CAST HIGHLIGHT - Analysis Step - Analysis proceeds with limited results

Analysis is found to proceed after the discovery step but only limited or partial results are there. Many of the reasons for analysis to be partial can be found in the analysis logs.

If there are issues with analysis of files it can be seen at the analysis status at folder and file levels and in the summary of scan results. A green label means that files have been correctly scanned with the associated technology, If it is grey it means some files have not been analyzed. The reason for exclusion at file level can be seen  when hovering above the label with the cursor. 

Sometimes files can be partially analyzed as shown below in the summary of scan results . 

1.JPG

Action Plan with Workarounds

  1. Check whether the analyzer supports the technologies that are used https://doc.casthighlight.com/#technologycoverage.
  2. If the file count exceeds 10,000
    1. Use the CLI based analysis which is less processor intensive or
    2. It is recommended to split the scan into several separate scans. Multiple scans (different folders), can be run, then output ZIPs for the same application can be uploaded . Results will be aggregated into a single application result.
  3. Check if the file size is in excess of the limit of 3 MB.( Refer page 9 in https://doc.casthighlight.com/Getting-Started-Guide.pdf). In the future the product will have an option to increase file size limit to the value the user will define. But it should be noted that very large files tend to make the analysis less stable due to memory consumption. To manually increase the default file size that is allowed to be scanned, please refer CAST HIGHLIGHT - Analyzer - How to Increase the file size limit set for analysis
  4. Check the file extensions supported for each programming language . If the files, in the scope for the scan do not use the extensions listed, there is a good chance the analyzer will not be picking them. 
    1. Rename the File extensions as appropriate based on the list, for them to be detected by the local agent. ( Refer pages 35-39 in  https://doc.casthighlight.com/Getting-Started-Guide.pdf), 
    2. If an extractor is used, check if the files provided by the extractor is of an extension that the Highlight analyzer can identify. For eg CAST database extractors produce .src extensions by default, but to make it recognizable by the Highlight analyzer it should be renamed
       into .sql. More details can be found at  CAST HIGHLIGHT - Analyzer - Discovery Step - Highlight is not recognizing files extracted using AIP extractor
    3. For file extensions such as .inc which is a  shared file extension between C/C++ and PHP analyzers, if C++ analyzer is not analyzing it, the configuration file can be modified to analyze it using the PHP analyzer. Please refer CAST HIGHLIGHT - Analyzer - Discovery Step - Wrong technology classification when compared with CAST AIP
  5. Check the best practices for each technology to know about how the analyzer excludes, categorizes separately certain files or where manual selection or deselection of files is required
  6. Check if any folder name in the path has characters other than English. Ensure that Path length is less than 256 characters and there are no special characters in the path. Please refer CAST HIGHLIGHT - Analyzer - Discovery Step - Files in subdirectories are not analyzed
  7. Check if its an expected behavior as Highlight skips certain files such as non-procedural part of the code, syntax etc and they are not part of the rules triggered in Highlight. To know more about the set of rules triggered in Highlight and why syntax is ignored please refer CAST HIGHLIGHT - Analyzer - PLSQL and TSQL files are not getting analyzed
  8. Remove any files from the scan scope which provide no value for the analysis and may end up in increasing the code size and also resulting in memory based performance issue. eg generated code like *.t.ds, *.flow.js also build and deployment folders .git,.svn etc. Please refer CAST HIGHLIGHT - Local Agent - Discovery Step - Files that should be excluded from Analysis
  9. Code can also be excluded from analysis. To find out the reason why a file is excluded from the analysis refer CAST HIGHLIGHT - Analyzer - Analysis Step - Reasons for the code to be excluded from analysis . The reason why a file is not scanned can be found out by hovering on the grey pill in the status column.
  10. If there is an error "Following analysis have been aborted due to errors. Corresponding results could be incomplete and excluded from next steps", provide the the csv file that will be in your working directory, to support in order to investigate the reason. Please refer CAST HIGHLIGHT - Web - Analysis aborted due to errors.
  11. If issue persists check the Log files available in the machine where the analyzer is running. An example path for the log file is C:\Users\[USERNAME]\AppData\Local\nw\analyzes\ . Each code scan creates a numbered sub-folder which contains scan log files. The reason for a partial analysis is generally indicated in analysis log files. The support team would need them in order to investigate further. Please note that stderr and stdout logs will not give any hint.
      1. If the issue can be identified to occur during a specific code scan, please zip log files of that particular numbered sub-folder and send it as an attachment to CAST support at https://help.castsoftware.com.
          1. If needed use the dichotomy process  on the file to find out the section having specific problem, An example of using the dichotomy process is given here CAST HIGHLIGHT - Analyzer - Using dichotomy process when PLSQL Files are showing as partially analyzed
      2. If you scan with the Local Agent (GUI), check the .casthighlight file created by the Agent and stored in the root source folder for hints. The .casthighlight file configuration file contain scan settings that are saved to make discovery faster for further analysis of a same folder, until it is kept.
          1. In some cases some files might be skipped by one analyzer but can be analyzed by another analyzer the details of which can be found in .casthighlight . An example is CAST HIGHLIGHT - Analyzer - Analysis Step - Some TSQL files are skipped in the analysis 
          2. If wrong technologies are selected for a folder which  is chosen for another technology, after the correct selection of technologies and before the re-scan, ensure that .casthighlight file is deleted from the root folder ie If the scan is made with the Local Agent (GUI).
      3. If needed do a re-scanning along with the generation of the logs, based on the instruction from support. To activate the execution logs when launching a code scan hold CTRL while clicking on the Scan button. A .zip file will be created in the folder specified for saving results.
      4. If command line automation is used then check the HLAutomation.log produced after the command line is run and is stored in the working directory --workingDir set. Please refer

        Highlight Automated Code Scan (Command Line) 

  12. Modify/Correct the setting and Re-scan if needed. Once the analysis is done check again the analysis status at folder and file levels.

Related Articles

CAST HIGHLIGHT - Analyzer - Analysis Step - nupkg files are not getting analyzed and showing as detection error file under the discover folder

CAST HIGHLIGHT - Analyzer - Analysis Step - PLSQL Files are not getting Scanned in Highlight Agent due to Syntax Errors

CAST HIGHLIGHT - Analyzer - Partial scan of PLSQL files

CAST HIGHLIGHT - Analyzer - PLSQL and TSQL files are not getting analyzed

CAST HIGHLIGHT - SCA - Only limited information due to many partial information for spring.* related and other framework

CAST HIGHLIGHT - Analyzer - Analysis Step - Analysis has ended with the code 0x200

CAST HIGHLIGHT - Analyzer - How to Use dichotomy process when Files are showing as partially analyzed

CAST HIGHLIGHT - Analyzer - Performance - Campaign taking more time than usual to complete

CAST HIGHLIGHT - Web - Analysis aborted due to errors

 

 

 

Have more questions? Submit a request

Comments

Powered by Zendesk