Creating a Binary SCA Job
This section introduces how to create a binary scan job and check the scan report to help you get started.
Prerequisites
- You have registered a Huawei account and enabled Huawei Cloud services.
- You have purchased CodeArts Governance.
- Software packages and firmware to be scanned are ready.
Constraints
- Files in the following formats can be scanned: .zip, .rar, .tar, .tar.gz, .jar, .apk, .hap, .so, .gz, .gzip, and so on
- The file name can contain only letters, digits, spaces, underscores (_), hyphens (-), and periods (.).
- The file name can contain a maximum of 100 characters.
- Describe the job within 200 characters.
- The file size cannot exceed 5 GB (300 MB for free trial jobs).
Creating a Scan Job
- Log in to the CodeArts Governance console.
- In the navigation pane on the left, choose SCA > Binary SCA.
- Click Create Job. In the displayed dialog box, click Scan File. Upload a local software package or firmware.
Table 1 Parameters Parameter
Description
Scan File
The software package and firmware to be scanned
Job
Name of the file to be scanned
Description
Description of the job
Upgrade this scan to Professional.
This is shown when your free package has remaining scanning quota and yearly/monthly billing is not used.
- Disabled: The Free edition will be used for this scan job.
- Enabled: The Professional edition will be used for this scan job. After the upgrade, you can check complete scan results, export the report, and upload a file up to 5 GB. For frequent scans, yearly/monthly packages are recommended.
- Click OK and wait for the job to complete. Note that the scan duration is subject to the package size and code size.
Checking the Scan Result
- On the Binary SCA page, check all jobs.
- Click a job name to check its report. Alternatively, click View Report in the Operation column of the job. This page shows the Basic Info, Open-Source Software Vulnerabilities, Open-Source License, Key and Info Leakage, Secure Compiler Options, and Security Configurations.
Figure 1 Report details
- Click Download Report in the upper right corner and choose to download a PDF or an Excel file accordingly. Click Generate SBOM Report to generate a software bill of materials (SBOM) report.
- Download a PDF or Excel report by clicking Download Report in the upper right corner.
The report includes the job and result overview and lists the components, vulnerabilities, keys, information leakage issues, secure compiler option issues, and security configuration issues.
- Click Generate SBOM Report to generate a software bill of materials (SBOM) report.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot