Skip to main content

About Scanning without the Compliance Library

By default, when Code Insight scans a codebase, it uses the data in the Compliance Library (CL) to provide evidence of third-party code—exact-file matches and source-code fingerprint (snippet) matches—in your codebase.

However, if you do not have access to the CL—for example, you are running Code Insight on a virtual instance or have not yet installed the CL—or do not want to enable your installed CL, leave the CL Path field blank on the Scan Servers tab on the Administration page (see Adding or Editing Scan Servers or Checking Server Status). You must then use the “Basic Scan Profile (without CL)” scan profile to perform a basic scan on your codebase.

The basic scan uses Code Insight’s Automated Analysis feature to perform the following:

  • Generates inventory and detect vulnerabilities

  • Finds evidence based on emails, URLs, and pre-defined search terms

  • Employs all automated detection techniques

In the absence of a CL, Code Insight will not detect exact-file matches and source-code fingerprint matches.

You can also create a custom basic scan profile with your own pre-defined search terms, as well as specify scan exclusions for folders or files to exclude from the codebase scan, such as **/.git or **/.hg.

For more information about the “Basic Scan Profile (without CL)” scan profile and about creating and managing scan profiles in general, see Managing Scan Profiles. For instructions on associating a scan profile with a project, see “Applying a Scan Profile to the Project” in the “Using Code Insight” chapter in Code User Guide.