Skip to main content

Disabling SHA-1 Support

This section describes how the Code Insight database administrator configures the scan.digest.sha1.enabled property (located in the PAS_GLOABL_PROPERTIES table in the Code Insight database) to disable SHA-1 support. When support is disabled, SHA-1 digests are no longer calculated for files during the scans.

To disable SHA-1 support for your Code Insight instance, do the following:

Execute this command against the Code Insight database:

  • UPDATE PAS_GLOBAL_PROPERTIES SET VALUE_ = 'false' WHERE KEY_ = 'scan.digest.sha1.enabled';

The following describes how SHA-1 digests for files are handled during scans after SHA-1 support is switched from enabled to disabled. (For a description of standard and remote scans, see Enabling the SHA-1 Support.)

  • Each time a standard rescan is run on a codebase—Any existing file that has been modified since the previous scan (or is a new file) has its SHA-1 value set to NULL in the PSE_SCANNED_FILES table and is (re)scanned. Existing files that have not been modified since the previous scan retain their current SHA-1 value (either a digest or NULL) in the table and are not rescanned.

  • Each time a remote rescan is run on a file system—The SHA-1 values for all files—all existing files, modified or not, and any new files— are set to NULL in the PSE_REMOTE_SCANNED_FILES table. Additionally, all files are scanned.