While performing Source Code scan with the Highlight CLI Automation tool, the
process continues to complete for 4 out of 5 technology but stuck with no progress for the
5th technology KSH saying:
2023-03-16 16:31:05,128 INFO perl: out: [framework] GRADLE : build.gradle
2023-03-16 16:31:06,551 INFO highlight: Processing: Ksh
Workaround
Check from the log, the section having issues, could be too large and should be split.
in the above case: If you were running all 5 in parallel, it could also be because of a memory or CPU resource issue, with the machine trying to get enough resources for all of the analyses.
It is better split the source in small chunks and scan them one by one.
Later all the results can be uploaded all together.
Also, Test classes should be excluded except if you want to scan them. But measuring software resiliency of your test files may be of poor interest, for instance. Test and sample files can also generate misidentification of OSS components during the Software Composition Analysis as they’re not really part of the application you’re scanning. Please refer the best practices: https://doc.casthighlight.com/good-practices-defining-scope-code-scan/
Additional Resources
CAST Highlight Troubleshooting Guides
CAST Highlight Product Documentation
Zendesk Ticket
40752
Comments