Managing Projects and Running Scans

Scan List/Actions

In Projects & Scans > Projects, various scans and action lists are available  (see Creating and Managing Projects).

Scan ListDisplays the project in the individual project path, e.g. Projects & Scans/View Project Scans/My Java Projects.
Full ScanA scan of the whole project. If the project is configured for a local location, this will require uploading a zip file with the updated source code.

Incremental Scan

Incremental scan is used to increase the scanning speed of the project. It works by scanning only the code that has changed since the last full scan was performed. During the incremental scan, the system takes each file that was sent to be incrementally scanned and creates a hash of it’s code. It then compares the value of the hash with the value of the hash of the files with the same name that was scanned on the last full scan.

  • Incremental scan needs to be performed on all of the code, not only on the changed code.
  • Incremental scan is recommended only if the regular scan takes more than 45 minutes.
  • When using incremental scan as part of CI/CD (for example as part of a build process) you need to make sure that a full scan is performed every X amount of incremental scans. Otherwise the changes will aggregate and when more than 7% of the code has changed CxSAST will either run a full scan or fail the scan, depending on the configuration.
  • The following configuration keys are available:

    • INCREMENTAL_SCAN_THRESHOLD
      Defines the maximum percentage of files changed to allow the incremental scan.
      Valid values: 1-19, Default value: 7

    • INCREMENTAL_SCAN_THRESHOLD_ACTION
      Defines the action to be taken when the threshold exceed in incremental scan.
      FAIL – fail the scan, FULL – switch to full scan. Valid values: FAIL or FULL. Default value: FAIL

If a zip file is uploaded that contains file path consisting of more than 255 characters, the file is not sent for scanning. Shorten the file path and try again.

Duplicate Project

Creates a new project based on the settings of the existing one and also copies the following set of properties::

  • Preset
  • Team
  • Exclusions
  • Scheduling
  • Advanced Actions (email notifications on pre-scan, post-scan and scan failure).
Branch Project

Similar to copying a project, except that it copies the following set of properties:

  • Preset
  • Team
  • Last scan from the source project with all results and remarks.

.


See also: Configuring and Viewing Scan Metrics