Description of the Scan Profile Settings
The following table describes the settings that define a scan profile, standard or custom. It also shows the default value for a given setting in each of the standard scan profiles provided by Code Insight. For example, to view the default settings enabled for:
-
The Basic Scan Profile (without CL), see the “Basic Default” column in the table.
-
The Standard Scan Profile, see the “Standard Default” column.
-
The Comprehensive Scan Profile, see the “Comprehensive Default” column.
note
The Comprehensive Scan Profile and Standard Scan Profile rely on data stored in the Compliance Library (CL) to detect evidence for Exact Matches and Source Code Matches.
| Field | Description | Basic Default | Standard Default | Compre-hensive Default | |
|---|---|---|---|---|---|
| Name | Enter or edit the profile name. | Basic Scan Profile | Standard Scan Profile | Compre\-hensive Scan Profil e | |
| Perform Package/License Discovery in Archives | Select this option to have the Scan Server recursively perform package discovery and license detection within all archive files encountered in the project codebase. By default, this option is selected. | Selected | Selected | Selected | |
| Dependency Support | Determine the level of dependency scanning to be performed by the Scan Server. The available options include: No Dependencies—Only top-level inventory items are reported without any dependencies. (Default) Only First Level Dependencies—Only first-level (also called direct) dependencies are reported along with top-level inventory items. All Transitive Dependencies—All first-level and transitive dependencies are reported along with top-level inventory items. The Scan Server calls out to the relevant package management repository to obtain transitive dependency information. For a description of Code Insight dependency support for supported ecosystems, see “Automated Analysis” in the Code Insight User Guide. | No Depend\-encies | No Depend\-encies | No Depend\-encies | |
| Report Non-Runtime Dependencies | (Available if Only First Level Dependencies or All Transitive Dependencies is selected for Dependency Support ) Specify whether the scan should report only runtime dependencies or both runtime and non-runtime dependencies. (Runtime dependencies are required during application runtime; non-runtime dependencies are not.) For more information, see “Dependency Scopes” in the Code Insight User Guide. Enabled—Report both runtime and non-runtime dependencies. Disabled—Report only runtime dependencies.(Default) | N/A | N/A | N/A | |
| Automatically Add Related Files to Inventory | Select this option to have the system associate additional files to existing inventory items based on the data available in automatic detection rules. | Selected | Selected | Selected | |
| Rescan Options | By default, when a user initiates a regular rescan (that is, not a forced full rescan), only those files that have changed since the last scan are scanned. However, certain Code Insight events that have occurred since the previous scan can result in a rescan of all files (a full rescan). For a description of these events, see “Default Scan Behavior” in the Code Insight User Guide. These options are used to override this default rescan behavior so that, even if any of the events that would normally call for a full rescan have occurred, all rescans will skip unchanged files and scan changed files only. | ||||
| Do not rescan files that have not changed since previous scan | Select this option so that rescans always skip unchanged files and scan only those files that have changed since the last scan (even if events have occurred since the last scan that call for a full rescan). | Not selected | Not selected | Not selected | |
| Apply this option to: | If the Do not rescan files\.\.\. option is selected, further clarify which unchanged files to skip during the rescan: All unchanged files Only unchanged files marked as reviewed Only unchanged files associated with inventory Only unchanged files that are both marked as reviewed and associated with inventory | N/A | N/A | N/A | |
| Exact Matches | Select this option to enable the detection and recording of scanned files that exactly match entire-file data in the Compliance Library (CL). | Disabled | Enabled | Enabled | |
| Source Code Matches | Select this option to enable the detection and recording of any source-code snippets in the scanned files that match data in the Compliance Library (CL). If you enable this source-code matching, specify any of the following additional parameters for the matching process. | Disabled | Disabled | Enabled | |
| Include System- Identified Files | Select this option if you want the Scan Server to perform source-code matching for files that have already been associated with one or more inventory items during automated analysis. | N/A | N/A | Selected | |
| Include Files with Exact Matches | Select this option if you want the Scan Server to perform source-code matching for files that have already been identified as having exact-file matches in the CL. | N/A | N/A | Selected | |
| Minimum Source Code Matches | Enter the minimum number of source-code matches that the scan needs to detect in a given codebase file before reporting the file as having such matches. (A source-code match is a snippet of code in a codebase file that matches an open-source code snippet found in the CL data.) Enter a new minimum value from 1 to 32767. (The default is 3.) For example, if this value is increased to 10 , ten code snippets in a given codebase file must match data in the CL before the scan reports the file as having source-code matches. In general, the higher this value, the fewer source-code matches an analyzer has to review. | N/A | N/A | 1 | |
| Search Terms | Provide a list of search terms to be used in the scan. Use the \+ button to add a term and the \- button to remove a term. | Standard terms listed | Standard terms listed | Standard terms listed | |
| Scan Exclusions | Provide a list of file extensions to be excluded from the scan. Use the \+ button to add an exclusion term and the \- button to remove an exclusion. See “Creating Exclusion Patterns for Scan Profiles” in the Code Insight Installation & Configuration Guide for further instructions. | Standard exclusions listed | Standard exclusions listed | Standard exclusions listed |