Cadet 3rd Class Cadet 3rd Class
Cadet 3rd Class
437 views

When and how does the SCA rulepack auto-update happen?

I see there's a setting to automatically update rulepacks in SCA. I have a few questions about that.

* How does that work? Is there a scheduled task/cron job that gets created at some point? Does this happen whenever someone runs a scan with that instance?
* Is it a problem if the rulepacks in a given instance of SCA are higher or lower than those in SSC? What sort of problems can I expect?
* Depending on the answer to my first question, what time does the update kick off at?

Thanks in advance.

2 Replies
Micro Focus Expert
Micro Focus Expert

The update you mention is not triggered by a cron job or similar

You could run it before each scan, you could create a cronjob to do it. With fortifyupdate it is under your full control

* Is it a problem if the rulepacks in a given instance of SCA are higher or lower than those in SSC? What sort of problems can I expect?

There is potentially a warning uploading the results saying that the metadata is different. You would then need to approve the upload. I never experienced real issues doing this

0 Likes
Vice Admiral Vice Admiral
Vice Admiral

I am not sure what the mechanism is for triggering this, I assumed it occured when SCA or AWB was launched vs a cron job running.... did you know that you can check for rulepack updates yourself?

By calling C:\Program Files\Fortify\Fortify_SCA_and_Apps_<version>\bin\fortifyupdate.cmd

Doing it this way, you could have more control of when the rulepack updates are applied, which sounds like what you are after.

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.