Security Assistant does not return any expected results

  • KM03744141
  • 06-Oct-2020
  • 06-Oct-2020

Summary

The Security Assistant plugin is intended to provide basic vulnerability analysis and real-time secure coding feedback. In the even that the plugin does *not* return any results, even though other tools (such as a full SCA scan) show that there should be, here's what to check for.

Error

There is no associated error message.  The plugin simply seems to do nothing.

Cause

The cause is most likely the rulepacks.  If there is no rulepack present, or the rulepack is empty, then this behavior will present.  In versions 20.1 or older, there is no indication of any problem in the logging.

Fix

1) Check that there is a rulepack present in the 'C:\Users\<UserName>\AppData\Local\Fortify\SecurityAssistant<IDE&Version>\'

for example: C:\Users\<current_user>\AppData\Local\Fortify\SecurityAssistantVS-20.1.0\rulePacks.zip

If there is no rulePacks.zip file, update the rules using the IDE Secusrity Assistant plugin Options -> 'Check for Updates' button.  You may need to configure the update URL to https://update.fortify.com/, or configure any proxy information seperately.

If the rulePacks.zip file is present, check the following:

a) When was the rulePacks.zip last updated?  Try running the 'Check for Updates' as above to update to the latest version.

If you are still getting no results, proceed to

b) open the rulePacks.zip file and check the contents.  The file should contain the following files:

RulepackUpdateManifest

Signature

<IDE>_security_assistant.bin

<IDE>_security_assistant_config.bin

If *any* of these files are missing, the Security Assistant plugin will not work properly.

If the only files present are the RulepackUpdateManifest and Signature, then there was an issue downloading the actual rules for the plugin.  This is likely due to the license file being used.

You can open the license file in a text editor and check the rulepack subscription date contained therein.  For example:

RulePackUpdate 2020-10-01 lid=<alphanumeric string>

This rulepack subscription is valid through October 1st, 2020.  Any date after this, the rules will not download.

If the date has passed, you will need to contact your dales rep to arrange for an updated license.