestab.
Chapter2ConfiguringFlexNetCodeInsightConfiguringanEmailServerFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential353.
SelectafrequencyfromtheUpdateFrequencypulldown:Never:IfyouselectNever,theotherfrequencyfieldsdisappear.
Daily:IfyouselectDaily,youmustselectatimefromtheTimepulldown.
Weekly:IfyouselectWeekly,youmustselectatimefromtheTimepulldownandadayfromtheSelectadaypulldown.
4.
IfyouselectedaDailyorWeeklyfrequency,selectatimefromtheSelectatimepulldown.
5.
IfyouselectedaWeeklyfrequency,selectadayfromtheSelectadaypulldown.
6.
Whenyouhavefinishedsettingtheupdatefrequency,selectSave.
Aftertheupdatefrequencyhasbeenupdated,theSuccesspromptappears.
7.
ClickOKtoreturntotheAdminselectionpage.
NoteIfyouclickScheduleUpdate,theupdatewilltakeplaceimmediately.
Themessage,"Anelectronicupdateiscurrentlybeingprocessed.
.
.
pleasewait.
.
.
",appearsintheElectronicUpdatefield.
ConfiguringanEmailServerFlexNetCodeInsightcansendemailalertsthataretriggeredbycertainevents.
Forexample,whenascancompletesorwhenanewvulnerabilityisdetectedintheprojectinventory.
Itishighlyrecommendedthattheemailserverconfigurationbesetupfortheapplication.
EmailserverconfigurationisavailableinFlexNetCodeInsightintheAdministrationtabs.
Thissectionprovidestheprocedureforconfiguringemail.
TaskToconfigureyouremailserver,dothefollowing:1.
OntheFlexNetCodeInsightDashboard,clickadministration.
TheAdministrationpageappearswithalistofsidetabs.
2.
SelecttheEmailServertab.
3.
Enterinformationandmakeselectionsinthefields:EnableEmailServer:SelectYestoenableFlexNetCodeInsighttousetheemailserverorNotoleaveitdisabled.
ThedefaultisNo.
TherestofthefieldsonthispagearenotavailableuntilyouselectYes.
Sender'sEmailAddress:Entertheemailaddressofthesender.
SMTPHostName:EntertheSMTPhostname.
SMTPHostPort:EntertheportnumberoftheSMTPhost.
SMTPUserName:EntertheSMTPusername.
ThisfieldcanbeleftblankforanonymousSMTPconfiguration.
SMTPUserPassword:EntertheSMTPuserpassword.
ThisfieldcanbeleftblankforanonymousSMTPconfiguration.
EnableSMTPoverTLS:SelectYestouseTransportLayerSecurity(TLS)tosecureemailoverSMTPorselectNotoleavethisoptiondisabled.
Chapter2ConfiguringFlexNetCodeInsightConfiguringLDAP36CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuide4.
ClickSavetosaveyoursettings.
ConfiguringLDAPTheLDAPoptionallowsyoutouseanLDAPservertoimportusernamedataintoFlexNetCodeInsightandforauthentication,asdescribedinthefollowingtopics:SynchronizingUserNameDataSettingUpaUserSearchFilterSampleSearchQueryServerPagingUserAuthenticationLDAPoverSSLImplementingLDAPSynchronizingUserNameDataFlexNetCodeInsightprovidestheabilitytoimportusernamedatafromLDAP.
Thissectionexplainsthetypeofusernamedatathatisimported.
UserMetadataThemetadataforeachuser(name,email,etc.
)ispulledfromLDAPandrefreshedintheFlexNetCodeInsightdatabaseataregularfrequencyviaaschedulermodulerunningwithinFlexNetCodeInsight.
Thedatasynchronizationisaone-waypullfromLDAPintotheFlexNetCodeInsightdatabase.
ThisactionoverwritestheexistingdataintheFlexNetCodeInsightdatabase.
UserdataforthoseusersthatdonotexistinLDAPisnotaffectedbythisprocess.
DisabledUsersUserswhoaredisabledinFlexNetCodeInsightwillstillhavetheirdatasynchronizedwithLDAP,butwillhavethedisabledflagsetto"true"andwillnotbegrantedaccesstotheapplication.
SettingUpaUserSearchFilterTopullonlytherequiredusersintoFlexNetCodeInsight,itisimportanttoconfiguretheSearchBaseandSearchQueryentries,whichappearontheLDAPtaboftheFlexNetCodeInsightuserinterface,properly.
TheSearchBaseistypicallytherootnodeunderwhichyoucanstoreallthedesiredusers.
TheSearchQueryallowsLDAPqueriesbasedonuserattributes.
WerecommendcreatingaFlexNetCodeInsightsystem-specificgroupandmakingallofthedesireduserspartofthisgroup.
Chapter2ConfiguringFlexNetCodeInsightConfiguringLDAPFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential37SampleSearchQueryLDAPsearchqueriescanbeenteredintheLDAPSearchQueryfieldontheLDAPtab.
Forexample,thefollowingquerypullsonlydesiredusersintoFlexNetCodeInsight:(&(objectClass=person)(memberOf=CN=CodeInsightGroup,CN=Users,DC=ad,DC=CodeInsight,DC=com))ServerPagingLDAPandActiveDirectorysupportserverpagingcontrolsthenumberofrecordsthesystemispullingatanygiventime.
ConfiguretheLDAPPageSizeentriesasdesired.
Thedefaultpagesizeis1000.
NoteSunOneDirectoryServerdoesnotsupportserverpagingincertainreleaseshttp://kb.
globalscape.
com/KnowledgebaseArticle10218.
aspx.
IfyouareusingSunOneDirectoryServer,ensurethatserverpagingisdisabled.
UserAuthenticationYoucanuseanexistingLDAPservertoverifyuserswhentheylogintoFlexNetCodeInsight.
FlexNetCodeInsightdoesnotstoreLDAPpasswords.
AllauthenticationhappensontheLDAPserver.
AfteranLDAPuserentersausernameandpassword,thecredentialsaresenttotheLDAPinstance.
IfLDAPconfirmsthattheuserisvalid,FlexNetCodeInsightgrantsaccess.
NoteIfyouconfigureLDAPtoprovideloginsecurity,thebuilt-inFlexNetCodeInsightloginsecuritywillnotbeused.
LDAPoverSSLSSLprovidesdataencryptionsecurityforuserinformationpassedoverthenetwork.
Youmustuseldaps://URLwith636port,whichisthedefaultdedicatedportforSSL.
ImplementingLDAPThissectionexplainsthebasicprocedureforimplementingLDAPinFlexNetCodeInsight.
FordetaileddescriptionsofthefieldsontheLDAPtab,seethe"LDAPtab"topicintheonlinehelporFlexNetCodeInsightUserGuide.
TaskToimplementLDAP,dothefollowing:1.
OntheFlexNetCodeInsightDashboard,clickadministration.
TheAdministrationpageappearswithalistofsidetabs.
2.
SelecttheLDAPtab.
3.
SelectYesintheEnableLDAPfieldandcompletetherestofthefieldsontheLDAPtab.
See"LDAPTab"intheonlinehelporintheFlexNetCodeInsightUserGuidefordescriptionsofallthefieldsontheLDAPtab.
Chapter2ConfiguringFlexNetCodeInsightConfiguringFlexNetCodeInsighttoUseSingleSign-On38CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuide4.
(Optional)SelectTestLDAPServerConnectiontoensurethatFlexNetCodeInsightisproperlyconnectedtotheLDAPserver.
TheconnectionwillbetestedwiththevaluesdisplayedinthefieldsontheLDAPtab.
5.
Whenyoufinishenteringinformationinthefields,selectSavetosaveyourchangestotheLDAPconfiguration.
6.
(Optional)SelectSyncNowtosaveyoursettingsandsynchronizethemwiththeuserdataontheLDAPserver.
IfyoudonotselectSyncNow,theusersynchronizationwillbedoneatthetimespecifiedintheLDAPUserSyncFrequencyfield.
ConfiguringFlexNetCodeInsighttoUseSingleSign-OnSinglesign-on(SSO)isanauthenticationservicethatenablesausertouseonesetofcredentials(usuallyanameandpassword)toaccessmultipleapplications.
ThisserviceinvolvesanexchangeofSAML(SecurityAssertionMarkupLanguage)protocolmessagesbetweentheuser,theidentityprovider,andtheserviceprovider.
TheIdentityProvider(alsocalledanIdP)isanySSOservice,suchasOkta,PingFederate,andothers,offeringSAMLauthenticationservices.
TheServiceProvider(alsocalledanSP)isanapplication,suchasFlexNetCodeInsight,thatisconfiguredtoparticipateintheSSOservice.
WhenaServiceProvideruserlogsinusingcredentialsforanSSOsession,aSAMLmessageissenttotheIdentityProvider,requestinguserauthentication.
Iftheuserpasswordisvalid,theIdentityProviderreturnsaSAMLmessage,statingthattheuserisloggedinattheIdentityProvider.
Theuser,inturn,isloggedintotheServiceProvider.
TheFlexNetCodeInsightadministratorcanusetheinstructionsinthesesectionstoconfigureCodeInsightasaServiceProviderinanSSOsession:PrerequisiteTasksforConfiguringCodeInsightforSSOConfiguringCodeInsightforSSOLogInUsingSSOCredentialsExampleOktaSetupforCodeInsightSSOPrerequisiteTasksforConfiguringCodeInsightforSSOPerformthefollowingtasksbeforeconfiguringCodeInsightforSSO:ConfigureHTTPSontheFlexNetCodeInsightServerSetUpSSOUsersConfigureHTTPSontheFlexNetCodeInsightServerTheHTTPScommunicationprotocolmustbeusedtoexchangeSAMLmessagesbetweentheSPandIdP.
ForinstructionsonconfiguringHTTPSontheCodeInsightserver,seeEnablingSecureHTTPOverSSLinthe"InstallingFlexNetCodeInsight"chapter.
ThekeystorethatyouusetoconfigureHTTPScanbeusedforSSOconfiguration.
Alternatively,youcancreateaseparatekeystoreforSSO,usingthesameinstructionsfoundinEnablingSecureHTTPOverSSL.
Chapter2ConfiguringFlexNetCodeInsightConfiguringFlexNetCodeInsighttoUseSingleSign-OnFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential39SetUpSSOUsersYoucandefineSSOusersforCodeInsightwithorwithoutLDAP.
WithLDAPIfyouintendforSSOtointegratewithyourLDAPserverforuseraccesstoCodeInsight,followtheserules:MakesurethatCodeInsightandtheServiceProviderareconfiguredfortheLDAPserver.
ForinstructionstoconfigureCodeInsight,seeConfiguringLDAP.
ToconfiguretheServiceProvider,followtheServiceProviderinstructions.
WhensettingupusersontheLDAPserver,ensurethattheuser'sloginistheuser'semailaddress.
SynchronizeusersfromtheLDAPservertotheIdentityProviderfirst,usingtheIdentityProvider'sinstructions.
ThensynchronizetheusersfromtheLDAPservertoCodeInsight.
SeeConfiguringLDAP.
WithoutLDAPIfyoudonotuseLDAP,youmustmanuallycreatetheSSOusersbothinFlexNetCodeInsight(seeManagingUsers)andattheIdentityProvidersite,ensuringthattheuserinformationisthesameinbothlocations.
Ensurethattheuser'sloginistheuser'semailaddress.
ConfiguringCodeInsightforSSOFollowthesestepsforconfiguringCodeInsightforSSO:Step1:CopytheDirectoryThatWillContainProviderMetadataStep2:PreparetheEnvironmentPropertiesFileStep3:ConfiguretheSSOCommonPropertiesFileStep4:CustomizetheSampleServiceProviderMetadataFileStep5:ObtaintheIdentityProviderMetadataFileNotethat,intheseinstructions,SCA_install_homereferstotheCodeInsightinstallationlocation.
Step1:CopytheDirectoryThatWillContainProviderMetadataCopythesecuritydirectoryfromSCA_install_home/samples/sso/config/coretoSCA_install_home/config/core.
ThisdirectorywillserveasthestoragelocationfortheServiceProviderandIdentityProvidermetadatafiles,asdescribedinStep5:ObtaintheIdentityProviderMetadataFileandStep4:CustomizetheSampleServiceProviderMetadataFile.
Step2:PreparetheEnvironmentPropertiesFileThissteppreparestheenv.
propertiesfiletoenableSSOontheCodeInsightserver.
Chapter2ConfiguringFlexNetCodeInsightConfiguringFlexNetCodeInsighttoUseSingleSign-On40CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideTaskTopreparethe"env.
properties"file:1.
Copytheenv.
propertiesfilefromSCA_install_home/samples/sso/configtoSCA_install_home/config/core.
2.
Inatexteditor,opentheSCA_install_home/config/core/env.
propertiesfile,andensurethatthevalueofthefollowingpropertytosso.
spring.
profiles.
active=sso3.
Savethefile.
Step3:ConfiguretheSSOCommonPropertiesFileThisstepconfiguresthecore.
sso.
common.
propertiesfiletoenableSSOontheCodeInsightserver.
TaskTopreparethe"core.
sso.
common.
properties"file:1.
Copythecore.
sso.
common.
propertiesfilefromSCA_install_home/samples/sso/configtoSCA_install_home/config/core.
2.
Inatexteditor,opentheSCA_install_home/config/core/core.
sso.
common.
propertiesfile.
Thefollowingshowsthefilecontents:##thisfilecontainsallssoplaceholdervalues.
saml.
keystore=file:///c://keystore.
jkssaml.
keystore.
password=keysore_passwordsaml.
keystore.
alias=keystore_aliassaml.
keystore.
alias.
password=keystore_alias_password#forextendedMetadataconfigurationsaml.
metadata.
local=truesaml.
metadata.
alias=saml.
metadata.
idpDiscoveryEnabled=falsesaml.
metadata.
idpDiscoveryURL=saml.
metadata.
idpDiscoveryResponseURL=saml.
metadata.
ecpEnabled=falsesaml.
metadata.
securityProfile=metaiopsaml.
metadata.
sslSecurityProfile=pkixsaml.
metadata.
sslHostnameVerification=defaultsaml.
metadata.
signingKey=keystore_aliassaml.
metadata.
signingAlgorithm=nullsaml.
metadata.
signMetadata=falsesaml.
metadata.
encryptionKey=keystore_aliassaml.
metadata.
tlsKey=#privateSettrustedKeys=saml.
metadata.
requireLogoutRequestSigned=falsesaml.
metadata.
requireLogoutResponseSigned=falsesaml.
metadata.
requireArtifactResolveSigned=falsesaml.
metadata.
supportUnsolicitedResponse=true#forSPsaml.
entity.
id=ww:xx:yy:zzsaml.
base.
url=https://myhost.
mycompany.
com:8443Chapter2ConfiguringFlexNetCodeInsightConfiguringFlexNetCodeInsighttoUseSingleSign-OnFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential413.
Updatetheproperties(highlightedabove)requiredforServiceProvidersecurityandidentification,andthensavethefile.
Thepropertiesthatyouneedtoeditorthatrequireexplicitconfigurationaredescribedinthistable:SSOPropertyDescriptionsaml.
keystoreEnterthepathandnameofthekeystorethatyoucreatedforSSO.
ThiscanbethesamekeystorethatyouareusingforHTTPSoradifferentone.
SeeConfigureHTTPSontheFlexNetCodeInsightServerinthe"InstallingFlexNetCodeInsight"chapterformoreinformation.
saml.
keystore.
passwordEnterthepasswordforthekeystore.
saml.
keystore.
aliasEnterthealiasdefinedfortheprivatekeycontainedinthekeystore.
saml.
keystore.
alias.
passwordEnterthepasswordfortheprivatekeyalias.
saml.
metadata.
aliasProvideyourmetadataalias,ifoneexists;orleavethisfieldblank(orenterdefaultAlias)tousethedefaultmetadataalias.
saml.
metadata.
idpDiscoveryURLLeavethisfieldblank.
Donotenternull.
saml.
metadata.
idpDiscoveryResponseURLLeavethisfieldblank.
Donotenternull.
saml.
metadata.
signingKeyEnterthepathandnameofthekeystoreyoucreatedforSSO.
(Thisisthesamevalueenteredforthesaml.
keystoreproperty.
)saml.
metadata.
encryptionKeyEnterthepathandnameofthekeystoreyoucreatedforSSO.
(Thisisthesamevalueenteredforthesaml.
keystoreproperty.
)saml.
metadata.
tlsKeyEnterthealiasofprivatekeygeneratedforSSL/TLSclientauthentication,ifoneexists;orleavethisfieldblanktousethedefaultTLSkeyalias.
saml.
entity.
idEnterauniqueidentifierforyourCodeInsightserverasaServiceProvider.
TherecommendedvalueisthehostnamefortheCodeInsightserver.
Notethat,eventhoughtheserver'shostnameistherecommendedvalue,theentityIDisanimmutablevalueidentifyingtheServiceProviderinanSSOsession;itisnotusedtoidentifyalocation.
saml.
base.
urlTheHTTPSURLhandlingtheServiceProvider'susersign-inrequests.
ThisisusuallytheURLforyourCodeInsightserverinHTTPS://myhost.
mycompany.
com:portformat.
NotethatthedefaultportfortheCodeInsightserveris8443.
Step4:CustomizetheSampleServiceProviderMetadataFileThisstepcustomizesthesampleServiceProvidermetadatafileforyourCodeInsightserver.
Chapter2ConfiguringFlexNetCodeInsightConfiguringFlexNetCodeInsighttoUseSingleSign-On42CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideTaskTocustomizethesampleServiceProvidermetadatafile:1.
Inatexteditor,opentheSCA_install_home/config/core/security/SPMetadata.
xmlfile.
2.
Updatethefollowingproperties,andsavethefile:SSOPropertyDescriptionentityID="ENTITY_VALUE"ReplaceENTITY_VALUEwiththesameentityIDastheoneyouprovidedtheenv.
propertiesfileinStep2:PreparetheEnvironmentPropertiesFile.
SingleLogoutService.
.
.
FULLY_QUALIFIEDHOSTNAME.
.
.
ReplaceFULLY_QUALIFIEDHOSTNAMEwiththefullyqualifiedhostnameoftheCodeInsightserver.
AssertionConsumerService.
.
.
FULLY_QUALIFIEDHOSTNAME.
.
.
ReplaceFULLY_QUALIFIEDHOSTNAMEwiththefullyqualifiedhostnameoftheCodeInsightserver.
Step5:ObtaintheIdentityProviderMetadataFileThisfinalstepinsettingupSSOforCodeInsightistoobtaintheIdentityProvidermetadatafile.
TheIdentityProvidermightrequirethatyousendtheCodeInsightSPMetadata.
xmlfile(setupinStep4:CustomizetheSampleServiceProviderMetadataFile)inordertoprovidetheIdentityProvidermetadatafile.
Alternatively,youmightberequiredtogeneratetheIdentityProvidermetadatafileusingtheIdentityProviderUI.
Youwillneedtoprovidethesingle-sign-onURLforCodeInsight(alsospecifiedintheSPMetadata.
xml):https://myhost.
mycompany.
com:8443/codeinsight/saml/SSOTaskToobtaintheIdentityProvidermetadata:1.
FollowtheIdentityProvider'sinstructionsforobtainingtheIdentityProvidermetadata.
2.
OnceyouobtaintheIdentityProvidermetadata,saveitasIDPMetadata.
xmlintheSCA_install_home/config/core/securitydirectory.
LogInUsingSSOCredentialsOnceyoucompletethestepsdescribedinthissection,CodeInsightusersdefinedasSSOusersshouldbeabletologintoanSSOsessionmanagedbytheIdentityProviderandobtainaccesstoCodeInsight.
ExampleOktaSetupforCodeInsightSSOCodeInsightprovidesanexamplewalk-throughforusingOktatosetupCodeInsightforSSO.
Toobtaintheseinstructions,downloadtheSSO_With_Okta.
pdffromtheFlexeraCustomerCommunitysite:https://flexeracommunity.
force.
com/customer/Chapter2ConfiguringFlexNetCodeInsightManagingScanProfilesFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential43ManagingScanProfilesThefollowingtopicsdescribehowtomanagescanprofiles:CreatingorEditingScanProfilesScanProfileFieldsAboutScanningwithouttheComplianceLibraryCreatingExclusionPatternsforScanProfilesCreatingorEditingScanProfilesAscanprofileisasetofpredefinedscansettingsthataregroupedtogetherthatcanbeappliedatscantime.
Bydefault,threescanprofilesareprovided:BasicScanProfile(withoutCL)StandardScanProfileComprehensiveScanProfileThetableintheScanProfileFieldssectionidentifiesthescanfunctionsthatareincludedwitheachscantype.
Inmostcases,thepre-definedscanprofilesareenoughtogetstarted.
However,iftheydonotmeetyourneeds,youcancreateyourowncustomscanprofiles.
Whenascanprofileiscreated,thedatafromtheStandardScanProfileiscopied,includinganysearchtermsandexclusions.
However,youcanupdateanyofthisinformationthescanprofileyouarecreating.
Youcanalsoeditinformationinexistingscanprofiles(excepttheStandardScanProfile).
NoteScanprofileschangesdonotaffectthecurrentscan.
Changesareappliedtothenextscheduledscan.
TaskTocreateoreditanewscanprofile,dothefollowing:1.
OntheFlexNetCodeInsightDashboard,clickadministration.
TheAdministrationpageappearswithalistofsidetabs.
2.
SelecttheScanProfilestab.
3.
ClickNeworEditnexttothedrop-downfieldlistingtheexistingscanprofiles.
TheCreate(orEdit)ScanProfiledialogappears.
4.
Completethefieldsonthedialog.
Seethenextsection,ScanProfileFields.
5.
ClickSavetosavethescanprofile.
Chapter2ConfiguringFlexNetCodeInsightManagingScanProfiles44CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideScanProfileFieldsThefollowingtablesummarizesthefunctionofeachfieldinthescanprofile.
ItalsonoteswhichfieldsarevalidfordefaultscanprofilesshippedwithCodeInsight:Table2-1ScanFieldDescriptionsandDefaultScanProfileSupportFieldDescriptionBasicStandardComprehensivePerformPackage/LicenseDiscoveryinArchivesSelectthisoptiontohavethescannerrecursivelyperformpackagediscoveryandlicensedetectionwithinallarchivefilesencounteredintheprojectcodebase.
Bydefault,thisoptionisunselected.
XXXDependencySupportDeterminethelevelofdependencyscanningtobeperformedbythescanner.
Theavailableoptionsinclude:NoDependencies:Onlytop-levelinventoryitemsarereportedwithoutanydependencies.
(Default)OnlyFirstLevelDependencies:Onlyfirst-level(ordirect)dependenciesarereportedalongwithtop-levelinventoryitems.
AllTransitiveDependencies:Allfirst-levelandtransitivedependenciesarereportedalongwithtop-levelinventoryitems.
Thescannercallsouttotherelevantpackagemanagementrepositorytoobtaintransitivedependencyinformation.
ThisoptionissupportedonlyforJava/Maventhroughpom.
xmlfilesandNPMthroughpackage.
jsonfiles.
Additionaltechnologieswillbesupportedinfuturereleases.
XXXAutomaticallyAddRelatedFilestoInventorySelectthisoptiontohavethesystemassociateadditionalfilestoexistinginventoryitemsbasedonthedataavailableinautomaticdetectionrules.
Theautomaticfilemappingsaremarkedwitheitherhighorlowconfidence.
XXXExactMatchesSelectthisoptiontohavethescannerrecordexactmatchesforscannedfilesbasedondatafromtheComplianceLibrary(CL).
XXSourceCodeMatchesSelectthisoptiontohavethescannerrecordsourcecodematchesforscannedfilesbasedondatafromtheComplianceLibrary(CL).
XChapter2ConfiguringFlexNetCodeInsightManagingScanProfilesFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential45NoteComprehensiveandStandardScanProfilesrelyondatastoredintheComplianceLibrary(CL)todetectevidenceforExactMatchesandSourceCodeMatches.
AboutScanningwithouttheComplianceLibraryBydefault,whenFlexNetCodeInsightscansacodebase,itusesthedataintheComplianceLibrary(CL)toprovideevidenceforExactmatchesandSourcecodefingerprintmatches.
TheComplianceLibrary,whichisover500GB,isprovidedonaharddrive,whichshouldbeconnectedtotheserverwhereyouhaveinstalledFlexNetCodeInsight.
However,ifyoudonothaveaccesstotheComplianceLibrary,suchaswhenrunningFlexNetCodeInsightonavirtualmachine,youcanstillperformabasicscan(usingtheBasicScanProfile)onyourcodebasethatwillgenerateinventoryanddetectvulnerabilities,findevidencebasedonpre-definedsearchterms,emails,andURLs,aswellasemployallautomateddetectiontechniques.
IntheabsenceofaComplianceLibrary,FlexNetCodeInsightwillnotdetectExactmatchesandSourcecodefingerprintmatches.
Youcanalsocreateacustombasicscanprofilewithyourownpre-definedsearchterms,aswellasspecifyscanexclusionsforfoldersorfilestoexcludefromthecodebasescan,suchas**/.
gitor**/.
hg.
CreatingExclusionPatternsforScanProfilesFlexNetCodeInsightprovidestheabilitytocreateexclusionpatternsforuseinyourscansandtoaddthemtoyourscanprofileinCreate(orEdit)ScanProfilepage.
Thissectionprovidesinformationaboutthesyntaxrequiredwhencreatingexclusionpattersandexamplesofvalidexclusionpatterns.
FlexNetCodeInsightusesApacheAntpath-stylesyntaxtoexcludefilesduringscanning.
Patternsarepathsthatarerelativetoabasedirectory.
Onlyfilesfoundinorbelowthebasedirectoryareconsideredforexclusion.
Forin-depthinformationaboutantexclusionpatterns,seehttps://ant.
apache.
org/manual/dirtasks.
html.
IncludeSystemIdentifiedFiles(AvailableonlywhenSourceCodeMatchesisselected)Selectthisoptionifyouwantthescannernottoperformsourcecodematchingforfilesthatarealreadyassociatedwithoneormoreinventoryitems.
XIncludeFileswithExactMatches(AvailableonlywhenSourceCodeMatchesisselected)Selectthisoptionifyouwantthescannernottoperformsourcecodematchingforfilesthathaveexactmatches.
XSearchTermsProvidealistofsearchtermstobeusedinthescan.
XXXScanExclusionsProvidealistoffileextensionstobeexcludedfromthescan.
AlsoseeCreatingExclusionPatternsforScanProfiles.
XXXTable2-1ScanFieldDescriptionsandDefaultScanProfileSupport(cont.
)FieldDescriptionBasicStandardComprehensiveChapter2ConfiguringFlexNetCodeInsightManagingScanProfiles46CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideNoteExclusionpatternsarenotvalidated.
UsingtheSingleAsterisk(*)andQuestionMark()Usingasingleasterisk(*)matcheszeroormorecharacters.
Usingthequestionmark()matchesonecharacter.
Ifyoucreateanexclusionpatternof*.
xml,andaddittothelistofScanExclusionsinFNCI,yourscanwillexcludefilessuchasx.
xml,FooBar.
xml,codeinsight.
xmlbutnotcodeinsight.
jarbecauseitdoesnotendwith.
xml.
Ifyoucreateanexclusionpatternof.
codeinsightandaddittoyourlistofScanExclusionsinFNCI,yourscanwillexcludefilessuchasx.
codeinsightandA.
codeinsight,butnotxx.
codeinsightoraaa.
codeinsightbecauseneitherhasjustonecharacterbefore.
codeinsight.
Inotherwords,xx.
codeinsightandaaa.
codeinsightwillappearinscanresultsiftheyareinyourcodebase.
NoteYoucancombineasterisks(*)andquestionmarks()inyourexclusionpatterns.
UsingDoubleAsterisksDoubleasterisks(**)spanmultipledirectorypathsIfyoucreateanexclusionpatternof**/codeinsight,thefilesintheaa/bb/cc/codeinsightdirectorystructurewillbeexcludedfromthescan.
SampleExclusionPatternsThefollowingaresomesamplepatternsthatcanbeusedwithFNCI:Table2-2SampleExclusionPatternsandDescriptionsPatternDescription**/SVN/*ExcludesallthefilesintheSVNdirectoriesthatarelocatedanywhereinthedirectorytree(e.
g.
,SVN/Repository,andapache/SVN/Entries)fromthescan.
Butorg/apache/SVN/foo/bar/Entrieswillbeincludedinthescan.
/ePortal-2.
0/src/**Excludesallthefilesinthe/ePortal-2.
0/src/**directorytree(e.
g.
,/ePortal-2.
0/src/index.
html,and/ePortal-2.
0/src/test.
xml).
But/ePortal-2.
0/src/**xyz.
javawillbeincludedinthescan.
**/gitExcludeallfilesinaa/bb/cc/git.
NoteExclusionpatternsarenotvalidatedbyFNCI.
Pleasetestyourpatternexternally.
NoteIfapatternendswith/or\,doubleasterisks(**)areappended.
Forexample,codeinsight/data/isinterpretedascodeinsight/data/**.
Chapter2ConfiguringFlexNetCodeInsightSettingProjectDefaultsFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential47SettingProjectDefaultsTheProjectDefaultstabdefinesoptionsthatareglobalforallprojects,butthesecanbeoverriddenattheprojectlevel.
CurrentlythistabenablesyoutosetTaskFlowOptionssettingsonly.
TaskFlowOptionssettingscanautomatethestatusnotification,review,andremediationprocessforpublishedinventoryandgenerallyworkinconjunctionwiththepolicyprofileassociatedwiththeproject.
Forexample,youcandefinetheautomaticcreationoftasksandworkitemsthattrackthereviewandremediationprocessforinventoryitemsrejectedbypolicy.
YoucanalsodefinethetaskflowforthoseitemsthatresultinaNotReviewedstatusbecausepoliciesdotoapplytotheitems.
TooverridetheTaskFlowglobaloptionsattheprojectlevel,see"EditingtheProjectDefinitionandGeneralSettings"inthe"UsingFlexNetCodeInsight"intheFlexNetCodeInsightUserGuide.
Formoreinformationaboutpolicies,referto"ManagingPolicyProfiles"inthe"UsingFlexNetCodeInsight"chapterintheFlexNetCodeInsightUserGuide.
TaskTosetprojectdefaults,dothefollowing:1.
OntheFlexNetCodeInsightDashboard,clickadministration.
TheAdministrationpageappearswithalistofsidetabs.
2.
SelecttheProjectDefaultstab.
3.
UpdatetheTaskFlowOptionsfieldsasneeded,usingthefollowingtableforfielddescriptions.
Table2-3TaskFlowfieldsColumn/FieldDescriptionWhenaninventoryitemis:impactedbyanewvulnerabilitythatviolatesyourpolicy,auto-rejecttheinventoryitemThisfielddefineswhatactionthesystemshouldtakeifaninventoryitemisaffectedbyanewsecurityvulnerability(discoveredduringscanningorviaelectronicupdate).
WhenanewsecurityvulnerabilitywithaCVSSscoreorseveritygreaterthanthethresholdconfiguredaspolicyfortheCodeInsightproject,selectthischeckboxtoautomaticallyrejectthoseprojectinventoryitemsimpactedbythevulnerability.
(Thisrejectionalsoappliestoinventoryitemspreviouslyapproved.
)Toindicatethataninventoryitemhasbeenrejectedduetonewvulnerabilities,analerticonisautomaticallyaddedtotheentryforeachimpactedinventoryitemontheProjectInventorytab.
Ifyouleavethecheckboxunselected,thestatusofinventoryitemsimpactedbythenewvulnerabilityremainsasis.
Notethatsecurityalertsaregeneratedonlywhenanelectronicupdate,performedpost-scan,discoversnewvulnerabilities.
ForinformationaboutsettingpoliciesthatdefinevulnerabilityCVSSandseveritythresholdsforautomaticrejectionorapprovalofinventoryitems,referto"PoliciesDetailsPage"intheonlinehelporintheFlexNetCodeInsightUserGuide.
Chapter2ConfiguringFlexNetCodeInsightSettingProjectDefaults48CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideWhenaninventoryitemis:neitherapprovednorrejectedbypolicyThisfielddefineswhatactionthesystemshouldtakeiftheinventoryitemisnotaffectedbypolicy(duringpublishingofinventoryaspartofascanormanualpublishingbyauser).
WhenCodeInsightautomaticallypublishestheinventory,definetheactionoractionsequencethatshouldbetriggeredautomaticallyforthoseinventoryitemsnotautomaticallyapprovedorrejectedbypolicy:takenoaction—SimplyshowthestatusoftheinventoryitemasNotReviewedontheProjectInventorytab.
sendanemailnotification—InadditiontoshowingtheNotReviewedstatusfortheinventoryitem,automaticallysendanemailtotheprojectowner,informingtheprojectowneroftheneedtomanuallyreviewtheitem.
Theminimumpriorityvalueaffectsthisoption.
createareviewtask—InadditiontoshowingtheNotReviewedstatusfortheinventoryitem,automaticallycreateareviewtaskassignedtotheprojectownerandsendanemail,notifyingtheprojectownerabouttask.
(Theprojectownercanthenreassignthetasktotheappropriateuser,suchasanengineeroralegalorsecurityexpert.
Fordetailsaboutreassigningtasks,see"CreatingandManagingTasksforProjectInventory"inthe"UsingFlexNetCodeInsight"chapterintheFlexNetCodeInsightUserGuide.
)Theminimumpriorityvalueaffectsthisoption.
createareviewtaskwithanexternalworkitem—InadditiontoshowingtheNotReviewedstatusfortheinventoryitem,performthefollowing:Automaticallycreateareviewtaskassignedtotheprojectownerandsendanemailtonotifytheprojectowneraboutthetask.
(Theprojectownercanthenreassignthetasktotheappropriateuser,suchasanengineeroralegalorsecurityexpert.
Fordetailsaboutreassigningtasks,see"CreatingandManagingTasksforProjectInventory"inthe"UsingFlexNetCodeInsight"chapterintheFlexNetCodeInsightUserGuide.
)Automaticallyassociateaworkitemwiththetask,creatingtheworkiteminanApplicationLifecycleManagement(ALM)system(suchasanissueinJira).
CodeInsightcreatestheworkitemusingthesettingsfortheALMinstancetowhichtheCodeInsightprojectisassociated.
FormoreinformationaboutconfiguringanALMinstancefortheproject,see"ALMSettings"inthe"UsingFlexNetCodeInsight"chapterintheFlexNetCodeInsightUserGuide.
Theminimumpriorityvalueaffectsthisoption.
Table2-3TaskFlowfields(cont.
)Column/FieldDescriptionChapter2ConfiguringFlexNetCodeInsightSettingProjectDefaultsFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential49Whenaninventoryitemis:rejectedbypolicyThisfielddefineswhatactionthesystemshouldtakeifaninventoryitemisautomaticallyrejectedbypolicy(duringpublishingofinventoryaspartofascanormanualpublishingbyauser).
Selecttheactionoractionsequencethatshouldbeautomaticallytriggeredwhenaninventoryitemisrejectedbypolicy:takenoaction—SimplyshowthestatusoftheinventoryitemasRejectontheProjectInventorytab.
sendanemailnotification—Automaticallysendanemail,informingtheprojectowneroftheneedtoperformremediationworkonthecomponent.
createaremediationtask—Automaticallycreatearemediationtaskassignedtotheprojectownerandsendanemail,notifyingtheprojectownerabouttask.
(Theprojectownercanthenreassignthetasktotheappropriateuser,suchasanengineeroralegalorsecurityexpert.
Fordetailsaboutreassigningtasks,see"CreatingandManagingTasksforProjectInventory"inthe"UsingFlexNetCodeInsight"chapterintheFlexNetCodeInsightUserGuide.
)createaremediationtaskwithanexternalworkitem—Performthefollowing:Automaticallycreatearemediationtaskassignedtotheprojectownerandsendanemail,informingtheprojectowneraboutthetask.
(Theprojectownercanthenreassignthetasktotheappropriateuser,suchasanengineeroralegalorsecurityexpert.
Fordetailsaboutreassigningtasks,see"CreatingandManagingTasksforProjectInventory"inthe"UsingFlexNetCodeInsight"chapterintheFlexNetCodeInsightUserGuide.
)Automaticallyassociateaworkitemwiththetask,creatingtheworkiteminanApplicationLifecycleManagement(ALM)system(suchasanissueinJira).
CodeInsightcreatestheworkitemusingthesettingsfortheALMinstancetowhichtheCodeInsightprojectisassociated.
FormoreinformationaboutconfiguringanALMinstancefortheproject,see"ALMSettings"inthe"UsingFlexNetCodeInsight"chapterintheFlexNetCodeInsightUserGuide.
minimumprioritySelecttheminimuminventorypriority(P1,P2,P3,orP4)towhichthevaluesforneitherapprovednorrejectedapply.
Forexample,ifneitherapprovednorrejectedbypolicyissettosendemailnotificationandminimumpriorityissettoP3,thentheemailnotificationwillonlybesentoutforP1,P2,andP3inventoryitemsthatarenotaffectedbypolicy.
NoemailnotificationwillbesentforP4items.
NoteThisoptionhasnoeffectonthetakenoactionvalueforneitherapprovednorrejectedbypolicy.
Table2-3TaskFlowfields(cont.
)Column/FieldDescriptionChapter2ConfiguringFlexNetCodeInsightAboutFlexNetCodeInsightServerRESTAPIs50CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideAboutFlexNetCodeInsightServerRESTAPIsYoucancreateanadministrationclient(tool)thatcommunicateswiththeFlexNetCodeInsightserverusingRESTAPIstomanagescanoperationsandtoretrieveinventoryinformation.
TheseAPIsuseaREST-styleinterfaceandJSON.
FormoreinformationabouttheRestAPIs,seetheRestAPIGuideSwaggerdocumentationavailablefromtheHelpmenu.
TaskToviewRESTAPIdocumentation,dothefollowing:1.
FromanypageinFlexNetCodeInsight,clickandselectHelpfromthemenu.
TheDocumentationmenuappears.
2.
ClickRestAPIGuide.
TheRESTAPIdocumentationappearsinatabinyourbrowser.
3.
Toviewdetailsaboutaparticularitem,clickthearrow()nexttotheitem.
Additionalinformation,ifavailable,appearsundertheselecteditem.
4.
(Optional)WiththedetailsabouttheAPIvisible,clicktheAPItype(GET,POST).
MoreinformationabouttheAPIappears.
ClickTryitoutandthenclickExecute.
TheapplicationwillgeneratecURL,maketheRestAPIcallanddisplayaresponse.
3FlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential51Installing&ConfiguringFlexNetCodeInsightPluginsFlexNetCodeInsightprovidespluginsthatyoucanusetoperformscanactivitiesoutsideoftheFlexNetCodeInsightuserinterfaceforintegrationintotheEngineeringandbuildprocess.
Thissectiondiscussesthedownloading,installation,andconfigurationoftheseplugins:AboutPluginsDownloadingPluginsTheJenkinsPluginTheJFrogArtifactoryPluginTheDockerImagesScanPluginTheBambooPluginTheMavenPluginTheGradlePluginTheApacheAntPluginTheVisualStudioTeamServices(VSTS)ExtensionTheTeamCityPluginTheGitLabPluginAboutPluginsFlexNetCodeInsightprovidesthefollowingpluginsthatenabledata(codebasefiles)onremoteserverstobescanned:Jenkins:AllowsautomatedscanningofaJenkinsworkspaceaspartofthebuildprocess.
Artifactory:AllowsautomatedscanningofArtifactoryrepositoriestoidentifynon-compliantartifacts.
Docker:AllowsautomatedscanningofDockerimagesonaDockerserver.
Bamboo:AllowsautomatedscanningofaBambooworkspaceaspartofthebuildprocess.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsGeneratingaJWTAuthorizationToken52CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideMaven:AllowsautomatedscanningofMavenprojectsaspartofthebuildprocess.
Gradle:AllowsautomatedscanningofGradleprojectsaspartofthebuildprocess.
Ant:AllowsautomatedscanningofApacheAntaspartofthebuildprocess.
VisualStudio:AllowsautomatedscanningofaVSTSworkspaceaspartofthebuildprocess.
TeamCity:AllowsautomatedscanningofTeamCityprojectsaspartofthebuildprocess.
GitLab:AllowsautomatedscanningofGitLabprojectsaspartofthebuildprocess.
Genericscanplugin:EasilyintegrateswithotherEngineeringsystemstoperformscansaspartofabuildprocess(asdescribedinScanIntegrationWithBuildEnvironmentsThroughtheGenericScanPlugin).
Italsoenablesyoutoscanarbitraryfilesystemsofyourchoiceorcreateyourownscanplugin(asdescribedintheFlexNetCodeInsightPluginGuide).
AllthescannerpluginssendresultstoFlexNetCodeInsightforinventorycreation,review,andsecurityalerting.
NoteInadditiontothescanagentplugins,ascanschedulerpluginforJenkinsisavailable.
ThescanschedulerpluginforJenkinsallowsyoutoschedulethescanofacodebaseresidingontheFlexNetCodeInsightserverviatheJenkinsscheduler.
GeneratingaJWTAuthorizationTokenFlexNetCodeInsightusesaJSONWebToken(JWT)toauthorizeuseraccesstothepublicRESTAPI.
SeveralofthescanagentpluginsmakeuseoftheRESTAPI,sotheyrequireaJWT.
ThefollowingprocedureexplainshowtogenerateandspecifyaJWTinFlexNetCodeInsight.
TaskTogenerateaJWTauthorizationtoken,dothefollowing:1.
LogintoFlexNetCodeInsight.
2.
OpentheAdminmenuandselectPreferences.
ThePreferencespageappears.
3.
CreateanewJWTauthorizationtokenorcopyanexistingone:TocopyanexistingJWTauthorizationtoken,clickonthetokennameandclicktheclipboardicon()thatappearsintheActionscolumn.
TocreateanewJWTauthorizationtoken,clickAddToken.
TheAddTokendialogappears:Typeanameforthenewtoken.
PickanexpirationdateorselectNeverExpires.
ClickSave.
4.
CopythenewtokenstringandpasteitintotheTokenfieldontheFlexNetCodeInsightScandialogtoconfigurethedesiredFlexNetCodeInsightscanplugin(Jenkins,Bamboo,etc.
).
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsDownloadingPluginsFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential53DownloadingPluginsTheFlexNetCodeInsightpluginsareprovidedinazipfilethatisnotincludedwiththeproductinstallation.
YoucanaccessthepluginszipfilefromFlexera'sCustomerCommunitypage.
ThefollowingprocedureassumesyouhavealoginandpasswordtoaccesstheCustomerCommunitypageonFlexera.
com.
TaskTodownloadthepluginzipfile,dothefollowing:1.
LogintotheCustomerCommunitypageoftheFlexerawebsite:https://flexeracommunity.
force.
com/customer/2.
ClickDownloads.
3.
ClicktheAccessbuttonunderFlexNetCodeInsight.
TheProductandLicenseCenterpageappears.
4.
SelectFlexNetCodeInsightfromtheYourDownloadslist.
5.
SelecttheversionofFlexNetCodeInsightfromthelist.
TheDownloadspageappears.
6.
DownloadtheCodeInsight2018Plugins.
zipfile.
7.
Whenthedownloadfinishes,extractthedesiredpluginsubdirectorytoyourinstallationdirectory:Forastandardscanplugin(suchasAnt,Artifactory,Bamboo,Docker,Gradle,Jenkins,orMaven),extractthesubfolderthatidentifiestheplugin(suchascode-insight-docker-images-pluginfortheDockerscanplugin).
FortheCodeInsightgenericscanagentplugin(requiredforVisualStudioTeamServices,TeamCity,orGitLabscans),extractthesubfoldercode-insight-agent-sdk-generic-plugin.
Ensurethatyouextracttheentiresubfolderintoyourinstallationdirectory,soyouhaveallnecessaryfilestoimplementtheplugin.
TheJenkinsPluginFlexNetCodeInsightprovidesaJenkinsbuild-serverscanplugintoallowforautomatedscanningoftheJenkinsworkspaceaspartofthebuildprocess.
ThescanresultsaresenttoFlexNetCodeInsightforinventorycreation,review,andsecurityalerting.
Afterthescancompletes,youcanlogintoFlexNetCodeInsight,opentheassociatedprojectandreviewanydetectedinventoryitems.
TheJenkinsplugininstallationandconfigurationprocessproceedsinthefollowingmanner:1.
ReviewtheprerequisitesfortheJenkinsscanplugin.
SeePrerequisitefortheJenkinsPlugin.
2.
Settheheapsize.
SeeSettingHeapSizefortheJenkinsPlugin.
3.
SetuptheJenkinsscanplugin.
SeeSettingUptheCodeInsightJenkinsPlugin.
ForexamplesonhowtoincludetheCodeInsightscanasapartofaJenkinsPipeline,seeSupportfortheJenkinsPipeline.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheJenkinsPlugin54CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuidePrerequisitefortheJenkinsPluginBeforeyouinstallandconfiguretheJenkinsplugin,ensurethatthefollowingprerequisitesaremet:Jenkinsmustbeinstalledandconfiguredproperlyinyourenvironment.
TheprojectmustbesetupinFlexNetCodeInsight.
ForinformationoncreatingaFlexNetCodeInsightproject,seeCreatingaProjectintheFlexNetCodeInsightUserguide.
SettingHeapSizefortheJenkinsPluginTheJenkinsScanAgentpluginrequiresaminimumof4GBheapforscanning.
Theheapsizemayneedtobeadjustedbasedonthenumberofparallelscanstobeexecuted.
Inaddition,ensurethatyouareusinga64-bitJavavirtualmachine(JVM)andthatyourunthescanagentasaJenkinsSlave,whichisaJavaexecutablethatusuallyrunsonaremotemachine.
Theprocedureforsettingtheheapsizediffersdependingupontheenvironmentyouareusing,WindowsorLinux.
Followtheprocedureforyourenvironment.
WindowsTaskTosettheheapsizeinWindows,dothefollowing:1.
Openthejenkins.
xmlconfigurationfile.
2.
Updatethevaluetopointtoyour64-bitJVM:C:\Java\jdk1.
8\jre\bin\java3.
UpdatetheJVMarguments(-Xmxvalue)toallocateaminimumheapsizeof4GB:-Xrs-Xmx4g-Dhudson.
lifecycle=hudson.
lifecycle.
WindowsServiceLifecycle-jar"%BASE%\jenkins.
war"--httpPort=8080--webroot="%BASE%\war"NoteTheheapsizemayhavetobeadjustedbasedonthenumberofparallelscanstobeexecuted.
LinuxTaskTosettheheapsizeinLinux,dothefollowing:1.
Openthe/etc/default/jenkinsfile.
2.
UpdatetheJVMargumentstoallocateaminimumheapsizeof4GB:JAVA_ARGS="-Xmx4096m"NoteTheheapsizemayhavetobeadjustedbasedonthenumberofparallelscanstobeexecuted.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheJenkinsPluginFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential55SettingUptheCodeInsightJenkinsPluginTaskTosetuptheJenkinsplugin,dothefollowing:1.
ExtracttheJenkinsscanpluginfromtheCodeInsight2018Plugins.
zipfile.
Formoreinformation,seeDownloadingPlugins.
2.
AccessyourJenkinsserverinstanceandnavigatetoManageJenkins->ManagePlugins->Advancedtab->UploadPlugin.
3.
Browsetothecode-insight-scan-plugin.
hpifileandclickUpload.
4.
RestarttheJenkinsserverafterinstallingtheplugin.
5.
CreateanewJenkinsproject:a.
ClickNewItem.
b.
Enteraname.
c.
Selectaprojecttype.
d.
ClickOK.
6.
Toconfiguretheproject,selectAddpost-buildactionfromthePost-buildactiondropdownmenu,andselectScanwithFlexNetCodeInsight.
TheScanwithFlexNetCodeInsightdialogappears.
7.
EnterthefollowinginformationintheScanwithFlexNetCodeInsightdialog:CodeInsightCoreServerBaseURL:TheURLforthecoreserver(forexample,http://fnciserver.
myorg.
org:8888/codeinsight).
UserAccessToken:ThistokengeneratedusingtheFlexNetCodeInsightuserinterface.
Copyandpastethetokenintothisfield.
SeeGeneratingaJWTAuthorizationToken.
ProjectName:ThenameoftheprojectthatwascreatedintheFlexNetCodeInsightuserinterface(forexample,ScanMaster_WindowsJenkins1).
8.
ClickTestConnectiontotestyourconnectiontoFlexNetCodeInsight.
9.
ClickSave.
Thenexttimeyoubuild,thescanwillbeperformedafterthebuildaction.
NoteEnsurethatyourJenkinsserverenvironmenthasaminimumof4GBofheapspace,adjustedbasedonthenumberofparallelscantobeexecuted.
Alsoensurethattheenvironmentisconfiguredwitha64-bitJREtosupportthatamountofheapspace.
Inaddition,runthescanagentasaJenkinsSlave.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheJenkinsPlugin56CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideSupportfortheJenkinsPipelineTheCodeInsightpluginforJenkinssupportstheinclusionoftheCodeInsightscaninaJenkinsPipeline,asdescribedinthefollowingtopics:ProvidingthePipelineScriptfortheScanStepPipelineCodeExamplesforRunningtheScanProvidingthePipelineScriptfortheScanStepOnceyoubuildthePipelinejob,youneedtoincludethePipelinescriptforthescanstep,StartScan,inyourPipelinecode.
(Thenextsection,PipelineCodeExamplesforRunningtheScan,providesexamplesofPipelinecodethatincludethisscript.
)TocreatethePipelinescriptfortheStartScanstep,youcanuseoneofthesemethods:GototheSnippetGenerator,selecttheStartScan:ScanworkspaceandsendresultstoFlexNetCodeInsightstep,andgeneratethescript.
ThencopyandpastethegeneratedscriptintothePipelinecode.
SimplycreatethescriptfortheStartScanstepashighlightedinthePipelinecodeexamples.
SeeSettingUptheCodeInsightJenkinsPluginforadescriptionoftheproperties(baseURL,projectname,andJWTtoken)usedinthePipelinescript.
PipelineCodeExamplesforRunningtheScanJenkinssupportstwosyntaxtypesforthedevelopmentofPipelinecode:Scriptedsyntax—The"traditional"syntaxusedtodevelopthePipelineasascriptusingGroovyasthedomain-specificlanguage.
Declarativesyntax—Asimple,user-friendlysyntaxwithapredefinedhierarchyofstatementsthatmakesPipelinedevelopmenteasierthanwiththeScriptedsyntax.
Additionally,itdoesnotrequireknowledgeoftheGroovylanguage.
JenkinssupportfortheDeclarativesyntaxwasintroducedwithJenkinsPipelinePlugin2.
5.
ThefollowingexamplesshowbothtypesofPipelinecodesyntaxinwhichthePipelinescriptforthescanhasbeenincorporated:ExampleDeclarativePipelineCodetoRuntheScanExampleScriptedPipelineCodetoRuntheScanThePipelinescriptforthescanstepishighlightedineachexample.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheJenkinsPluginFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential57ExampleDeclarativePipelineCodetoRuntheScanThefollowingisanexampleofDeclarativecodeusedtoruntheCodeInsightscanasaStartScanstepinthePipelineprocess:pipeline{agentanystages{stage('Checkoutbuildandscanproject1'){steps{gitcredentialsId:'abcd',url:'git://git.
company.
com/organization/repository1.
git'sh"'PATH_TO_MAVEN/bin/mvn'cleaninstall"StartScan(baseUrl:'http://HOST_NAME:PORT/',projectName:'FNCI_PROJECT_NAME',token:'JWT_TOKEN')}}}}ExampleScriptedPipelineCodetoRuntheScanThefollowingisanexampleofScriptedPipelinecodeusedtoruntheCodeInsightscanasaStartScanstepinthePipelineprocess.
TheexamplealsoshowshowtosetupindividualscanswithinasinglePipelinejobbyspecifyingmultipledirectories.
node{checkout1()checkout2()}defcheckout1(){dir("project-1"){stage('Checkoutproject1'){gitcredentialsId:'abcd',url:'git://git.
company.
com/organization/repository1.
git'}stage('BuildProject1'){build()}stage('ScanProject1'){StartScan(baseUrl:'http://HOST_NAME:PORT/',projectName:'FNCI_PROJECT_NAME',token:'JWT_TOKEN')}}}defcheckout2(){dir("project-2"){stage('Checkoutproject2'){gitcredentialsId:'abcd',url:'git://git.
company.
com/organization/repository2.
git'}stage('BuildProject2'){build()}stage('ScanProject2'){Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheScanSchedulerPluginforJenkins58CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideStartScan(baseUrl:'http://HOST_NAME:PORT/',projectName:'FNCI_PROJECT_NAME',token:'JWT_TOKEN')}}}defbuild(){sh"'PATH_TO_MAVEN/bin/mvn'cleaninstall"}TheScanSchedulerPluginforJenkinsBeforeyouinstallandconfiguretheJenkinsScanSchedulerplugin,ensurethatthefollowingprerequisitesaremet:Jenkinsmustbeinstalledandconfiguredproperlyinyourenvironment.
TheprojectofinterestmustbesetupinFlexNetCodeInsight.
ForinformationoncreatingaFlexNetCodeInsightproject,seeCreatingaProjectintheFlexNetCodeInsightUserguide.
TaskToinstalltheFlexNetCodeInsightScanSchedulerforJenkins,dothefollowing:1.
SignintoJenkinsCI.
2.
NavigatetoManageJenkins>ManagePlugins>Advanced.
TheUploadPlugindialogappears.
3.
ClickChooseFileandselectthecode-insight-scan-scheduler.
hpifile.
4.
ClickUpload.
5.
RestarttheJenkinsserverafteruploadingtheplugin.
6.
CreateanewJenkinsproject:ClickNewItem.
Enteraname.
Selectaprojecttype.
ClickOK.
7.
Toconfiguretheproject,selectAddbuildstepfromtheBuilddropdownmenu,andselectScheduleaCodeInsightScan.
TheScheduleaCodeInsightScandialogappears.
8.
EnterthefollowinginformationintheScheduleaCodeInsightScandialog:ServerURL:TheURLforthecoreserver.
Forexample,http://fnciserver.
myorg.
org:8888/codeinsight/.
Token:ThistokenmustbegeneratedintheFlexNetCodeInsightWebUIandpastedintothisfield.
SeeTheBambooPlugin.
ProjectID:TheIDoftheprojectthatwascreatedintheFlexNetCodeInsightWebUI.
9.
ClickTestConnectiontotestyourconnectiontoFlexNetCodeInsight.
10.
ClickSave.
Thenexttimeyoubuild,thescanwillbescheduledontheFlexNetCodeInsightserverfortheconfiguredprojectaspartofthebuild.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheJFrogArtifactoryPluginFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential59TheJFrogArtifactoryPluginJFrogArtifactoryisabinaryrepositorymanagerwherethird-partyartifactsarestored.
TheArtifactoryrepositoryiscentralized,soalldevelopersusethesamerepositorytoaccessartifacts,whichprovidesfasteraccess,control,andsecurityofbinaryartifacts.
FlexNetCodeInsightprovidesapluginthatcanscananArtifactoryrepositoryandcreateinventoryinaCodeInsightproject.
SinceArtifactorycancontainseveralrepositories,theplugincanalsoscanmultipleArtifactoryrepositoriesandcreateinventoryforseveralCodeInsightprojects.
ThefollowingtopicsdescribehowtoinstallandusetheArtifactoryplugin:PrerequisitesfortheArtifactoryPluginInstallingtheArtifactoryPluginScanninganArtifactoryRepositoryUsingaCronJobScanninganArtifactoryRepositoryUsingRESTAPIScanResultsPrerequisitesfortheArtifactoryPluginBeforeinstallingandusingtheArtifactoryplugin,ensurethatthefollowingprerequisitesaremet:YoursiteusesJFrogArtifactoryPRO5.
xorhigher.
TheprojectorprojectsthatwillcontainthedetectedinventoryitemsmustbesetupinFlexNetCodeInsight.
ForinformationoncreatingaFlexNetCodeInsightproject,see"CreatingaProject"intheFlexNetCodeInsightUserguide.
Thefollowingproceduresassumethatyouhavewriteaccessfortheetc/pluginsdirectoryontheArtifactoryserver.
Ifyoudonothaveaccesstothatdirectory,besuretoobtainaccessbeforeattemptingtoinstalltheplugin.
InstallingtheArtifactoryPluginTheArtifactorypluginisavailablefromtheDownloadssectionoftheFlexeraCustomerCarewebsite.
Usethefollowingstepstoinstalltheplugin.
TaskToinstalltheArtifactoryscanplugin:1.
ExtracttheArtifactoryscanpluginfromtheCodeInsight2018Plugins.
zipfilethatwasdownloadedfromtheFlexeraCustomerCareWebsite.
Formoreinformationaboutdownloadingplugins,seeDownloadingPlugins.
2.
Copythefollowingplugindirectoryandfilesintothe/etc/pluginsdirectoryontheArtifactoryserver:libsdirectorycode-insight-scan-plugin.
groovyfilecode-insight-scan.
plugin.
propsfile3.
Definethepropertiesinthecode-insight-scan.
plugin.
propsfile:repoKeys=/,Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheJFrogArtifactoryPlugin60CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuidecodeinsight.
server=http(s)://:/codeinsight.
auth.
token=Bearercodeinsight.
project.
name=,plugin.
root.
path=plugin.
project.
description=willbesetbyplugin,canbeleftblankisScanCronJobEnabled=disabledisPluginEnabled=enabledcronJobTime=1artifactory_url=http(s)://:/artifactory/4.
DetermineifyouwanttoexecutethescanwithacronjoborbycallingRESTAPI:Toexecuteascanwithacronjob,seeScanninganArtifactoryRepositoryUsingaCronJob.
ToexecuteascanbycallingRESTAPI,seeScanninganArtifactoryRepositoryUsingRESTAPI.
ScanninganArtifactoryRepositoryUsingaCronJobYoucanusethefollowingproceduretoscheduleanArtifactoryrepositoryscantorunperiodically.
TaskToexecuteanArtifactoryscanusingacronjob:1.
Openthecode-insight-scan.
plugin.
propsfile.
2.
ModifythepropertyisScanCronJobEnabled=disabledtoisScanCronJobEnabled=enabled.
3.
SetthecronJobTimepropertytoschedulethescan.
Usethefollowingdiagramandtheexampleitprovidestohelpyousettheproperty.
4.
RestarttheArtifactoryserver.
ScanninganArtifactoryRepositoryUsingRESTAPIYoucancallRESTAPItoscanallArtifactoryrepositorieslistedinthecode-insight-scan.
plugin.
propsfileortoscanaspecificrepositoryinstead.
ThefollowingtopicsdescribehowtoscanrepositoriesusingRESTAPI:RequirementsWhenUsingRESTAPItoScanRepositoriesScanningAllRepositoriesScanningaSpecificRepositoryReloadingtheArtifactoryPluginChapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheJFrogArtifactoryPluginFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential61RequirementsWhenUsingRESTAPItoScanRepositoriesThefollowingliststherequirementsforusingRESTAPIstoscanArtifactoryrepositories.
PrerequisiteforScanningRepositoriesAsprerequisiteforusingRESTAPItoscanArtifactoryrepositories,ensurethatthepropertiesincode-insight-scan.
plugin.
propsareproperlydefinedaccordingtotheinstructionsinInstallingtheArtifactoryPluginandaccordingtoanyspecificinstructionslistedintheprocedures.
RequiredOptionWhenUsingthe"https"ProtocolTheRESTAPIcallsusedinthenextsectionsusethehttpprotocol.
Tousethehttpsprotocolinstead,besuretoincludetheoption-kinthecall:curl-XPOST-u:-k"https://:8081/artifactory/api/plugins/execute/CodeInsightScan"ScanningAllRepositoriesThefollowingcommandscansallrepositorieslistedinthecode-insight-scan.
plugin.
propsfile.
TaskToscanallrepositoriesUsethefollowingAPIcalltoscanallrepositories:curl-XPOST-u:"http://:8081/artifactory/api/plugins/execute/CodeInsightScan"ScanningaSpecificRepositoryThefollowingprocedurescansaspecificrepository.
TaskToscanaspecificrepository:1.
Ensurethatthefollowingpropertiesarealsodefinedinthecode-insight-scan.
plugin.
propsfile:codeinsight.
server,codeinsight.
auth.
token,plugin.
root.
path,isPluginEnabled,andartifactory_url.
2.
UsethefollowingAPIcalltoscantherepository:curl-XPOST-u:"http://:8081/artifactory/api/plugins/execute/CodeInsightSingleScanparams=repoKey=%7cproject="Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheDockerImagesScanPlugin62CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideReloadingtheArtifactoryPluginIfyouhavedownloadedanupdatedversionoftheCodeInsightpluginforArtifactory,youcanusethisRESTAPIcalltoreloadthepluginbeforerunningascan:curl-XPOST--u:http://localhost:8081/artifactory/api/plugins/reloadScanResultsWhenthescancompletes,inventoryiscreatedinthecorrespondingFlexNetCodeInsightproject.
TheScanStatussectionontheProjectSummarypageprovidesinformationaboutthescan.
SimilarlyinArtifactory,informationaboutthescan,suchastheCodeInsightprojectname,thescanstatus,andalinktotheCodeInsightprojectinventoryareprovidedforeachrepositoryscanned.
FormoreinformationaboutusingpluginsinArtifactory,seethefollowingsite:https://www.
jfrog.
com/confluence/display/RTF/User+PluginsTheDockerImagesScanPluginDockerisacontainerizationtoolthatpackagesapplicationsandtheirdependenciesintocontainers,whicharecomprisedofstaticimages.
Theseimagesarethemselvescomprisedoflayers.
FlexNetCodeInsightprovidesaplugintoallowthescanningofDockerimagesonaDockerserver.
NoteItisrecommendedthatDockerimagesbescannedonadevelopment,test,orstagingserverbeforebeingpushedtoaproductioninstanceaspartoftheDevOpsprocessflow.
InstallingandLaunchingtheDockerImagesPluginBeforeyouinstallandconfiguretheDockerImagesplugin,ensurethatthefollowingprerequisitesaremet:TheDockerservermustbeinstalledandconfiguredproperlyinyourenvironment.
TheDockerscanplugincanonlybeexecutedonaserverthatalreadyhasanauthenticatedconnectiontotheDockerserver.
NoteTheDockerscanpluginissuesDockercommandswithoutpromptingforcredentials.
TheprojectthatwillcontainthedetectedinventoryitemsmustbesetupinFlexNetCodeInsight.
ForinformationoncreatingaFlexNetCodeInsightproject,see"CreatingaProject"intheFlexNetCodeInsightUserguide.
Aminimumof2GBofheapspacemustbeallocatedontheDockerserver,whichmustbeconfiguredwitha64-bitJREtosupportthatamountofheapspace.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheDockerImagesScanPluginFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential63TaskToinstallandlaunchtheDockerscanplugin,dothefollowing:1.
ExtracttheDockerimagesscanpluginfromtheCodeInsight2018Plugins.
zipfile.
Formoreinformation,seeDownloadingPlugins.
2.
Openthecode-insight.
docker.
propsfileinatexteditor://requiredcodeinsight.
server=http://127.
0.
0.
1:8888codeinsight.
auth.
token=BearereyJhbGciOiJIUzUxMiJ9.
eyJzdWIiOiJhZG1pbiIsInVzZXJJZCI6MSwiaWF0IjoxNTExNDM1MTk4fQ.
dHItJjJ2c89Dg5cVLvfGR3fwJcR3yAlVE6k98dRZTdp3h6McDgv_PloVVE88eJ2GOG0tNDOnhU0ShDLUzdu3Pgcodeinsight.
project.
name=inv2plugin.
root.
path=/Users/ranimathur/Work/Scratch///optionalplugin.
project.
name=pluginprojectnameplugin.
project.
description=pluginprojectdescriptionplugin.
path.
prefix=$demo_workspace/3.
Editthecode-insight.
docker.
propsfiletospecifythefollowinginformation:codeinsight.
server(required):TheURLpathtotheFlexNetCodeInsightserver.
codeinsight.
auth.
token(required):TheJWTauthenticationtokenthatyouobtainfromtheFlexNetCodeInsightserverusingtheBearerschema.
SeeGeneratingaJWTAuthorizationToken.
codeinsight.
project.
name(required):ThenameoftheFlexNetCodeInsightproject.
plugin.
root.
path(required):Therootpathwherethedockerpluginwillbeexecuting.
Thispathmusthavewritableprivilegesfortheuserexecutingtheplugin.
plugin.
project.
name(optional):Amoredescriptivenametotheprojectbeingscanned,thatmaybedifferentfromtheprojectnamespecifiedintheFlexNetCodeInsightserver.
ThistextwillappearintheProjectSummarypageoftheFlexNetCodeInsightGUI.
plugin.
project.
description(optional):Adescriptionoftheprojectbeingscanned.
ThistextwillappearintheProjectSummarypageoftheFlexNetCodeInsightGUI.
plugin.
path.
prefix(optional):Thepathprefixoftheimagebeingscanned.
ThisprefixwillbeusedtoreferencethefilepathsofthecodebaseontheProjectInventorypageoftheFlexNetCodeInsightGUI.
4.
IssuethefollowingcommandtolaunchtheDockerpluginfromthecommandline:%code-insight-docker-plugin.
sh-imageThedocker_image_nameisthenamegiventotheimagethatFlexNetCodeInsightistoscan.
NoteOnlythedownloadedDockerimageisscanned.
Asitruns,theDockerscanplugindoesthefollowing:ContactstheFlexNetCodeInsightservertovalidatetheconnectionanddownloadascanner.
IssuestheDockercommandstodownloadtheDockerimage.
ExtractstheDockerimage.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheBambooPlugin64CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideScanstheextractedDockerimagecontents.
ThepluginsendstheinventoryresultstoFlexNetCodeInsightconfigured.
NoteTheDockerscanpluginmustbelaunchedwhenevertheDockerimageisupdated.
TheDockerscanplugincanbeincludedinascript,sotheimageisscannedregularly.
TheBambooPluginFlexNetCodeInsightprovidesaBamboobuild-serverscanplugintoallowautomatedscanningofaBambooworkspaceaspartofyourapplicationbuildprocess.
ThescanresultsaresenttoFlexNetCodeInsightforinventorycreation,review,andsecurityalerting.
TheBamboopluginscansonlytheapplicationrootfolder.
BeforeyouinstallandconfiguretheFlexNetCodeInsightBambooplugin,ensurethatthefollowingprerequisitesaremet:Bamboo5.
2orhighermustbeinstalledandconfiguredasexplainedintheBambooInstallationguide.
Minimumheapmemorysizemustbesetto4GBfortheBambooServer.
Aninventory-onlyprojectmustbesetupinFlexNetCodeInsight.
Forinformation,seeCreatingaProjectandPerformingInventory-onlyScanningintheFlexNetCodeInsightUserguideoronlinehelp.
Installing&ConfiguringtheBambooPluginThefollowingprocedurecoversinstallingandconfiguringtheBambooplugin,whichrequiresyoutoperformactionsinbothBambooandFlexNetCodeInsight.
TaskToinstallandconfiguretheBambooplugin,dothefollowing:1.
ExtracttheBambooscanpluginfromtheCodeInsight2018Plugins.
zipfile.
Formoreinformation,seeDownloadingPlugins.
2.
AccessyourBambooserverinstance.
3.
FromtheBambooAdministrationicon,clickAdd-ons.
4.
ClickUploadadd-on.
5.
Browsetothecode-insight-bamboo-scan.
jarandclickUpload.
TheBamboojarfileislocatedwhereverthezipfilecontainingthepluginswasextracted.
6.
CreateaprojectinBamboo:Createtheplan.
Addajob.
AddaFlexNetCodeInsightScantasktoabuildproject.
7.
Ifyouhavenotdoneso,createaninventory-onlyprojectwithanamecorrespondingtotheBambooproject.
Forinformationaboutcreatinganinventory-onlyproject,seePerformingInventory-onlyScanningintheFlexNetCodeInsightUserguideoronlinehelp.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheMavenPluginFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential658.
EnterthefollowinginformationintheFlexNetCodeInsightScantask:ServerURL:TheURLforthecoreserver.
Forexample,http://fnciserver.
myorg.
org:8888/codeinsight/.
Token:ThistokenmustbegeneratedintheFlexNetCodeInsightWebUIandpastedintothisfield.
SeeGeneratingaJWTAuthorizationToken.
ProjectID:TheIDoftheprojectthatwascreatedintheFlexNetCodeInsightWebUI.
9.
ClickSave.
IftheServerURLandTokenvaluearecorrect,thetaskwillbesaved.
Thenexttimeyouruntheplan,theautomatedscanoftheworkspacewillbeexecutedfortheconfiguredprojectaspartoftheplan.
NoteThescantaskshouldbeplacedafterthebuildtaskintheplan'stasksequence.
TheMavenPluginMavenisatoolthatsimplifiesthebuildingandmanagementofJava-basedprojects.
TheFlexNetCodeInsightMavenscanpluginallowsyoutoscananapplicationprojectduringitsbuildonMavenwithoutdisruptingtheestablishedbuildprocess.
Oncescanned,thecodebasecanbeanalyzedintheFlexNetCodeInsightuserinterface.
TheMavenscanpluginmakesiteasytoincorporatescanningandanalysisintoyourdevelopmentworkflow.
Formoreinformation,refertothefollowing:MoreAbouttheMavenScanPluginPrerequisitesfortheMavenScanPluginInstallingandConfiguringtheMavenScanPluginCleaningtheApplicationProjectRunningtheMavenGoalfortheCodeInsightScanMoreAbouttheMavenScanPluginTheCodeInsightMavenscanpluginscansonlythefollowingitems:DirectdependenciesofaprojectTransitivedependenciesofaprojectBuildfoldercontainingtheapplicationjarsTheplugincreatesaMavengoalcalledcode-insight-scan,whichwillbeexecutedalongwiththeinstallphaseofthebuildcycletogetinventorydetails,asdescribedlaterinRunningtheMavenGoalfortheCodeInsightScan.
PrerequisitesfortheMavenScanPluginBeforeyouinstallandconfiguretheCodeInsightMavenscanplugin,ensurethatthefollowingprerequisitesaremet:JDK1.
8isinstalled.
Mavenisinstalled.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheMavenPlugin66CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuide%MAVEN_HOME%/binisconfiguredandaddedtothepathenvironmentvariable.
(ThisprerequisiteavoidsSSLcertificationissues.
)AJWTtokenhasbeengeneratedtoauthorizecallstoFlexNetCodeInsight.
SeeGeneratingaJWTAuthorizationToken.
InstallingandConfiguringtheMavenScanPluginUsethefollowingstepstoinstallandconfiguretheCodeInsightMavenscanplugin.
TaskToinstallandconfiguretheCodeInsightMavenscanplugin:1.
FromtheCodeInsight2018Plugins.
zipfilethatwasdownloadedfromtheFlexeraCustomerCareWebsite,extracttheMavenscanpluginsubdirectory(code-insight-maven-plugin)toalocationonyourlocaldisk.
Therecommendedlocationtowhichtoextractthissubdirectoryistheapplicationprojectdirectory.
2.
ExecutethefollowingcommandstoinstallthepluginintotheMavenlocalrepository:mvninstall:install-file-Dfile="$/code-insight-maven-plugin/lib/code-insight-maven-scan-.
jar"-DpomFile="$/code-insight-maven-plugin/lib/pom.
xml"-DgroupId=com.
flexnet.
maven-DartifactId=code-insight-maven-scan-Dversion=-Dpackaging=jarmvninstall:install-file-Dfile="$/code-insight-maven-plugin/lib/codeinsight-agent-.
jar"-DgroupId=com.
flexnet.
codeinsight-DartifactId=codeinsight-agent-Dversion=-Dpackaging=jarNotethefollowingvariables:$isyourapplicationprojectdirectory(orthelocaldirectorytowhichyouextractedtheplugin).
isthelatestversionofspecificjarfilereferencedinthecommand(eitherthecode-insight-maven-scanorcodeinsight-agentjarfile).
3.
Addthefollowinginformationtoyourapplicationpom.
xmlfile.
RefertoPluginandFNCIServerSettingsforadescriptionofthevaluesyouneedtoprovideforthepluginandfnciServerSettingssections.
com.
flexnet.
mavencode-insight-maven-scanlatest_codeinsight_maven_scan_jar_versionfalseinstallcode-insight-scanserver_urlbearer_server_token_valueChapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheMavenPluginFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential67FNCI_project_nameplugin_root_pathplugin_project_nameany_plugin_descriptionplugin_path_prefixPluginandFNCIServerSettingsThefollowingdescribesthesettingsthatyouneedtodefineinthepluginandfnciServerSettingssectionsoftheinformationyouareaddingtotheapplicationpom.
xmlfile(asdescribedinStep3ofthepreviousprocedure).
Table3-1FNCIServerSettingsintheApplication"pom.
xml"FileSettingDescriptionversionTheversionofthecode-insight-maven-scan-.
jarfileincludedwiththecurrentscanplugin(forexample,1.
0.
2).
fnciServer(Required)TheURLpathtotheFlexNetCodeInsightserverinthefollowingformat:http://:/codeinsight/fnciAuthToken(Required)TheJSONWebToken(JWT)usedtoauthorizeuseraccesstotheCodeInsightserverfunctionality.
ThetokenformatincludesthecommandBearer,followedbythetokenvalue,asintheexample:BearereyJhbGciOiJIUzUxMiJ9.
eyJzdWIiOiJhZG1pbiIsInVzZXJJZCI6MSwiaForinformationaboutgeneratingtheJWT,seeGeneratingaJWTAuthorizationToken.
fnciProjectName(Required)ThenameoftheFlexNetCodeInsightinventory-onlyprojectcreatedontheCodeInsightserverforyourapplicationcodebasescans.
pluginRootPathCurrentlynotused.
pluginProjectName(Optional)Thenameoftheapplicationprojectbeingscanned.
Thisnamewillappear,alongwiththeCodeInsightprojectname,intheLastScanfieldontheProjectSummarypageintheFlexNetCodeInsightuserinterface.
Itprovidesareferencetohelpareviewerordeveloperidentifywhatcodebasewasscanned.
pluginDescription(Optional)Adescriptionoftheapplicationprojectbeingscanned.
ThistextwillappearintheDescriptionfieldontheProjectSummarypageintheFlexNetCodeInsightuserinterface.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheGradlePlugin68CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideCleaningtheApplicationProjectDuringabuild,Mavencancacheagreatdealofoutput.
ThiscachedoutputcanhaveanegativeimpactontheperformanceoftheCodeInsightMavenscanplugin.
Therefore,beforeyouruntheMavengoalfortheCodeInsightscan,itisrecommendedthatyoucleantheapplicationproject,aprocessthatclearsthecacheoftheartifactsofpreviousbuilds.
TaskTocleantheapplicationproject:Executethefollowingcommand:mvncleanRunningtheMavenGoalfortheCodeInsightScanAfteryoucleantheapplicationproject,youcanrunthecode-insight-scanMavengoal,whichwillscanthecodebase.
TaskToexecutethegoalthatrunstheCodeInsightscan:Tobuildtheapplication(andruntheCodeInsightscanaspartofthebuildcycle),executethefollowingcommand:mvninstallAlternatively,toexecutetheCodeInsightscanonly,runthespecificgoal:mvncode-insight-maven-scan:code-insight-scanTheGradlePluginGradleisabuildautomationsystemthatusestheGroovylanguagetoestablishtheconfigurationofthebuildproject,ratherthanusingXMLasMavendoes.
TheFlexNetCodeInsightGradlepluginallowsacodebasecreatedinGradletobescannedandthenanalyzedintheFlexNetCodeInsightuserinterface.
TheGradlepluginscansonlythefollowingitems:Directdependenciesofaproject.
Transitivedependenciesofaproject.
Thedistributionfoldercontainingapplicationjars.
pluginPathPrefix(Optional)Thepathprefixforthecodebasefilesbeingscanned.
ThisprefixisusedtoreferencethecodebasefilepathsontheProjectreportgeneratedfromtheProjectSummarypageintheFlexNetCodeInsightuserinterface.
Table3-1FNCIServerSettingsintheApplication"pom.
xml"FileSettingDescriptionChapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheGradlePluginFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential69NoteTheGradleplugindoesnotscanthejarspresentinthelibfolder,whichareplugin-dependentjars.
BeforeyouinstallandconfiguretheFlexNetCodeInsightGradleplugin,ensurethatthefollowingitemsarecorrectlyinstalledandconfigured:JDK1.
8GradleJWTtokentoauthorizecallstoFlexNetCodeInsight.
SeeGeneratingaJWTAuthorizationToken.
InstallingandConfiguringtheGradlePluginTousetheGradleplugin,youmustaddthesettingstotheapplication'sbuild.
gradle.
ThissectioncontainstheprocedureforinstallingandconfiguringtheGradleplugin.
TaskToinstalltheGradleplugin,dothefollowing:1.
ExtracttheGradlepluginfromtheCodeInsight2018Plugins.
zipfile.
SeeDownloadingPlugins.
2.
Addallthedependentjarsinthecode-insight-gradle-plugintotheapplicationclasspathbydoingthefollowing:Createafoldernameddependent_jarswithintheapplication.
Copyalljarfilesintothatfolder.
Addthefollowingconfigurationtomakethejarsavailabletotheclasspath:buildscript{dependencies{classpathfiles(fileTree(dir:'dependent_jars',includes:['*.
jar']))}}3.
Addthefollowingsettingstothebuild.
gradlefile:applyplugin:'code-insight-gradle-plugin'scanSettings{fnciServer="server_url"fnciAuthToken="Bearerserver_token_value"fnciProjectName="provideFNCIprojectnamehere"pluginRootPath="provide/plugin/root/path/here"pluginProjectName="providepluginprojectnamehere"pluginDescription="provideanyplugindescriptionhere"pluginPathPrefix="provide/plugin/path/prefix"}Where:scanSettingsisanextensiontoprovidetheFlexNetCodeInsightscanserversettings.
fnciServeristhehostedserverwheretheFlexNetCodeInsightapplicationisrunning.
Thisfieldisrequired.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheApacheAntPlugin70CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuidefnciAuthTokenistheuseridentificationtokenoftheFlexNetCodeInsightservercontainingthecommand"Bearer",followedbythetokenvalue.
Forexample,BearereyJhbGciOiJIUzUxMiJ9.
eyJzdWIiOiJhZG1pbiIsInVzZXJJZCI6MSwia.
Thisfieldisrequired.
ForinformationaboutgeneratingtheAuthtoken,seeGeneratingaJWTAuthorizationToken.
fnciProjectNameistheprojectnamethatyouarerunningthepluginagainst.
Thisprojectname(inventory-onlytype)mustbepresentontheFlexNetCodeInsightserver.
Forexample,test1.
Thisfieldisrequired.
pluginRootPathisthepathwherethepluginwillbelaunched(usuallytherootoftheapplication).
Forexample,D:\\test\\Gradle_test\\Gradle_application.
Thisfieldisrequired.
pluginProjectNameiswhereyoucanprovidethenameoftheapplicationagainstwhichyouarerunningtheplugin.
Forexample,GradleApplication.
Thisfieldisoptional.
pluginDescriptionisadescriptionoftheapplication,whichwillbeseenontheProjectSummarypageinFlexNetCodeInsight.
Forexample,GradleApplicationTest.
Thisfieldisoptional.
pluginPathPrefixinventoriesthefilepathprefixvalueontheFlexNetCodeInsightserver,whichcanbeseenintheAssociatedFilessectionofinventoryinFlexNetCodeInsight.
Forexample,demo_workspace/.
Thisfieldisoptional.
4.
Torunascanoftheapplication,usethecode-insight-scantaskasinoneofthefollowing:Afterthebuild,rungradlecode-insight-scan.
orWiththebuild,rungradlebuildcode-insight-scan.
TheApacheAntPluginApacheAntisatooltosupportthebuildprocessforJavaprojects.
AntisoftenusedinconjunctionwithotherbuildtoolssuchasMaven.
FlexNetCodeInsightprovidesapluginthatisexecutedalongwiththetargetofthebuildcycletoobtaininventorydetails.
TheApacheAntpluginscansonlytheapplicationrootfolder.
BeforeyouinstallandconfiguretheFlexNetCodeInsightAntplugin,ensurethatthefollowingitemsarecorrectlyinstalledandconfigured:JDK1.
8installed.
ApacheAntinstalled.
ToauthorizecallstoFlexNetCodeInsight,seeGeneratingaJWTAuthorizationToken.
ConfiguringthePluginTaskToconfiguretheplugin,dothefollowing:1.
ExtracttheAntpluginfromtheCodeInsight2018Plugins.
zipfile.
SeeDownloadingPlugins.
2.
Configure%ANT_HOME%andadd%ANT_HOME%/bintothepathvariable.
folder.
3.
TochecktheAntplugininstallation,runthefollowingcommand:ant-vChapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheApacheAntPluginFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential714.
Addallthedependentjarsfromthecode-insight-ant-pluginfoldertotheapplication'scompileclasspath.
5.
Torunthetaskcodeinsightantpluginalongwiththecompiletarget,pastethetaskdefcodesnippetintothecompiletargetandrunthefollowingcommand:antcompileForthecodesnippet,seeExecutingtheScan.
6.
Copythecode-insight-ant.
jarintothepathusedforthecompiletask,andsettheclasspathrefidofthejavactaskastheclasspathrefinthecodeinsightantplugintask.
ExecutingtheScanTaskToexecutethescan,dothefollowing:1.
Runthefollowingcommand:anttargetnameForexample:antcompile2.
Toexecutethescanalongwithanytargetofthebuildlifecycle,applytheplugininsidethetargetinthebuild.
xmloftheAntapplicationasfollows:NoteAlthoughspecifyingtaskdef.
classpathisnotmandatory,youshouldsetthepathidofthejavactaskastheClasspathrefinthecodeinsightantplugintaskdef.
Iftheapplicationdoesnothaveajavacpath-iddefinedinthebuild.
xml,youmustdefineonenewpathidreferringtoallcompiletimedependenciesandusethisasClasspathref.
Forexample:Use"cp"astheClasspathrefinthetaskdef.
NoteTheAntpluginprojectnamecannotincludetheampersand(&)character.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheVisualStudioTeamServices(VSTS)Extension72CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideTheVisualStudioTeamServices(VSTS)ExtensionTheVisualStudioTeamServices(VSTS)extensionforFlexNetCodeInsightallowsdevelopmentteamstoeasilyintegrateopensourcescanningintotheirbuild.
ThescanresultsaresenttoFlexNetCodeInsightforinventorycreation,review,andsecurityalerting.
Toenablethisfunctionality,youneedtoinstalltheFlexNetCodeInsightScanextensionandconfigurethebuildprocesstoincludethescan:PrerequisiteInstallingtheFlexNetCodeInsightVSTSExtensionAddingaFlexNetCodeInsightScanTasktoYourAgentJobPrerequisiteBeforeyouinstallandconfiguretheFlexNetCodeInsightScanextension,createaprojectinCodeInsightwithaProjectTypeofInventory-Only.
(ThisprojecttypeisusedbecausethepluginallowsforremotescanninganddoesnotrequirethatyouuploadyourcodebasetoCodeInsight.
)Afterthescanisfinished,youcanlogintoCodeInsightandreviewthedetectedinventoryitemsintheproject.
ForinstructionsoncreatingaCodeInsightproject,referto"CreatingaProject"intheFlexNetCodeInsightUserGuide.
InstallingtheFlexNetCodeInsightVSTSExtensionToobtainandinstalltheFlexNetCodeInsightScanextension,performthefollowingsteps.
TaskToobtainandinstalltheFlexNetCodeInsightScanextension:1.
OpentheVisualStudioMarketplace:https://marketplace.
visualstudio.
com/2.
IntheVisualStudioTeamServicessection,searchfortheFlexNetCodeInsightScanextension.
3.
DownloadandinstallthisextensionintoVisualStudio.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheVisualStudioTeamServices(VSTS)ExtensionFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential73AddingaFlexNetCodeInsightScanTasktoYourAgentJobAftertheFlexNetCodeInsightScanextensionhasbeeninstalled,youneedtoaddaFlexNetCodeInsightScantasktoyouragentjobsothatthescanisautomaticallyperformedaspartofyourbuildprocess.
TaskToaddaFlexNetCodeInsightScantasktoyourAgentjob:1.
CreateabuildpipelineforyourVisualStudioproject.
2.
LocatetheFlexNetCodeInsightScantaskinthetaskcatalog.
3.
AddtheFlexNetCodeInsighttaskatanypointafterthebuildtaskhascompleted.
4.
DefinethescantaskpropertiesontheFlexNetCodeInsightScanwindow:Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsScanIntegrationWithBuildEnvironmentsThroughtheGenericScanPlugin74CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideThefollowingdescribesthetaskproperties:FieldDescriptionFlexNetCodeInsightServerTheURLforthecoreserver(forexample,http://fnciserver.
myorg.
org:8888/codeinsight/).
EnsurethattheURLispubliclyaccessibleandthattheportisavailable.
AuthorizationTokenTheJWTauthorizationtokengeneratedusingtheFlexNetCodeInsightuserinterface.
(Copyandpastethetokenintothisfield.
)SeeGeneratingaJWTAuthorizationToken.
FlexNetCodeInsightProjectNameThenameoftheinventory-onlyprojectthatwascreatedintheFlexNetCodeInsightuserinterface(forexample,ScanProject2_VSTS).
Folder(s)toScanThefoldercontainingthecodetoscan.
Typically,youwoulduse$(build.
artifactstagingdirectory,whichisthelocationwherethebuildoutputisstagedduringthebuildprocess.
5.
Saveandqueuethebuilddefinition.
Thescanwillbeperformedinthebuildenvironmentaspartofthebuildprocess,andtheresultswillbesenttotheconfiguredFlexNetCodeInsightproject.
TheresultinginventoryitemscanbeviewedintheFlexNetCodeInsightuserinterface.
ScanIntegrationWithBuildEnvironmentsThroughtheGenericScanPluginFlexNetCodeInsightincludesagenericscanpluginthatallowsintegrationofFlexNetCodeInsightwithvariousEngineeringapplicationsforautomaticcompositionscanningaspartofthebuildprocess.
TheVisualStudioTeamServices(VSTS)PrivateAgentServer,TeamCity,GitLabintegrationsutilizethegenericscanpluginforremotescanningandreturningtheresultsbacktoCodeInsightforfurtherreviewandreporting.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheTeamCityPluginFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential75ThediscoveredinventoryitemsarecreatedontheCodeInsightservercanbereviewedautomaticallyviapoliciesormanuallyreviewedbyvariousstakeholders.
Securityalertswithcorrespondingemailnotificationswillbegeneratedforanyinventoryitemswithnewsecurityvulnerabilities.
Seethenextsection,DownloadingtheGenericScanPlugin,forinformationaboutdownloadingtheCodeInsightgenericscanpluginandaboutitsprerequisites.
FormoreabouttheCodeInsightgenericplugin,includinghowtouseittoscanarbitraryfilesystemsofyourchoiceortocreateacustomscanplugin,seetheFlexNetCodeInsightPluginGuide.
RefertothefollowingtopicsabouthowtoobtaintheCodeInsightgenericscanpluginandpreparetouseit:DownloadingtheGenericScanPluginPrerequisitesforUsingtheGenericScanPluginDownloadingtheGenericScanPluginRefertoDownloadingPlugins.
Copy(ordirectlyextract)thecode-insight-agent-sdk-generic-pluginfoldertothelocationspecifiedintheappropriatesectionforthegivenbuildsystem,asdescribedbelow.
PrerequisitesforUsingtheGenericScanPluginThefollowingprerequisitesarerequiredtousetheFlexNetCodeInsightgenericscanplugin:Aminimumof4GBheapisrequiredforscanning.
AFlexNetCodeInsightInventoryOnlyprojectneedstobecreatedtostorethediscoveredinventoryitems.
(Refertothe"CreatingaProject"sectionintheFlexNetCodeInsightUserGuide.
)Internetaccessisnotrequired,butisrecommended.
IfInternetaccessisavailable,thescanagentwillperiodicallydownloadthelatestsecurityvulnerabilitydefinitionsfromtheNationalVulnerabilityDatabase(NVD).
IfInternetaccessisnotavailable,thenthedefaultsignaturesthatwerereleasedwiththelatestversionofFlexNetCodeInsightwillbeused.
Anyadditionalrequirementsforagivenbuildenvironmentareaddressedintheappropriatesectionforthatbuildenvironment(VSTS,TeamCityorGitLab),asfollows.
TheTeamCityPluginThissectionexplainshowtoconfigureTeamCitytointegratewiththeFlexNetCodeInsightgenericscanplugintoautomaticallyperformcompositionscanningaspartofthebuildprocess.
ThescanoccursontheTeamCitybuildagent.
Thefollowingtopicsarecovered:PrerequisitesInstallingtheGenericScanAgentonTeamCityAgentConfiguredonWindowsConfiguringaBuildtoRunaCodeInsightScanExecutingtheBuildChapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheTeamCityPlugin76CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuidePrerequisitesThefollowingprerequisitesarerequiredtointegrateTeamCitywiththeFlexNetCodeInsightgenericscanplugin:AlltheprerequisiteslistedinPrerequisitesforUsingtheGenericScanPlugin.
ATeamCitybuildagentneedstobeinstalledandconfiguredtousetheFlexNetCodeInsightgenericscanplugin.
(Refertohttps://confluence.
jetbrains.
com/display/TCD10//Setting+up+and+Running+Additional+Build+Agentsforinstructions.
)InstallingtheGenericScanAgentonTeamCityAgentConfiguredonWindowsTheFlexNetCodeInsightgenericscanpluginislocatedinthecode-insight-agent-sdk-generic-pluginfolderthatyouextractedfromtheCodeInsight2018Plugins.
zipfile.
Copy(ordirectlyextract)thisfoldertotheTeamCitybuildagent(seeDownloadingPlugins).
Thescanpluginfoldercontainsajarfileandasamplebatchandshellscript.
OntheTeamCitybuildagent,updatethefollowingtomatchyourenvironment:Thecodebaseroot:SETROOT_PATH=C:\Codebase\outputThebinfolderlocationforthegenericscanplugin:cdC:\agent\GenericScanPlugin\example\binNotethatthefirsttimeascanisperformedusingthegenericscanplugin,adatasnapshotisdownloadedfromtheNationalVulnerabilityDatabase(NVD)togenerateanindexofthelatestsecurityvulnerabilities.
ConfiguringaBuildtoRunaCodeInsightScanFollowthesestepstoconfigureabuildtorunaCodeInsightscan.
TaskToconfigureabuildtorunaCodeInsightscan:1.
LogintoTeamCity,selectyourproject,andcreateanewBuildConfiguration.
2.
ToconfigureabuildsteptorunaCodeInsightscan,selectonyourbuildconfiguration,andclickAddBuildStep.
3.
FromtheRunnertypelist,selectCommandLine.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheTeamCityPluginFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential774.
ConfiguretheCommandlinebuildstepfortheCodeInsightscan:a.
EnteravalueforStepname(forexample,CodeinsightScan)toidentifythestep.
b.
IntheRunfield,selectCustomscript.
c.
IntheCustomscriptfield,providethefollowing:C:\GenericScanPlugin\example\bin\TeamCity_FNCIScan.
batReplacethefollowingvariablesinthescriptwiththeappropriateinformation:withthenameoftheprojectyoucreatedearliertocapturetheinventorywithyourCodeInsightserverURL(forexample,http://1.
1.
1.
1:8888/codeinsight)withyourJWTauthorizationtokenobtainedfromtheCodeInsightserver(asdescribedinGeneratingaJWTAuthorizationToken)Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheGitLabPlugin78CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideWhencomplete,yourbuildconfigurationshouldlooklikethis:ExecutingtheBuildThenexttimeyourbuildisexecuted,aFlexNetCodeInsightagentscanwillbeperformedattheendofthebuildprocess.
IfyouhavescheduledtheCodeInsightscanjob,afteraMavenbuild,forexample,youshouldseesomethinglikebelowinyourTeamCitybuildqueue:TheGitLabPluginThissectionexplainshowtoconfigureGitLabtointegratewiththeFlexNetCodeInsightgenericscanplugintoautomaticallyperformcompositionscanningaspartofthebuildprocess.
ThescanoccursontheGitLabrunner.
Thefollowingtopicsarecovered:PrerequisitesInstallingtheGenericScanAgentonGitLabRunnerConfiguredonWindowsConfiguringtheCI/CDPipelinetoRunaCodeInsightScanExecutingtheBuildPrerequisitesThefollowingprerequisitesarerequiredtointegrateGitLabwiththeFlexNetCodeInsightgenericscanplugin:AlltheprerequisiteslistedinPrerequisitesforUsingtheGenericScanPlugin.
AGitLabrunnerneedstobeinstalledandconfiguredtousetheFlexNetCodeInsightgenericscanplugin.
(Refertohttps://docs.
gitlab.
com/runner/install/forinstructions.
)InstallingtheGenericScanAgentonGitLabRunnerConfiguredonWindowsTheFlexNetCodeInsightgenericscanpluginislocatedinthecode-insight-agent-sdk-generic-pluginfolderthatyouextractedfromtheCodeInsight2018Plugins.
zipfile.
Copy(ordirectlyextract)thisfoldertotheGitLabrunner(seeDownloadingPlugins).
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheGitLabPluginFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential79Thescanpluginfoldercontainsajarfileandasamplebatchandshellscript.
OntheGitLabrunner,updatethefollowingtomatchyourenvironment:Thecodebaseroot:SETROOT_PATH=C:\GitLab-Runner\outputThebinfolderlocationforthegenericscanplugin:cdC:\GitLab-Runner\GenericScanPlugin\example\binNotethatthefirsttimeascanisperformedusingthegenericscanplugin,adatasnapshotisdownloadedfromtheNationalVulnerabilityDatabase(NVD)togenerateanindexofthelatestsecurityvulnerabilities.
ConfiguringtheCI/CDPipelinetoRunaCodeInsightScanToconfiguretheCI/CDpipelineinyourGitLabprojecttoscanforFlexNetCodeInsightscan,youneedtoedityour.
gitlab-ci.
ymlfile.
TaskToeditthe.
gitlab-ci.
ymlfile:Addthefollowingcontentstothefile:variables:FNCI_SERVER:FNCI_TOKEN:FNCI_PROJECT:codeinsight_scan:stage:testonly:-mastertags:-script:-cmd/Q/CC:\Gitlab-runner\GenericScanPlugin\example\bin\run_scan.
bat%FNCI_PROJECT%%FNCI_SERVER%%FNCI_TOKEN%%CI_PROJECT_DIR%Replacethefollowingvariableswiththeappropriateinformation:withyourCodeInsightserver(forexample,http://1.
1.
1.
1:8888/codeinsight)withyourJWTauthorizationtokenobtainedfromtheCodeInsightserver(asdescribedinGeneratingaJWTAuthorizationToken)withtheprojectyoucreatedearliertocapturetheinventorywiththetagofyourGitLabrunner%CI_PROJECT_DIR%istheGitLabvariablefortheprojectpathwherethecodeisbuilt.
Youcanreplaceitwiththepathofthefoldercontainingthebinariesofyourbuiltproject.
Chapter3Installing&ConfiguringFlexNetCodeInsightPluginsTheGitLabPlugin80CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideExecutingtheBuildThenexttimeyourbuildisexecuted,aFlexNetCodeInsightagentscanisperformedattheendofthebuildprocess.
IfyouhavescheduledtheCodeInsightscanjobafteraMavenbuild,forexample,youshouldseesomethinglikethisinyourGitLabpipeline:4FlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential81IntegratingwithSourceCodeManagementThefollowingtopicsarecoveredinthissection:WhyUseSourceCodeManagement(SCM)ConfiguringSCMSCMCommandLineClientGitProtocolOptionsPerforceProtocolOptionsTFSProtocolandCredentialsConfigurationWhyUseSourceCodeManagement(SCM)Tosupportdeepscanning,itisnecessarytobringtheprojectcodebasefilestothescanserver.
FlexNetCodeInsightprovidesthefollowingwaystobringcodebasefilesintothesystem:UploadacodebaseintoFlexNetCodeInsight:Uploadingacodebaseisusefultoanalystswhotypicallyperformad-hocscansonanarbitrarysnapshotofcodeprovidedbytheproductteam.
UseaversioncontrolSCMconnector:SCMconnectorsprovideanautomatedwaytofetchthecodebasedoncriteria,suchasbuild,release,calendar,checkin,andotherinformation.
SCMconnectorssupportvariousauthenticationmechanisms,includinganonymous,usernameandpassword,andtoken/key/ticketonascanserver.
ConfiguringSCMFlexNetCodeInsightsupportsSCMconnectorstoallowremotecodebasestobeobtainedbeforeascan.
Chapter4IntegratingwithSourceCodeManagementSCMCommandLineClient82CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuidePrerequisitesThefollowingareprerequisitesforusingCodeInsightSCMconnectors:SCMCommandLineClientRecommendedClientsSettingtheEnvironmentVariableSCMCommandLineClientBeforeyouproceed,ensurethatanSCMcommand-lineclientisinstalledandconfiguredontheFlexNetCodeInsightScanServerasthisisnecessaryforFlexNetCodeInsighttobeabletoconnectandsynctoanSCMrepository.
ToverifythattheSCMclientisinstalledandavailabletoFlexNetCodeInsight,openacommandpromptandnavigatetotheFlexNetCodeInsightrootdirectory.
ExecuteacommandspecifictoyourSCM,suchas:githelpp4helptfhelpIfthesystemcannotfindthecommandspecified,verifythattheSCMclientdirectoryispartofthePATHvariableonthisserver.
ConsultyourSCMdocumentationformoreinformationonhowtoinstallandconfiguretheclient.
RecommendedClientsThefollowingisalistofclientsknowntoworkwellwithFlexNetCodeInsight:SCMClientCostDownloadSiteGitGitFreehttp://git-scm.
com/downloadsPerforcePerforcePaidhttps://www.
perforce.
com/downloadsTeamFoundationServer(TFS)TeamExploreEverywhereCommandLineClient(TEE-CLC)https://github.
com/Microsoft/team-explorer-everywhere/releasesNoteDownloadsitelinksaresubjecttochange.
Chapter4IntegratingwithSourceCodeManagementGitProtocolOptionsFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential83TEE-CLCRequirementforaTFSConnectionTEE-CLCistheTFSclientrequiredbyCodeInsighttoconnecttoandsynchronizewithanTFScollection.
OncethisclientisinstalledonthesamemachinewheretheCodeInsightscannerresides,runthefollowingcommandtoaccepttheend-userlicenseagreement:tfs-eulaIfCodeInsightattemptstoconnecttoTFSbeforethiscommandisrun,theconnectionfails.
SettingtheEnvironmentVariableIfyouruntheSCMcommandlineclientfromaWindowsmachine,addyourSCMclientlocationtothePATHenvironmentvariable.
NoteYourSCMmayrequireotherenvironmentvariablestobeset.
ConsultyourSCMdocumentation.
TaskTosettheenvironmentvariable,dothefollowing:1.
TofindyourPATHenvironmentvariablesettings,navigatetoControlPanel>System>AdvancedSystemSettings.
2.
ClickEnvironmentVariables.
3.
LookforthePATHsystemvariableandmakesurethatitissettothelocationofyourSCMbindirectory.
4.
Ifyoueditthesystemvariable,ensurethatyousaveyourchanges.
GitProtocolOptionsGitrepositoriesresideonpublicservers,suchasGitHubandBitbucket,oronGitserverswithinacorporatenetwork.
TheGitURLusedtoclonetherepositoryintoyourSCMdestinationfolderwillvarydependingonyourdesiredprotocol.
Thefollowingaretheavailableprotocoloptions.
AnonymousHTTPAuthenticatedHTTPSSHSSHOverHTTPChapter4IntegratingwithSourceCodeManagementGitProtocolOptions84CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideAnonymousHTTPThisprotocolcanbeusedforapublicrepository.
Publicrepositoriescanbeclonedwithoutprovidinganaccountandpassword.
TypeExampleGitHubExamplehttp://github.
com/myacct/Spoon-Knife.
gitBitbucketExamplehttp://bitbucket.
org/myacct/myquotefork.
gitAuthenticatedHTTPThisprotocolcanbeusedforaprivaterepository.
ProvideanaccountandpasswordasshownintheURLformatbelow.
Useacolonbetweentheaccountandpassword.
TypeExampleGitHubExamplehttps://myacct:password@github.
com/myacct/Hello-World.
gitBitbucketExamplehttps://myacct:password@bitbucket.
org/myacct/bb101repo.
gitSSHThissectiondescribesSSHauthenticationbetweenasystemrunningFlexNetCodeInsightandGitserverssuchasGitHubandBitbucket.
Thefollowingoptionsarepossible:UseoneSSHkeypairforallGitservers.
UseaseparatekeypairforeachGitserver.
UsemultiplekeypairsforsomeorallGitservers.
SSHdoesnotrelyonaccountpasswordsbutratheronapairofkeys,oneaprivatekeyandtheotherapublickey.
Thoughaprivatekeyfilemaybeprotectedbyapassword,nopasswordshouldbespecifiedforprivatekeysusedbyFlexNetCodeInsight.
CreatingKeypairsUsessh-keygentocreateakeypairforeachGitserver.
PressReturntwicetomakethepassphraseempty.
Forexample:ssh-keygen-f~/.
ssh/id_rsa_github_test1-C"githubtest1"ssh-keygen-f~/.
ssh/id_rsa_bitbucket_test1-C"bitbuckettest1"Thefollowingfilesarecreated:TypePrivateKeyPublicKeyGitHubid_rsa_github_test1id_rsa_github_test1.
pubChapter4IntegratingwithSourceCodeManagementGitProtocolOptionsFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential85Theprivatekeysremaininthe.
sshfolderonLinuxorthe\.
sshfolderonWindows.
EachpublickeywillbestoredonaGitserver.
AddingtotheConfigFileUpdate.
ssh/config(onLinux)or\.
ssh\config(onWindows):PropertyGithubBitbucketHostgithub.
combitbucket.
orgUsergitgitHostNamegithub.
combitbucket.
orgPreferredAuthenticationspublickeypublickeyIdentityFile~/.
ssh/id_rsa_github_test1~/.
ssh/id_rsa_bitbucket_test1ThereisacorrespondencebetweenthenameontheHostlineandthenameusedintheURL.
Whenthereisonlyonekeypairperhost,itisconvenienttospecifyHostasabove.
ThismeanstheURLforgitcloneis:gitclonegit@github.
com:account/repository.
gitThefollowingdefinitionsallowmultiplekeystobeusedwithGitHuborBitbucket:PropertyGithub1Github2Hostmygithub_01mygithub_02UsergitgitHostNamegithub.
comgithub.
comPreferredAuthenticationspublickeypublickeyIdentityFile~/.
ssh/id_rsa_github_test1~/.
ssh/id_rsa_github_test2TheURLsarechangedtousethevaluesofHostfromtheconfigfile.
Thefollowingaretheappropriategitclonecommands:gitclonegit@mygithub_01:account/repository.
gitgitclonegit@mygithub_02:account/repository.
gitBothclonecommandswillconnecttogithub.
com,whichisthevalueofHostName.
Thefirstcommandwillusetheprivatekeyid_rsa_github_test1.
Thesecondcommandwillusetheprivatekeyid_rsa_github_test2.
Bitbucketid_rsa_bitbucket_test1id_rsa_bitbucket_test1.
pubTypePrivateKeyPublicKeyChapter4IntegratingwithSourceCodeManagementPerforceProtocolOptions86CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideSSHOverHTTPThestandardSSHportis22.
TorunSSHoverport443,performthestepsintheSSHsection.
Theonlydifferenceisin.
ssh/configonLinuxor\.
ssh\configonWindows.
Thefollowingaresomeexamples:PropertyExample1Example2Hostgithub.
comgitssh-httpsUsergitgitPort443443HostNamessh.
github.
comssh.
github.
comPreferredAuthenticationspublickeypublickeyIdentityFile~/.
ssh/id_rsa_github_test1~/.
ssh/id_rsa_github_test1URLgit@github.
com:account/repository.
gitgit@gitssh-https:account/repository.
gitPerforceProtocolOptionsPerforcedepotsresideonanenterpriseserver.
Youhavethefollowingprotocoloptions.
AuthenticatedTCPAuthenticatedSSLFordetailsonhowtoconfigurethePerforceSCMinstance,refertotheFlexNetCodeInsightUserGuide.
TFSProtocolandCredentialsConfigurationThefollowingdescribesconfigurationyoumightneedforCodeInsightsynchronizationwithTFS:HTTPSProtocolSupportSpecialRequirementforVSTSProjectsinTFSHTTPSProtocolSupportHTTPSissupportedforcommunicationbetweenCodeInsightandTFS.
PerformthefollowingstepstoenabletheSSLconfigurationforHTTPS.
Chapter4IntegratingwithSourceCodeManagementTFSProtocolandCredentialsConfigurationFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential87TaskToenableSSLconfiguration:1.
ExporttheSecureSiteSSLcertificatefromthebrowserlocation(shownhere)forthegivenTFSinstance:https:///tfs/DefaultCollection/2.
ImportthecertificateintheJava(JRE)keystore,usingthefollowingcommand(replacingtfs.
cerwiththeactualcertificatefilename).
ThecertificateshouldbeimportedtothesamelocationwheretheTEE-CLCandCodeInsightscannerreside(seeTEE-CLCRequirementforaTFSConnection).
keytool-import-trustcacerts-keystorecacerts-storepasschangeit-noprompt-aliastfs-filetfs.
cerSpecialRequirementforVSTSProjectsinTFSIfCodeInsightissynchronizingwithaVSTS(VisualStudioTeamServices)projectinTFS,alternateVSTSauthenticationcredentialsarerequiredforthesynchronization.
TaskToenablealternateauthenticationcredentialsneededforCodeInsightsynchronizationwithaVSTSprojectinTFS:1.
InVisualStudio,enableasetofalternateauthenticationcredentials.
(SeetheVisualStudiodocumentationforinstructions.
)2.
SpecifythesealternatecredentialsfortheUsernameandPasswordintheTFSSCMinstanceconfigurationinCodeInsight.
SeeAddingaTFSSCMInstancetotheCodeInsightProjectinthe"ConfiguringSourceCodeManagement"chapterintheFlexNetCodeInsightUserGuide.
Chapter4IntegratingwithSourceCodeManagementTFSProtocolandCredentialsConfiguration88CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuide5FlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential89IntegratingwithApplicationLifecycleManagementThischaptercoversthefollowingtopics:AboutIntegrationwithApplicationLifecycleManagement(ALM)SystemsTheJiraPluginAboutIntegrationwithApplicationLifecycleManagement(ALM)SystemsFlexNetCodeInsightsupportapplicationlifecyclemanagement(ALM)systempluginstomanageexternalworkitems.
ThesepluginsallowCodeInsightuserstocreateandmanageexternalworkitemsassociatedwithinventoryintheALMsystemdirectlyfromCodeInsightsothatinventoryrequiringfurtherreviewandremediationcanbetrackedexternallyaspartoftheuser'sexistingissuetrackingsystem.
Forexample,aCodeInsightscanmightuncoversecurityvulnerabilitiesorcopyleftlicensesrequiringfurtherreviewbytheSecurityandLegalteams.
WithanALMintegration,theseissuescanbequicklyconvertedintoworkitemsthatpointtocorrespondingissuesintheALMinstance.
Thepluginssupportpre-populateddataandasynchronizationofdatabetweenCodeInsightandtheserverbasedonaconfiguredsynchronizationfrequency.
Currently,CodeInsightoffersaJiraplugin(seethenextsection,TheJiraPlugin).
FuturereleaseswillprovideadditionalintegrationswithotherALMsystems.
TheJiraPluginTheJirapluginprovidedbyCodeInsightcanbeusedtocreatenewJiraworkitemsdirectlyfromCodeInsight.
TheseworkitemsallowmanagementofexternalremediationworkassociatedwithinventoryitemsinCodeInsight.
ThefollowingsectionsdescribehowtoconfiguretheJirapluginforCodeInsightintegrationwithyourJirainstances:PrerequisitesfortheJiraPluginConfiguringtheJiraPluginChapter5IntegratingwithApplicationLifecycleManagementTheJiraPlugin90CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuidePrerequisitesfortheJiraPluginTheJirapluginisincludedwithCodeInsight,islocatedonthecoreserverintheconfig/core/pluginsdirectory.
EnsurethatthisdirectorycontainsthelatestJiraplugin,particularlyaftermigratingtothelatestCodeInsightversion.
Additionalrequirementsincludethefollowing:TheJirapluginrequiresaccesstoaJiraserverwithcredentialsforavaliduseronthisserver.
ThedesignateduserwillbeusedtoauthenticateCodeInsightontheJiraserverandwillalsobelistedasthereporterontheissuecreatedfromCodeInsight.
ThespecifiedusemusthavefullaccesstotheJirainstance,particularlyifCaptchaorSingleSign-OnareenabledontheJiraserver.
YoucanusetheTestConnectionbuttonontheALMconfigurationpagefortheJirainstancetovalidateasuccessfulconnectiontotheJiraserver.
(SeeAddingaJiraInstanceinthenextsection,ConfiguringtheJiraPlugin.
)ConfiguringtheJiraPluginTheJiraplugincanbeconfiguredtoconnecttomultipleJirainstancesandtodisplaydefaultvaluesforeachfieldintheconfiguredinstance.
Projectscanthenbeindividuallyassignedtoconnecttoandsynchronizetoonetheconfiguredinstances.
ThefollowingtopicsdescribehowtoconfigureandmaintainaJirainstance:AddingaJiraInstanceUsingCodeInsightVariablesSynchronizingWorkItemsDeletinganALMInstanceAddingaJiraInstanceThesystemAdministratorcanconfigureoneormoreJirainstancesandtheirdefaultfieldvaluesgloballyattheapplicationlevelusingtheAdministrationmenu.
Onceconfigured,theJirainstancesareavailableintheEditProjectsectionsothattheycanbeassociatedtoaspecificproject.
TaskToaddaJirainstance:1.
AssystemAdministrator,selectAdministrationfromthemainmenu.
2.
SelecttheALMtileontheleft.
3.
SelectJirafromtheApplicationdropdownlist.
4.
ClickAddInstance.
TheInstanceconfigurationtabisdisplayed.
5.
EntervaluesfortherequiredfieldsbasedonyourJiraserverinformation.
Thefollowingfieldsarerequired.
(Seetheinlinehelpforexplanationsofthefields.
)ALMInstanceNameChapter5IntegratingwithApplicationLifecycleManagementTheJiraPluginFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential91JIRAServerURLJIRAUsernameJIRAPassword6.
Onceyouhavecompletedtherequiredfields,clicktheTestConnectionbuttonontherighttovalidatethatCodeInsightcanconnecttothespecifiedJiraserver.
Iftheconnectionissuccessful,a"connectionsuccessful"messageisdisplayed.
Otherwise,reenterthecredentialsandtryagain.
EnsurethatthespecifieduserhasfullaccesstotheJirainstance,particularlyifCaptchaorSingleSign-OnareenabledonthisJiraserver.
7.
Completetheremainingfields.
Seetheinlinehelpforexplanationsofthefields.
YoucanincludeinventoryvariablesintheDefaultSummaryandDefaultDescriptionfieldsthatwillbereplacedbyactualvaluesinthenewlycreatedJiraissueandworkitem.
Foralistofsupportedvariables,seethenextsection,UsingCodeInsightVariables.
8.
ClickSavetosavetheJirainstance.
TheJiraseversettingsandmandatoryvaluesarevalidated.
UsingCodeInsightVariablesTheDefaultSummaryTextandDefaultDescriptionTextfieldssupportCodeInsightvariablesthatcancommunicatedetailsabouttheCodeInsightproject,inventoryitem,andotherrelevantinformationintheworkitemandassociatedJiraissue.
SupportedVariablesThefollowingtableliststheavailablevariablesforuseinthetextenteredintheDefaultSummaryTextandDefaultDescriptionTextfields:Table5-1SupportedCodeInsightVariablesForUseinWorkItemSummaryandDescriptionText$PROJECT_NAMENameoftheCodeInsightprojectcontainingtheissue$INVENTORY_ITEM_NAMENameoftheinventoryitemcontainingtheissue$COMPONENT_NAMENameofthecomponentassociatedwiththeinventoryitem$VERSION_NAMEVersionofthecomponentassociatedwiththeinventoryitem$LICENSE_NAMENameoftheselectedlicensefortheinventoryitem$NUMBER_VULNERABILITIESTotalnumberofsecurityvulnerabilitiesassociatedwiththeinventoryitem$NUMBER_FILESTotalnumberoffilesassociatedwiththeinventoryitem$INVENTORY_URLLinktotheinventoryitemChapter5IntegratingwithApplicationLifecycleManagementTheJiraPlugin92CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuideWhentheworkitemiscreated,theincludedvariablesarereplacedbytheirrespectivevalues.
ExampleUseofVariablesThefollowingisexampletextyoumightenterintheDefaultSummaryTextfield.
Thetextincludessomeoftheavailablevariables:The$INVENTORY_ITEM_NAMEinventoryitemintheproject$PROJECT_NAMEcontains$NUMBER_VULNERABILITIESvulnerabilitiesthatrequirereview.
Goto$INVENTORY_URLtoseethevulnerableinventoryitem.
IfyourCodeInsightprojectnameisMySampleProjectandthenameoftheinventoryitemnameforwhichyoucreateaworkitemisApacheCommonsBeanUtils,theworkitemandJiraissuewilldisplaythefollowingsummary:TheApacheCommonsBeanUtils1.
7.
0(Apache2.
0)inventoryitemintheprojectMySampleProjectcontains18vulnerabilitiesthatrequirereview.
Gotohttps://my.
sample.
server:8888/codeinsighttoseethevulnerableinventoryitemSynchronizingWorkItemsFlexNetCodeInsightprovidestheabilitytosynchronizeworkitemsbetweenCodeInsightandtheALMsystemsothatCodeInsightalwaysreflectsthemostcurrentstateofeachworkitem.
Theone-waysynchronizationupdatesthefollowingfieldsfortheworkiteminCodeInsight:Status,Type,Priority,Assignee,Summary.
Thefollowingproceduredescribeshowtosetthefrequencyofthissynchronizationprocess(labeledExistingIssuesSyncFrequencyontheALMtab).
NoteTheSyncFrequencyconfigurationappliestoalltheALMinstances.
Ifnotexplicitlyset,thesyncfrequencydefaultstoDaily.
TaskToconfiguretheissuesyncfrequency:1.
AssystemAdministrator,selectAdministrationfromthemainmenu.
2.
ClicktheALMtab.
3.
ClicktheEditSyncFrequencyiconontheright(totherightoftheExistingIssuesSyncFrequencyvalue).
4.
Selectoneofthefrequencyoptions—Never,Hourly,Daily,orWeekly—andcompletetheirrespectivesub-options.
5.
ClicktheSaveChangesicontosaveorCanceltodiscardthesetting.
WorkItemStatusUpdatesIfthestatusoftheworkitemintheALMsystemchanges,thestatusoftheworkiteminCodeInsightwillreflectthechangeafterthesynchronizationcompletes.
Thiscanresultinachangetothe#OpenWorkItemsand#ClosedWorkItemsforeachinventoryitem.
TheselinksandtheOpenWorkItemsinformationalertlinkwillbeupdatedtoreflectthechange.
Additionally,theInventorywithOpenWorkItemsselectioninAdvancedSearchmayreturnadifferentnumberofresults.
Chapter5IntegratingwithApplicationLifecycleManagementTheJiraPluginFlexNetCodeInsight2018R3InstallationandConfigurationGuideFNCI-2018R3-IG00CompanyConfidential93Thefollowingliststhedefaultstatusvalues:ThedefaultOpenstatusvaluesforJiraincludeOpen,Reopen,New,ToDo,InProgress,andBacklog.
ThedefaultClosedstatusvaluesforJiraincludeDone,Resolved,Verified,andClosed.
Customstatusesarenotcurrentlysupported.
DeletinganALMInstanceTheapplicationAdministratorcandeleteanALMinstanceaslongasnoprojectscurrentlyreferencetheinstance.
Iftheinstancethatyouwanttodeleteisreferencedbyaproject,itcannotbedeleteduntiltheinstanceisunassociatedfromtheproject.
SeetheFlexNetCodeInsightUserGuideforinstructionsonhowunassociateaninstancefromaproject.
TaskTodeleteanALMinstance:1.
AsthesystemAdministrator,selectAdministrationfromthemainmenu.
2.
SelecttheALMtab.
3.
SelecttheInstancetabfortheinstanceyouwanttodelete.
4.
ClicktheDeleteInstancebutton.
Chapter5IntegratingwithApplicationLifecycleManagementTheJiraPlugin94CompanyConfidentialFNCI-2018R3-IG00FlexNetCodeInsight2018R3InstallationandConfigurationGuide