Analyzer is found to skip some technologies at the discovery step.
Action Plan with Workarounds
- Check whether the analyzer supports the technologies that are used CAST HIGHLIGHT - Analyzer - Technologies Frameworks and File extensions supported
- If the file count exceeds 10,000
- Use the CLI which is less processor intensive or
- It is recommended to split the scan into several separate scans. Multiple scans (different folders), can be run, then output ZIPs for the same application can be uploaded . Results will be aggregated into a single application result.
- Is the code being analyzed on a network drive? If so, please place it on a local drive for better performance.
- Make sure that your analysis machine is not running out of RAM or CPU resources; otherwise, you may want to run on a machine with better resources.
- Check if the file size is in excess of the limit of 3 MB.( Refer page 9 in https://doc.casthighlight.com/Getting-Started-Guide.pdf). In the future the product will have an option to increase file size limit to the value the user will define. But it should be noted that very large files tend to make the analysis less stable due to memory consumption. To manually increase the default file size that is allowed to be scanned, please refer CAST HIGHLIGHT - Analyzer - How to Increase the file size limit set for analysis
- Check the file extensions supported for each programming language . If the files, in the scope for the scan do not use the extensions listed there is a good chance the analyzer will not be picking them.
- Rename the File extensions as appropriate based on the list, for them to be detected by the local agent. More details about renaming the extension for each technology can be found in ( pages 35-38 in https://doc.casthighlight.com/Getting-Started-Guide.pdf),
- If an extractor is used, check if the files provided by the extractor is of an extension that the Highlight analyzer can identify. For eg CAST database extractors produce .src extensions by default, but to make it recognizable by the Highlight analyzer it should be renamed
into .sql. More details can be found at CAST HIGHLIGHT - Analyzer - Discovery Step - Highlight is not recognizing files extracted using AIP extractor
- For file extensions such as .inc which is a shared file extension between C/C++ and PHP analyzers, if C++ analyzer is not analyzing it, the configuration file can be modified to analyze it using the PHP analyzer. Please refer CAST HIGHLIGHT - Analyzer - Discovery Step - Wrong technology classification when compared with CAST AIP
- Highlight expects specific file names (e.g., pom.xml, package.json, package-lock.json). If dependencies are not declared in files in this naming convention, CAST Highlight doesn't extract this info.
- Check the best practices for each technology to know about how the analyzer excludes, categorizes separately certain files or where manual selection or deselection of files is required
- CAST HIGHLIGHT - Local Agent - Discovery Step - Best Practices for Analyzing SAP/Abap
- CAST HIGHLIGHT - Local Agent - Discovery Step - Best Practices for Analyzing UNIX Shell scripts
- CAST HIGHLIGHT - Local Agent - Discovery Step - Best Practices for Analyzing PL/SQL
- CAST HIGHLIGHT - Local Agent - Discovery Step - Best Practices for Analyzing Microsoft T-SQL
- CAST HIGHLIGHT - Local Agent - Discovery Step - Best Practices for Analyzing Visual Basic
- CAST HIGHLIGHT - Local Agent - Discovery Step - Best Practices for Analyzing COBOL
- Check if any folder name in the path has characters other than English. For more details refer CAST HIGHLIGHT - Analyzer - Discovery Step - Files are not getting analyzed because of other than English characters in the path
- Check whether code is not accessible due to some permission issues or network accessibility issues.
- Check if any folder name in the path has characters other than English. Ensure that Path length is less than 256 characters and there are no special characters in the path. Move the repository to higher level if needed. Please refer CAST HIGHLIGHT - Analyzer - Discovery Step - Files in subdirectories are not analyzed
- Check whether the dependency files (e.g. pom.xml, build.gradle, package.json, .vcsproj, etc.) are there to detect frameworks and dependencies whose physical files are not part of the folder you're scanning. The list of the frameworks that HL support and is automatically detected can be found at https://doc.casthighlight.com/automated-framework-discovery/ .If you use a framework or a library which is not referenced by Highlight, it can still be manually added ( page 30 in https://doc.casthighlight.com/Getting-Started-Guide.pdf)
- Remove any files from the scan scope which provide no value for the analysis and may end up in increasing the code size and resulting in memory based performance issue. eg generated code like *.t.ds, *.flow.js also build and deployment folders .git,.svn etc. Please refer CAST HIGHLIGHT - Local Agent - Discovery Step - Additional files that should be excluded from Analysis
- If you scan with the Local Agent (GUI), utilize .casthighlight file in the scan folder to make discovery faster for repeated analysis of the same folder. CAST HIGHLIGHT - Local Agent - How to make discovery faster for the further analysis of a same folder