This feature is only used by the Java engine.
The source code of the dependencies of a Java project is usually not added to the archive uploaded to RIPS or even downloaded during the CI build of a Java project. Most of the time, only the compiled JAR files are available. Because of that, we ship our Java analysis engine with an extensive selection of pre-scanned libraries (via a database). This database can be extended to also include all other dependencies that are used by your application that are not initially found in the database. Starting a scan that includes a library database update can be done as follows:
- Go through all steps of the new scan process until you arrived at the Scan page or Advanced Settings page.
- Select one of the options for the database update.
After the update was performed, all future scans of this application will use the updated database.
Resetting the database can be done in the Application Settings and will remove any custom changes.