Knowledge Doc: [Static Code Analyzer] Troubleshooting Performance issues with SCA scans

0 Likes

Summary
A SCA scan of a project/solution is either running longer than expected or the scan errors out stating out of memory.

Products
Fortify,Fortify Static Code Analyzer

Environment
Static Code Analyzer (SCA) 19.X, 20.X, 21.X

Situation
A SCA scan of a project/solution is either running longer than expected or the scan errors out stating out of memory.

Cause
When SCA attempts to analyze a project/solution it runs through Seven different vulnerability analyzers. Each analyzer is unique in the vulnerabilities it is searching for. In general each analyzer will attempt to build a model of the project/solution and then analyze said model. Runtime and Memory usage is highly depended on the complexity of model. When SCA errors out stating something to the effect of "out of memory" then it is likely that the complexity of the model exceeds the current allowed memory. When SCA doesn't error out but is running longer than expected then SCA has enough memory however SCA is having to traverse each branch of the previously created model.

Read Knowledge Doc Article for Resolution


URL Name
KM000009234

__________________________________

Elizabeth Knappen
CyberRes Community Manager

If you find this post useful, give it a ‘Like’ or use ‘Verify Answer’

Labels:

Knowledge Docs
Comment List
Anonymous
Related Discussions
Recommended