Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
20093 views

Sourceanalyzer complains not enough memory despite -Xmx36G

Jump to solution

Just upgraded SCA to 16.10 from 4.4.2 and having issues getting the TFS build definition to successfully complete the scan phase. The clean and translate task successfully execute but the scan task seems to get stuck in time and the log has the following message:

FortifyScan:

         "d:\Program Files\HP_Fortify\HP_Fortify_SCA_and_Apps_16.10\bin\sourceanalyzer.exe" -b myProject -Xmx36G -logfile "d:\TFS\Builds\Agent1\myProject\Solutions\Master\myProject.scan.log" -scan -format fpr -f myProject.fpr

[warning]: Scan progress is slowing due to JVM garbage collection, which may indicate low memory. For details on making more memory available, please consult the user manual.

[warning]: Scan progress is slow due to JVM garbage collection, which may indicate low memory. For details on making more memory available, please consult the user manual.

[error]: There is not enough memory available to complete analysis.  For details on making more memory available, please consult the user manual.

Running the scan manually via the Visual Studio 2015 plugin also results in the scan task freezing at 24% during the "building analysis model" phase.

I’ve noticed that Fortify seems to ship its own jre (it’s located in fortify install base dir\jre\bin\). Looking at the release it appears to be for Windows 5.2, or XP. I wonder if this may have something to do with it, that Fortify is perhaps using an inappropriate and outdated release of the jre for the host system on which it resides.

I'd appreciate any help or insight anyone can provide.

Thanks!

Labels (1)
0 Likes
20 Replies
Absent Member.
Absent Member.

All,

This was identified as a performance bug with 16.10 in which applications containing JavaScript files may experience abnormally long scan times. The bug has been fixed and is included in the 16.11 patch release.

Thanks

View solution in original post

0 Likes
Absent Member.
Absent Member.

Hi Jazzwal,

I'm facing the same memory issue, I have HP_Fortify_SCA_and_Apps_4.31 software installed. Can I apply the 16.10 patch to this?

0 Likes
Absent Member.
Absent Member.

Hi Jazzwal,

I'm facing the same memory issue, I have HP_Fortify_SCA_and_Apps_4.31 software installed. Can I apply the 16.11 patch?

0 Likes
Commander
Commander

Hi, try the 16.11 patch, 16.10 has performance issues.

0 Likes
Absent Member.
Absent Member.

Thanks Sivak,

I couldn't get the 16.11 patch from the site, can you please assist me

0 Likes
Absent Member.
Absent Member.

Hi,

I have tried with 16.11 but scan process got stuck up, saying  "building analysis model      24% [=====               ]" , It took very long time.

Can anyone suggest?

0 Likes
Absent Member.
Absent Member.

Hi Venkatesh -

My guess is that it's getting caught up in some issues with javascript files.  You should try excluding them (temporarily) from the scan to see if it behaves differently?

Let me know.

Regards,

mark

0 Likes
Cadet 3rd Class
Cadet 3rd Class
 
0 Likes
Lieutenant
Lieutenant

I am seeing this with 17.20 for one project I am scanning.

I updated the script to use 17.10 for the same scan and it is CRAWLING but not getting the out of memory error.

I am also noticing that a scan that used to take roughly 20mins is now taking 44mins on average.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.