Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Summary
ScanCentral Uploads Failing (timeout property issue) in version 22.1 and 22.2
Products
Fortify Static Code Analyzer
Environment
OS: Windows/Linux
Product: Fortify ScanCentral 22.1.0 and 22.2.0
Situation
After upgrading ScanCentral to 22.1.0 or 22.2.0, triggering a scan and uploading the result file (FPR) to Fortify Security Center (SSC), SSC reports that the upload failed, despite that the FPR is completely uploaded, and the data is consistent.
In scancentralCtrl.log there are errors related to a possible read/ IO timeout that indicates this defect.
For Example
[ERROR] com.fortify.cloud.ctrl.service.SscUploadServiceImpl - Unable to upload scan results for 10000 to SSC at http://<hostname>/ssc .org.springframework.web.client.ResourceAccessException: I/O error on POST request for http://<hostname>/ssc/api/v1/projectVersions/10000/artifacts: Read timed out; nested exception is java.net.SocketTimeoutException: Read timed out
Resolution
1. Stop the Tomcat service hosting the ScanCentral SAST Controller.
2. Open the file <tomcat>/webapps/scancentral-ctrl/WEB-INF/applicationContext.xml in a text editor.
3. Look for the element <bean id="requestFactory" class="org.springframework.http.client.SimpleClientHttpRequestFactory">
4. Increase the readTimeout and connectTimeout values to 180000 milliseconds (3 mins).
5. Save the changes and start Tomcat.
6. Submit another scan request.
This defect will be fixed in version 23.1.0
URL Name
KM000016162