CAST Highlight shows 1% of Ruby and 95% of Typescript and JavaScript. However, as per the user Ruby code should constitute the majority of the codebase. Some components for Ruby are seen in the undetected tab.
Details
- Check whether the extension of Ruby code is in *.rb files. If not then it would be out of scope.
- Check with the code developers if it is all pure ruby or not. The code that is thought to be as pure Ruby maybe getting identified as another technology such as Typescript.
-
Check if the .rb files are not made up of Ruby dependencies.
-
-
- Check in the results if there are Ruby components referenced, including proprietary Ruby dependencies. Check whether the source code of these components are included in the scan.
- Check if 3rd party code is analyzed or only custom code is analyzed. If 3rd party code lies on a build machine and if it hasn't been included in the scan, then it won't be recognized.
-
-
- Check whether the latest version of Highlight is used
|
NB: Ruby is a sizing and SCA only language, so no health data is available for Ruby, so it will not show up in some screens. Since Ruby is not supported for health, at least one csv for one of the technologies Highlight supports for health (e.g., Java) is needed. All files found within "node_modules" folder are automatically excluded from the SCA results, the reason why one can see "excluded" in column "Dat_SHA256" of the csv. However, these files are not excluded for the sizing metric. |
Ticket
39727
Related Article
CAST HIGHLIGHT - Analyzer - Framework files by itself are not analyzed
CAST HIGHLIGHT - Results - SCA - Ruby - How to avoid false positives with ruby dependencies
Additional Resources
CAST Highlight Troubleshooting Guides
CAST Highlight Product Documentation
Comments