{ "/en/avm/release-notes/1903": { "id": "962493", "url": "/en/avm/release-notes/1903", "title": "Lucent Sky AVM version 1903 release notes", "description": "", "date": "2019/5/23", "content" : "Lucent Sky AVM version 1903 releases Lucent Sky AVM version 1903 SU1 (build 6.0.4246) Lucent Sky AVM version 1903 MR (build 6.0.4203)Lucent Sky AVM version 1903 SU1What's new in 1903 SU1 .NET 4.8 applications are now supported. MSBuild 16 is now supported, and multiple versions of MSBuild can be used side-by-side on the same instance. Additionally, build properties are available with native MSBuild. The Web UI now displays a list of recovered errors that occurred during a scan. In previous versions, this information was only available in the scan logs. Issues fixed in 1903 SU1These are the issues addressed in 1903 SU1: JavaScript syntax highlighting is not available in HTML reports. The file list in the reports has incorrect analysis marking. Improved parsers for C# and Objective-C. Updated binary analysis rules for .NET applications. Updated source code analysis rules for PHP applications. Improved error handling of custom source code analysis rules. Improved handling of imported AST reports. Improved remediation capabilities for CWE-502 and CWE-611. Report and Remediate options appear in the Action Bar when they are not available. Lucent Sky AVM version 1903 MRNew features in 1903 MRSource code analysisThe new third-generation source code analysis engine was designed with scalability and extendibility in mind, and provides extended coverage for web applications and more advanced analysis for JavaScript files. However, these improvements may result in slightly longer analysis time.The third-generation source code analysis engine also brings first-class support for customized rule packages. Users can now use custom identification rules across analysis engines with the same granularity as the built-in rules. As a result, the new source code analysis engine is not compatible with custom identification rules designed for previous generations of source code analysis engines.Binary analysisPerformance improvements when using Comprehensive Analysis on applications with large binary files.RemediationStability and performance improvements when generating the remediated source code of very large applications.InterfacesEclipse plug-inEclipse plug-in now supports for Eclipse 2019-03.The Visual Studio extension has been rewritten with VSIX v3, and supports Visual Studio 2019 and dark theme.Issues fixed in 1903 MRWe fixed a bug where the batch delete function on the Web UI returns DATA_ERROR even when the operation completed successfully.", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/1906": { "id": "946055", "url": "/en/avm/release-notes/1906", "title": "Lucent Sky AVM version 1906 release notes", "description": "", "date": "2019/7/5", "content" : "Lucent Sky AVM version 1906 releases Lucent Sky AVM version 1906 MR (build 6.1.4280)Lucent Sky AVM version 1906 MRNew features in 1906 MRBinary analysisThe third-generation binary analysis engine provides incremental improvements over the current engine, and scalability is a key focus. A new direct binary analysis mode allows pre-compiled binary files to be analyze along with their source code, without the need of building it within the scan process. Additionally, new memory management algorithms provide greatly improved analysis performance on systems with large amount of memory.The third-generation binary analysis engine is currently in public preview and works alongside the current engine, and is available to customers in the Lucent Sky AVM Preview Program. To learn more about how to to use the new features of the third-generation binary analysis engine, or to join the Lucent Sky AVM Preview Program, visit Introducing Lucent Sky AVM Preview Program.Weakness policiesStarting with v1906, Lucent Sky AVM will use a set of "weakness policies" to provide simplified control on what types of vulnerabilities are identified and remediated, instead of individual weakness toggles. This allow users in different industries to choose the policies that align with their regulatory requirements. Results identified and remediated by Lucent Sky AVM are still categorized by their CWE IDs, and users still have the ability to set the identification and remediation settings for individual CWE IDs.Remediation Performance and stability improvements when generating the remediated source code.Build .NET Output file(s) of MSBuild can be specified by setting the BuildOutputPath scan argument. Additional troubleshooting information is available when an .NET application failed to build. When running on a non-English operating system, MSBuild, and ASP.NET compilation logs are correctly displayed in the native language. Java Performance improvements when building Java applications using Ant. Performance and compatibility improvements when building Java applications using Maven. InterfacesThe Eclipse plug-in is updated to support weakness policies.The Visual Studio extension is updated to support weakness policies.Improvements to the warning broadcast in the web UI.Issues fixed in 1906 MR We fixed a bug where rule package is not properly installed when CLEAR Engine setup was interrupted and resumed.", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/1909": { "id": "913709", "url": "/en/avm/release-notes/1909", "title": "Lucent Sky AVM version 1909 release notes", "description": "", "date": "2019/11/5", "content" : "Lucent Sky AVM version 1909 releases Lucent Sky AVM version 1909 SU1 (build 6.2.4409) Lucent Sky AVM version 1909 MR (build 6.2.4351)Lucent Sky AVM version 1909 SU1What's new in 1909 SU1 Vulnerability categorization now includes the version of the categories (such as OWASP Top 10 2017). When generating reports or secured source code on an instance with slow disk I/O, a less aggressive data access strategy will be used to reduce I/O stress. Issues fixed in 1909 SU1These are the issues addressed in 1909 SU1: We fixed an issue where the specified binary analysis target is not included when using direct binary analysis if the target falls outside of the .NET project. We fixed an issue where the download link for PDF report is available even when PDF report generation failed. Lucent Sky AVM version 1909 MRNew features in 1909 MRBinary analysisThe third-generation binary analysis engine provides incremental improvements over the current engine, and scalability is a key focus. A new direct binary analysis mode allows pre-compiled binary files to be analyze along with their source code, without the need of building it within the scan process. Additionally, new memory management algorithms provide greatly improved analysis performance on systems with large amount of memory.In v1909, the binary analysis engine gains the ability the analysis binary files without accompanying source code or debug symbols.The third-generation binary analysis engine is currently in public preview and works alongside the current engine, and is available to customers in the Lucent Sky AVM Preview Program. To learn more about how to to use the new features of the third-generation binary analysis engine, or to join the Lucent Sky AVM Preview Program, visit Introducing Lucent Sky AVM Preview Program. It is estimated to achieve General Availability in the next major release of Lucent Sky AVM.Source code analysisEnhancements were made to the source code parser and the contextual analysis engine to improve the scan performance on large applications. In addition, a bug that caused JavaScript analysis to stuck on certain minimized code has been fixed.Result signature and suppressionA new result signature algorithm has been put in place, providing a unified result suppression experience. The new algorithm also provides performance improvements and the ability to automatically suppress non-actionable results. To enable automatic suppression, set the setting AutomaticSuppression to True.Custom rule packages containing result signatures generated with previous algorithms will continue to work unless the setting SuppressionCompatibilityMode is set to False, which can take advantage of the performance improvements of the new algorithm.Weakness policiesVarious analysis rules have been updated to provide more comprehensive and accurate vulnerability identification. A notable update is the identification of CWE-611 now takes into consideration the behaviors of different versions of numerous XML parsers.Remediation Performance and stability improvements when generating the remediated source codeBuild .NET The Configuration and OutputPath build properties can now be set in scan arguments and will override the default settings Java Performance improvements. Interfaces Various improvements to the web UI. Most notable is that text below icons are now clickable. We share the excitement of our users as we mark this 4 year-old bug as resolvedIssues fixed in 1909 MR We fixed a bug where the Configuration and OutputPath build properties cannot be set with scan arguments We fixed a bug where scan appears to be stuck when analyzing applications with certain minimized JavaScript code. ", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/1912": { "id": "208736", "url": "/en/avm/release-notes/1912", "title": "Lucent Sky AVM version 1912 release notes", "description": "", "date": "2020/1/10", "content" : "Lucent Sky AVM version 1912 releases Lucent Sky AVM version 1912 SU1 (build 6.3.4504) Lucent Sky AVM version 1912 MR (build 6.3.4476)Lucent Sky AVM version 1912 SU1Issues fixed in 1912 SU1These are the issues addressed in 1912 SU1: We fixed an issue where Ant build fails when a custom runtime is selected. We fixed an issue where the Web UI shows a blank page when the queried item does not exist.Lucent Sky AVM version 1912 MRNew features in 1912 MRCLEAR EngineCLEAR Engine is the central service responsible for the orchestration of different engines and services of Lucent Sky AVM. The new CLEAR Engine has been designed and optimized to work better with the new analysis and remediation engines, and enables significant performance improvements across the board.Binary analysisThe third-generation binary analysis engine provides incremental improvements over the current engine, and scalability is a key focus. A new direct binary analysis mode allows pre-compiled binary files to be analyze along with their source code, without the need of building it within the scan process. Additionally, new memory management algorithms provide greatly improved analysis performance on systems with large amount of memory.The new analysis engine has been in public preview since v1906. With the new CLEAR Engine, it is the default binary analysis engine starting with v1912. Additionally, it also received performance improvements on Java application analysis, and better detection for corrupted .NET binary files.Source code analysis The source code analysis engine for C/C++ has been updated to improve accuracy and coverageWeakness policies Binary and source code analysis rules have been updated to provide more comprehensive and accurate vulnerability identification Support for CWE v3.4.1Reporting Scan result is now available in the XML reportAdministration The SQL Server installed along with new Lucent Sky AVM installations has been updated to SQL Server 2019Issues fixed in 1912 MR We fixed an issue where multi-line remediation suggestion shows irrelevant line number. We fixed an issue where certain applications has extended pre-analysis time. We fixed an issue where error is shown when navigating to a result hidden due to license limitation. We fixed an issue where the entire pending scan queue becomes stuck when a pending scan is deleted. We fixed an issue where DiagnosticSettings and MaxDegreeOfParallelism settings are not preserved during an update.", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2003": { "id": "209255", "url": "/en/avm/release-notes/2003", "title": "Lucent Sky AVM version 2003 release notes", "description": "", "date": "2020/3/25", "content" : "Lucent Sky AVM version 2003 releases Lucent Sky AVM version 2003 MR (build 7.0.4548)Lucent Sky AVM version 2003 MRNew features in 2003 MRBuild Custom Java runtimes can now be set to replace the built-in Java runtimes and be used for the build process The Java build engine has been updated to improve performanceBinary analysis The secondary binary analysis engine for Java has been updatedSource code analysis The source code analysis engines for .NET, C/C++, Java, and Python has been updatedWeakness policies Weakness policies and the built-in rule package have been updated to support CWE v4.0 CWE-3 has been removed as part of the update to CWE v4.0Interface The Web UI has been updated The CLI has been updated The Visual Studio extension and Eclipse plug-in have been updatedIssues fixed in 2003 MR We fixed an issue where the timestamps for custom rule packages and runtimes have incorrect time zone. We fixed an issue where certain JSP files with JSTL tags failed to compile. We fixed an issue where a .ear or .war file can be specified as the target of direct binary analysis. We fixed an issue where files skipped during Python source code analysis is not logged. We fixed an issue where Maven logs is not being properly written.", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2006": { "id": "207720", "url": "/en/avm/release-notes/2006", "title": "Lucent Sky AVM version 2006 release notes", "description": "", "date": "2020/9/17", "content" : "Lucent Sky AVM version 2006 releases Lucent Sky AVM version 2006 SU1 (build 7.1.4729) Lucent Sky AVM version 2006 MR (build 7.1.4654)Lucent Sky AVM version 2006 SU1New features in 2006 SU1Build and pre-analysis Improved support for Razor and configuration files commonly used by mobile appsBinary analysis Coverage improvements on the Java binary analysis engineSource code analysis Accuracy and coverage improvements on source code analysis enginesHybrid analysis Improvements on hybrid analysis algorithmsRemediation Forth-generation remediation engine is now generally available Contextual suggestion are now available in most vulnerability categories PHP remediation algorithms have been updated Reporting Support for CWE v4.2Interface Usability improvements of the Web UIIssues fixed in 2006 SU1These are the issues addressed in 2006 SU1: We fixed an issue where TypeScript files were analyzed but missing from analyzed file list. We fixed an issue where Web UI is stuck in a redirect loop after password is changed. We fixed an issue where timestamp of a rule package is not properly updated. We fixed an issue where source code analysis sometimes fail when no result was found. We fixed an issue where some vulnerabilities in Python were misclassified.Lucent Sky AVM version 2006 MRNew features in 2006 MRBuild Automatic build tool detection for .NET Core and Maven projects Better support for .NET Core 3.1 Improvements on direct binary analysis A directory containing .class files can be specified as the binary analysis target Binary analysis target is now specified as analysis target instead of an scan argument Binary analysis Binary analysis engine accuracy, stability improvements, and bug fixes Additional analysis rules for .NET and Java applications Better support for .NET Core applicationsSource code analysis Support for Android apps developed with Kotlin Better support for client-side JavaScript Source code analysis engine accuracy improvements and bug fixesWeakness policies Support for CVSS 3 and priority ratingsInterface Web UI performance improvements and bug fixes CLI improvements and bug fixes Several methods arguments are not backward compatible with previous versions of CLI. For a list of these changes, view the following article in the Lucent Sky Knowledge Base: Get started with Lucent Sky AVM CLI: Migrating CLI scripts to v2006 7-Zip files are accepted as source code archiveAdministration Support for on-premise cluster To learn more about creating a cluster on-premise, or migrating on-premise instances to a cluster, view the following article in the Lucent Sky AVM Knowledge Base: Administration guide to CLEAR Engine and Web UI CLEAR Engine, Web UI, and CLI now require .NET Framework 4.8 Issues fixed in 2006 MR We fixed an issue where Ant build fails after scanning Java applications with certain dependencies. We fixed an issue where MSBuild v12 cannot be specified in scan arguments. We fixed an issue where some scan log entries of C/C++ applications are missing. We fixed an issue where results with the ‘WebService’ vector cannot be suppressed. We fixed an issue where guest users are unable to sign in on the Web UI. We fixed an issue where the name of arguments of the CLI is case sensitive. We fixed an issue where licenses might expire up to 12 hours earlier than the expiration date. We fixed an issue where the Encoding setting is not preserved during an update. We fixed an issue where some log entries may not appear in scan logs when multiple scans are running concurrently. We fixed an issue where long path support is inconsistent on Windows Server 2019.", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2009": { "id": "205224", "url": "/en/avm/release-notes/2009", "title": "Lucent Sky AVM version 2009 release notes", "description": "", "date": "2021/1/7", "content" : "Lucent Sky AVM version 2009 releases Lucent Sky AVM version 2009 SU1 (build 7.2.4841) Lucent Sky AVM version 2009 MR (build 7.2.4797)Lucent Sky AVM version 2009 SU1New features in 2009 SU1Pre-analysis Framework mismatch detection If a great majority of the source code files in the scan belong to frameworks other than the selected one, a framework mismatch warning is shown. The warning has no impact on the result of the scan. Binary analysis Additional 3rd-part security libraries are now recognized by the binary analysis engine.Source code analysis Accuracy improvements on the source code analysis engines Improved analysis for backup files Additional 3rd-part security libraries are now recognized by the binary analysis engine.Hybrid analysis Opportunistic analysis When opportunistic analysis is enabled, if build failed for .NET or Java applications, the scan will continue with additional source code analysis enabled. A warning is shown when opportunistic analysis is triggered. Opportunistic analysis is disabled by default. To enable it, set OpportunisticAnalysis to true in the storage configuration file. Remediation Accuracy improvements for remediation suggestions Remediation engine improvements for imported SAST reports (bug 1672, bug 1661, bug 1660, PBI 1662, feature 1647)Reporting Scan agent settings are now included on reportsInterface Scan agent settings are now visible on the scan details page of the Web UIAdministration License activation process has been streamlinedIssues fixed in 2009 SU1These are the issues addressed in 2009 SU1: We fixed an issue where Ant build failed when scanning Java applications with no .java file We fixed an issue where some valid custom binary analysis rules are rejected We fixed an issue where 7-Zip files with long paths are not properly detected We fixed an issue where incorrect 'No Data' and 'No Scan' information on the project index page We fixed an issue where update fails on systems without a valid license We fixed an issue where the setup program does not request administrator privilegesLucent Sky AVM version 2009 MRNew features in 2009 MRBuild Support for static websites built with ECMAScript-based front-end frameworks Support for Visual Basic 6 applications Improved handling of build parameters for Java applications Performance improvements on Java build toolchainsBinary analysis Performance improvements on the .NET and JDK binary analysis engines Improved support for JDK 11, 12, 13, and 14 Intelligent analysis performance and availability improvementsSource code analysis Improvements on the C/C++ and PHP source code analysis engines Support for custom data flow rules in the .NET, ASP, and JDK source code analysis engines Common JavaScript libraries are now recognized and no longer count against the license limit Intelligent analysis performance and availability improvementsRemediation Expanded PHP support in the forth-generation remediation engine Expanded PHP support is currently in public preview and is available to customers in the Lucent Sky AVM Preview Program. To learn more about the Lucent Sky AVM Preview Program, visit Introducing Lucent Sky AVM Preview Program. Applicability improvements on remediation algorithms for .NET Core, ASP.NET MVC, and Java MVC websites Accuracy improvements on the remediation engines Improvements on remediation support for Fortify Static Code AnalyzerReporting QoL improvements on suppression signatures Syntax highlighting improvementsInterface Low data mode on the Web UI Low data mode disables some detail information on the Application and Scan dashboards, such as the number of results in each scan. This improves Web UI performance on systems with slow database I/O. Syntax highlighting improvements Support for API key The use of encoded credentials in the CLI is being deprecated. To learn more about using API keys in the CLI, view the following article in the Lucent Sky Knowledge Base: Get started with Lucent Sky AVM CLI Administration Reliability and performance improvements for the setup programIssues fixed in 2009 MR We fixed an issue where scan progress during the S-3 stage are not accurately updated We fixed an issue where scans with a custom rule package might become stuck at Analysis S-3 (41%) if the custom rule package contains certain custom identification rules.", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2103": { "id": "217306", "url": "/en/avm/release-notes/2103", "title": "Lucent Sky AVM version 2103 release notes", "description": "", "date": "2021/4/22", "content" : "Lucent Sky AVM version 2103 releases Lucent Sky AVM version 2103 MR (build 8.0.4947)Lucent Sky AVM version 2103 MRNew features in 2103 MRBinary analysis Improvements on JDK binary analysisSource code analysis Major improvements on source code analysis engines for C/C++, C#, VB.NET, and ECMAScript Improvements on source code analysis engines for Kotlin, Objective-C, PHP, Python, and Swift Accuracy improvements on source code analysis enginesHybrid analysis Improvements on the framework detection algorithm Improvements on the hybrid analysis correlation algorithmsDependency analysis Dependency analysis engine In addition to being analyzed with binary or source code analysis for unknown vulnerabilities, application dependencies now can also be scanned for known vulnerabilities such as those listed in the National Vulnerability Database. To enabled dependency analysis, enable the Dependency vector when scanning an application. Remediation Expanded .NET, JDK support in the forth-generation remediation engine In addition to the expanded PHP support included in v2009, the fourth-generation remediation engine has expanded support for .NET and Java applications. These expansions are currently in public preview and are available to customers in the Lucent Sky AVM Preview Program. To learn more about the Lucent Sky AVM Preview Program, visit Introducing Lucent Sky AVM Preview Program. Performance improvements to the remediation engines Improvements the Python remediation algorithmsImportation Improved compatibility with third-party analysis reportsWeakness policies Support for OWASP ASVS 4.0 Support for CWE v4.3Reporting HTML and XML reports are now digitally-signed and can be validated for authenticity Results in HTML reports can be filtered by security standards and weakness listsInterface Updates on Eclipse plug-in and Visual Studio extension Scan configuration as code Scan configurations can now be set with a YAML file, so they can be managed alongside the codebase. To learn more about scanning with configuration files, view the following article in the Lucent Sky Knowledge Base: Scan an application with a configuration file Improvements on CLI Improvements on the Web UIAdministration Performance improvements for the setup programIssues fixed in 2103 MR We fixed an issue where weakness policies are not validate by the Web UI We fixed an issue where the application list page does not load project information on Internet Explorer We fixed an issue where the pie chart on the result details page containing broken links We fixed an issue where the scan status filter on the Web UI does not work on some browsers We fixed an issue where scan fails for Ant projects uploaded by the Eclipse plug-in when the system running Eclipse and the system running CLER Engine are set to different time zones We fixed an issue where syntax highlighting is not available for Kotlin We fixed an issue where some common open source libraries are included in source code analysis when the scan argument SkipKnownSafeFiles is not set or set to true We fixed an issue where backup files containing certain weaknesses are identified as if they exist in normal code files", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2106": { "id": "211439", "url": "/en/avm/release-notes/2106", "title": "Lucent Sky AVM version 2106 release notes", "description": "", "date": "2021/6/27", "content" : "Lucent Sky AVM version 2106 releases Lucent Sky AVM version 2106 MR (build 8.1.5009)Lucent Sky AVM version 2106 MRNew features in 2106 MRBuild Gradle support Applications using Gradle can now be natively built on Lucent Sky AVM. The build artifact and the accompanying source code will then be analyzed. Currently, only build scripts compatible with Gradle 7 are supported. Improved Maven support, including support for custom POM files Improved encoding detection algorithm Improved build and file parsing performanceBinary analysis Accuracy improvements on the JDK binary analysis engine, including support for additional third-party security librariesSource code analysis Performance improvements on source code analysis engines Accuracy and compatibility improvements on the .NET source code analysis engine Accuracy and other improvements on the ECMAScript source code analysis engine Accuracy improvements on the PHP source code analysis engineDependency analysis Suppression support and other improvements on the dependency analysis engineRemediation Improvements on the remediation suggestion algorithmsWeakness policies Support for CWE v4.4Interface Improvements on the CLI Autopilot is a new interface for the CLI. At its current form, autopilot will automatically detect the application frameworks, languages, and build tools of the specified source code archive, and use these information to automatically create and start scans for each corresponding frameworks. More functionalities, such as including necessary scan arguments and combining reports, are planned for future releases. Improvements on the Web UI Administration Improved integrity check in the setup programGeneric I/O subsystem performance and scalability improvementsIssues fixed in 2106 MR We fixed an issue where some ASP.NET files are scanned in an ASP scan We fixed an issue where Instant Fixes are not generated for some remediable CWE-89 results We fixed an issue where some ongoing scans are not set to failed after CLEAR Engine restarted", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2109": { "id": "213748", "url": "/en/avm/release-notes/2109", "title": "Lucent Sky AVM version 2109 release notes", "description": "", "date": "2021/9/17", "content" : "Lucent Sky AVM version 2109 releases Lucent Sky AVM version 2109 MR (build 8.2.5108)Lucent Sky AVM version 2109 MRNew features in 2109 MRBuild Improved Maven support, including support for JSP files Compatibility and performance improvements on syntax analysis algorithms Compatibility improvements on encoding detection algorithmsBinary analysis Scalability improvements for the secondary binary analysis engine Improved process monitoring for binary analysis enginesSource code analysis Support for Go applications Scalability improvements for the C/C++, ECMAScript, PHP, and Python source code analysis engines Improvements on the PHP source code analysis engine, including expanded support for PHP 8 Improvements on the ECMAScript source code analysis engine, including better compatibility with embedded JavaScript Improved detection for secrets and sensitive information Improved process monitoring for source code analysis enginesDependency analysis Improved package and version detection algorithmsInterface An offline version of Lucent Sky Docs is now included in the Web UI Usability improvements on the Web UI Support for Eclipse IDE 2021-09 Support for Visual Studio 2022, including 64-bit process and themesAdministration Support for Windows Server 2022Issues fixed in 2109 MR We fixed an issue where queued scans may show as 'Checking' instead of 'Queuing'", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2112": { "id": "217853", "url": "/en/avm/release-notes/2112", "title": "Lucent Sky AVM version 2112 release notes", "description": "", "date": "2022/2/14", "content" : "Lucent Sky AVM version 2112 releases Lucent Sky AVM version 2112 SU1 (build 8.3.5242) Lucent Sky AVM version 2112 MR (build 8.3.5192)Lucent Sky AVM version 2112 SU1New features in 2112 SU1Pre-analysis Performance improvements to the pre-analysis algorithmsBinary analysis Improvements to direct binary analysis for .NET And Java applicationsRemediation Improved remediation for PHP applicationsAdministration Improved error handling during the update processIssues fixed in 2112 SU1 We fixed an issue where activation error messages do not accurately represent the underlying error We fixed an issue where the ROI page on the Web UI returns an errorLucent Sky AVM version 2112 MRNew features in 2112 MRTechnology stack Support for .NET 6 Support for Java 17 Support for Java application developed with Groovy Support for ActionScriptBuild Compatibility improvements for applications using Ant builds Compatibility improvements for JDK IL generation algorithms Compatibility improvements for ASP.NET, JSP, and PHP webpagesBinary analysis Performance and scalability improvements for the secondary binary analysis engine Accuracy improvements for the JDK binary analysis engine General improvements for the binary analysis enginesSource code analysis Performance improvements for the dataflow source code analysis engine General improvements for the source code analysis enginesDependency analysis Improved performance for minified ECMAScript libraries General improvements for the dependency analysis engineRemediation Forth-generation remediation engine is generally-available Accuracy and performance improvements to the remediation algorithms Update guidance is available for vulnerable dependenciesReporting History for individual result is available on the Web UI, HTML, and PDF reports New scoring logic for remediation confidence Support for CWE 4.6 and OWASP Top 10 2021 More accurate reporting for CWE-311 and its child categories Dependencies with CVE are reported as CWE-1104 when the corresponding CWE rules are disabled by weakness policies Dark mode is available for HTML reports Improved syntax highlighting for HTML and PDF reportsInterface Dark mode is available on the Web UI Scan progress is visible on the application and scan index pages Improved syntax highlighting for the Web UI Accessibility and usability improvements to the Web UI The CLI supports scriptable configuration of WCF endpointsAdministration Improvements for the update processIssues fixed in 2112 MR We fixed an issue where the CLI help text is inconsistent We fixed an issue where the 'Information' field is missing in the HTML report We fixed an issue where some OWASP Mobile Top 10 mappings were missing We fixed an issue where some multiple class-scoped results in the same class appear as a single result We fixed an issue where some results in Java applications appear as multiple results We fixed an issue where Gradle logs are not available on the Web UI when build failedBreaking changes in 2112 MRBuild Built-in runtime .NET 5.0 renamed to .NET Core 3.1 No functional change. Both the .NET Core 3.1 runtime and the new .NET 6.0 runtime use the latest MSBuild. JDK 14 updated to JDK 17 No functional change. Custom runtimes and applications using JDK 14 will be migrated to JDK 17 automatically. If these runtimes or applications need to use JDK 11, contact Lucent Sky support. Maven updated to 3.8.4 Breaking change. Custom repositories using HTTP are no longer supported due to changes in Maven 3.8. Migrate custom repositories to HTTPS to enable customer repositories using HTTP in Maven settings. Custom PHP runtime is no longer supported Breaking change. Support for custom PHP runtime is removed as it was for the legacy PHP source code analysis engine. Existing custom PHP runtimes will be migrated to the built-in PHP runtime automatically. Analysis Analysis mode migrated to scan arguments Breaking change. Analysis mode has been migrated from the AnalysisMode property (Scan.Create.AnalysisMode) to part of the Arguments property (Project.Create.Arguments, Project.Edit.Arguments, and Scan.Create.Arguments). Third-party tools relying on the API and the CLI might need to be updated. Legacy PHP source code analysis engine is no longer available Breaking change. Applications set to explicitly use the legacy PHP source code analysis engine (analysis engine ID 14) will be migrated to use the default PHP source code analysis engine, and may have different analysis results. Reporting Individual result history No functional change. Individual result history is not available for scans completed prior to updating to version 2112 MR unless a manual migration is performed. New confidence scoring logic Breaking change. Scan results prior to 2112 MR will be recalculated automatically using the new scoring logic. However, third-party tools relying on the XML report need to be updated. The following table illustrates the changes of the scoring logic: Score Value 2112 MR and later Score Meaning 2112 MR and later Score Value prior to 2112 MR Score Meainng prior to 2112 MR 13 High confidence Instant Fix 3 High confidence Instant Fix 12 High confidence Instant Fix 2 High confidence Instant Fix 11 Low confidence Instant Fix 1 Low confidence Instant Fix 1 Contextual remediation suggestion New to 2112 MR   0 Basic remediation suggestion 0 Remediation suggestion Interface CLI command for creating scans Breaking change. The Mode argument for the Scan.Create method has been deprecated. To create scans with intelligent analysis, remove the Mode argument from the command. To create scans with comprehensive analysis, remove the Mode argument from the command and add AnalysisMode,comprehensive to the Arguments argument. ", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2203": { "id": "220231", "url": "/en/avm/release-notes/2203", "title": "Lucent Sky AVM version 2203 release notes", "description": "", "date": "2022/5/27", "content" : "Lucent Sky AVM version 2203 releases Lucent Sky AVM version 2203 SU1 (build 8.3.5346) Lucent Sky AVM version 2203 MR (build 9.0.5306)Lucent Sky AVM version 2203 SU1New features in 2203 SU1Source code analysis Performance improvementsDependency analysis Compatibility improvementsAdministration Improved correlation information for system errorsIssues fixed in 2203 SU1 We fixed an issue where some vulnerability information are not visible when accessing the Web UI on a low resolution screenLucent Sky AVM version 2203 MRNew features in 2203 MRTechnology stack Support for Ruby Compatibility improvements for ABAP, Apex, and COBOL applicationsBuild Support for Java applications developed with Scala Support for Java applications built with sbtBinary analysis Accuracy and compatibility improvements for applications without source code Compatibility improvements for JDK web applicationsSource code analysis Performance and compatibility improvements for XML-based and YAML configuration files General improvements for the source code analysis enginesDependency analysis Support for dependencies and software bill of material (SBOM) queries Support for additional package managers General improvements for the dependency analysis enginesRemediation Improved update guidance for vulnerable dependenciesIntelligence Real-time intelligence for remediation, dependency analysis, and automatic false positive suppression. With real-time intelligence, Lucent Sky AVM uses localized machine learning and proprietary real-time data to more accurately identify vulnerable software dependencies, generate Instant Fixes and dependency update guidance, and automatically suppress false positives. Some features of real-time intelligence are only available in select markets or only available to customers in the Lucent Sky AVM Preview Program. To learn more about the Lucent Sky AVM Preview Program, visit Introducing Lucent Sky AVM Preview Program. Reporting Support for hiding scan results and bulk suppression hidden results Dependency information in XML reports Improved localization of vulnerability information Accessibility and usability improvements for PDF reports Support for print quality PDF reportsInterface Accessibility and usability improvements to the Web UI Accessibility and usability improvements to the Eclipse plug-in and support for Eclipse 2022-03 Improved error handling in the CLIAdministration Support for user data migrationIssues fixed in 2203 MR We fixed an issue when certain I/O errors occurred during pre-analysis, the scan appears to be stuck in the pre-analysis stage We fixed an issue when the instance only has certain versions of Build Tools for Visual Studio 2022 installed, scanning some .NET applications might fail due to MSBuild is not found We fixed an issue where binary analysis might complete with a 'Symbol files are missing or incompatible' warning even when symbol files were included in the source code archive We fixed an issue where analysis processes were terminated prematurely when process monitoring is enabled We fixed an issue where the Web UI is unable to locate the analysis target We fixed an issue where the 'Analysis Target' field shows 'Custom' when the analysis target was detected automatically in the HTML/PDF reportBreaking changes in 2203 MRThere is no breaking change in 2203 MR.", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2206": { "id": "224498", "url": "/en/avm/release-notes/2206", "title": "Lucent Sky AVM version 2206 release notes", "description": "", "date": "2022/8/17", "content" : "Lucent Sky AVM version 2206 releases Lucent Sky AVM version 2206 SU1 (build 9.1.5429) Lucent Sky AVM version 2206 MR (build 9.1.5389)Lucent Sky AVM version 2206 SU1New features in 2206 SU1Binary analysis Caching performance improvements for the JDK binary analysis engineIntelligence Rule packages are available through real-time intelligence Improved usability on systems with limited Internet connectivityInterface Scan archiving and purging are now available on the Web UIStorage Performance improvements for the storage subsystemAdministration Auto archive of older scans is now available on on-premise instancesIssues fixed in 2206 SU1 We fixed an issue where some placeholder strings are present in the HTML report We fixed an issue where certain special characters are removed from search terms when searching for application names or tags We fixed an issue where certain binary files are counted against the license scope on scans that only use source code analysis We fixed an issue where certain unsupported files are counted against the license scope We fixed an issue where scans occasionally failed with invalid arguments error on instances with high core counts We fixed an issue where some ECMAScript code files might be mistakenly characterized as minified files, therefore skipping some analysesBreaking changes in 2206 SU1Interface CLI argument for archiving and purging scans Potential breaking change. The range of the PurgeThreshold argument has been limited to at least 168 hours and at most 240,000 hours from the current time. Effectively, scans created in the last 7 days cannot be archived or purged. Administration Renamed CLEAR Engine cluster configuration settings No functional change. The setting AutomaticSupression has been renamed to AutoSuppression. However, the value of AutomaticSupression will be used if AutoSuppression is not present. Lucent Sky AVM version 2206 MRNew features in 2206 MRBinary analysis Accuracy improvements for Java applications General improvements for the binary analysis enginesSource code analysis Compatibility improvements for the C#, VB.NET source code analysis engine General improvements for the source code analysis enginesDependency analysis General improvements for the dependency analysis enginesImportation Performance improvements for 3rd-party analysis report importationIntelligence Performance improvements for real-time intelligenceWeakness policies Support for CWE 4.7 Pre-defined categorization for OWASP API Security Top 10 CWE Top 25 are now categorized by yearInterface Support for source code directory upload in the Web UI and the CLIAdministration Instance recovery is available in the CLEAR Engine installerIssues fixed in 2206 MR We fixed an issue where the Application Protection Library is not available for on-premise instances with the On-Demand SKU We fixed an issue where the scan fails when the source code archive contains certain non-Unicode multibyte charactersBreaking changes in 2206 MRThere is no breaking change in 2206 MR.", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2209": { "id": "221031", "url": "/en/avm/release-notes/2209", "title": "Lucent Sky AVM version 2209 release notes", "description": "", "date": "2022/9/22", "content" : "Lucent Sky AVM version 2209 releases Lucent Sky AVM version 2209 MR (build 9.2.5464)Lucent Sky AVM version 2209 MRNew features in 2209 MRBuild Java SE environments without Tomcat to provide faster build performance for non-servlet and non-web Java applications Improvements to the JDK build processBinary analysis Improvements to the binary analysis engine A new implementation of the third-generation provides better support for Java applications, automatic recognition for security libraries following OWASP ESAPI conventions, and incremental improvements on analysis performance. Source code analysis Support for iOS 16 Support for Android API level 32 General improvements for the source code analysis enginesContextual analysis Accuracy improvements for the contextual analysis engineDependency analysis General improvements for the dependency analysis enginesRemediation General improvements for the remediation engines Additional security features in Application Protection Library for ECMAScriptWeakness policies Support for CWE 4.8Issues fixed in 2209 MRThere is no notable issue fixed in 2209 MR.Breaking changes in 2209 MRThere is no breaking change in 2209 MR.", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2212": { "id": "222712", "url": "/en/avm/release-notes/2212", "title": "Lucent Sky AVM version 2212 release notes", "description": "", "date": "2023/2/17", "content" : "Lucent Sky AVM version 2212 releases Lucent Sky AVM version 2212 SU1 (build 9.3.5612) Lucent Sky AVM version 2212 MR (build 9.3.5549)Lucent Sky AVM version 2212 SU1New features in 2212 SU1Pre-analysis Compatibility improvements to the C/C++, C#, ECMAScript, Java, and Python parsersBinary analysis Direct binary analysis improvements to the Java binary analysis engineSource code analysis Compatibility improvements to source code analysis enginesRemediation Improvements to the remediation confidence algorithmsReporting Support for PCI DSS v4.0 (applicable to all currently supported versions of Lucent Sky AVM) File list is available in HTML and PDF reports regardless of verbosityInterface Performance improvements to the Web UIIssues fixed in 2212 SU1 We fixed an issue where some dependencies are not properly classified as dependencies when scanning Python applications We fixed an issue where certain .NET files are not marked as scanned by source code analysis even though they were successfully analyzed by source code analysis We fixed an issue where installing license fails on on-premise instances without Web UI installed We fixed an issue where incorrect line number being reported for results in certain JSP files We fixed an issue where the Web UI returns an error when attempting to delete a large number of applications We fixed an issue where managed MSBuild instead of native MSBuild is used for .NET 7 applicationsBreaking changes in 2212 SU1There is no breaking change in 2212 SU1.Lucent Sky AVM version 2212 MRNew features in 2212 MRTechnology stack Support for .NET 7 and C# 11 Support for Groovy 4 Improved compatibility for server-side scripting languagesBinary analysis Improved Intelligent Analysis efficiencySource code analysis Performance improvements on source code analysis engines General improvements on C/C++, ECMAScript, Go, Java, PHP, and Visual Basic source code analysis engines Improved Intelligent Analysis efficiencyContextual analysis Performance improvements on contextual analysis engineDependency analysis General improvements on the dependency analysis enginesIntelligence Performance improvements on intelligence delivery mechanismsRemediation General improvements on the remediation enginesWeakness policies Support for CWE 4.9Interface API permissions are available on on-premise instances and can be set on the CLI and Web UI Improvements on Web UI in-product documentation The Group interface and additional methods of the Maintenance and User interfaces are available on the CLI The Group interface support complete CRUD operations of Group objects The User interface support complete CRUD and migration operations of User objects New methods in the Maintenance interface support returning license and system information of the CLEAR Engine instance CLI performance improvements Visual Studio extension and Eclipse plug-in have been migrated to API key sign-in Eclipse plug-in now supports Eclipse IDE 2202-06 R, 2202-09 R, and 2202-12 RIssues fixed in 2212 MR We fixed an issue where online activation returns unexpected error for communication issues We fixed an issue where IDE extensions does not support the Network vector when creating a scanBreaking changes in 2212 MRInterface CLI command for creating users Breaking change. The EncodedUserObject argument for the User.Create method has been deprecated. To create a user, supply its email, password, and membership provider through the Email, Password, and Provider arguments respectively. A placeholder password is no longer needed when creating an organizational user. CLI output for application list and user list Breaking change. The format of output of the Application.GetList and User.GetList methods has been changed. If your integration relies on these outputs having a specific format, you may need to modify your integration. Visual Studio extension and Eclipse plug-in no longer support signing in with email and password Breaking change. Visual Studio extension and Eclipse plug-in now require signing in using API keys and no longer accept email and password. ", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2303": { "id": "231754", "url": "/en/avm/release-notes/2303", "title": "Lucent Sky AVM version 2303 release notes", "description": "", "date": "2023/4/13", "content" : "Lucent Sky AVM version 2303 releases Lucent Sky AVM version 2303 MR (build 9.4.5668)Lucent Sky AVM version 2303 MRNew features in 2303 MRTechnology stack Support for Go 1.20 Support for PHP 8.2Build Improvements to the Java build processBinary analysis Improved Intelligent Analysis efficiency for Java applications General improvements for JSF and JSP analysis Improved support for custom security librariesSource code analysis General improvements on C#, C/C++, ECMAScript, Go, PHP, and VB.NET source code analysis engines Improved support for custom security libraries Improved handling of minified and obfuscated source codeDependency analysis General improvements on the dependency analysis enginesRemediation General improvements on the remediation enginesReporting Support for CSV, JSON, and SARIF report formats Improved context on reports and scan details for results without statement due to missing source code or symbols Additional build information available on on reports and scan detailsWeakness policies Support for CWE 4.10 Separate security standard weakness policies for PCI DSS v3.2.1 and PCI DSS v4.0Interface .NET Standard 2.0 support for the API Support for pulling source code from Git and TFVC repositories for scanning Improved handling of network issues in the CLI Performance improvements for the CLI and the Web UIIssues fixed in 2303 MR We fixed an issue where browsers might become unresponsive when using the Web UI to view results containing complex ECMAScript statements We fixed an issue where browsers might become unresponsive when viewing HTML reports containing complex ECMAScript statements We fixed an issue where certain methods of the CLI are incompatible with macOS with Mono 6.12 We fixed an issue where false positives were reported when certain security functions are used to remediate vulnerabilities We fixed an issue where XML reports might have inconsistent SBOM information We fixed an issue where incomplete dependency update guidance not available for certain vulnerable dependencies We fixed an issue where known minified ECMAScript files are being analyzed with source code analysis when Intelligent Analysis is enabledBreaking changes in 2303 MRAnalysis Legacy PHP analysis engine removed Potential breaking change. The legacy PHP analysis engine has been removed. Scan arguments specifying the legacy PHP analysis engine will be migrated to use the default PHP analysis engine. As telemetry indicates that the legacy PHP analysis engine has been used in less than 0.0001% of scans in the past 12 months, most customers are not expected to be impacted by this change. Weakness policies PCI DSS security standard weakness policy split into v3.2.1 and v4.0 Potential breaking change. The PCI DSS secuirty standard weakness policy (PCIDSS) has been split into two, one for PCI DSS v3.2.1 (PCIDSS3) and one for PCI DSS v4.0 (PCIDSS4). Current weakness policy settings utilizing PCIDSS will be migrated to PCIDSS4. ", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2306": { "id": "234598", "url": "/en/avm/release-notes/2306", "title": "Lucent Sky AVM version 2306 release notes", "description": "", "date": "2023/7/28", "content" : "Lucent Sky AVM version 2306 releases Lucent Sky AVM version 2306 MR (build 9.5.5772)Lucent Sky AVM version 2306 MRNew features in 2306 MRBinary analysis General improvements on the Java binary analysis engineSource code analysis Performance and general improvements on the C/C++ source code analysis engine General improvements on the ECMAScript, Go, and PHP source code analysis enginesDependency analysis General improvements on the dependency analysis enginesRemediation General improvements on the remediation enginesWeakness policies Support for CWE 4.12Interface Add autopilot support to the Web UI Autopilot improvements on the CLI Add support for TFVC repositories with paths containing Unicode charactersIssues fixed in 2306 MR We fixed an issue where if an exception occurred during a scan, the core license is not released after the scan has completed We fixed an issue where features from a new license were not available if the license was installed when scans were ongoing We fixed an issue where UTC time was shown on HTML and PDF reports instead of local time We fixed an issue where results from direct binary analysis were mistakenly suppressed when automatic result suppression was enabledBreaking changes in 2306 MRThere is no breaking change in version 2306.", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2309": { "id": "230460", "url": "/en/avm/release-notes/2309", "title": "Lucent Sky AVM version 2309 release notes", "description": "", "date": "2023/11/9", "content" : "Lucent Sky AVM version 2309 releases Lucent Sky AVM version 2309 MR (build 10.0.5877)Lucent Sky AVM version 2309 MRNew features in 2309 MRTechnology stack Support for Dart in .NET, Android, ASP, Go, iOS, Java, PHP, Python, Ruby, and static web applications Support for Java SE 21 Support for explicitly set C/C++ environments on Windows and BSDBuild Automatic analysis target detection If an analysis target has not been explicitly selected, the build engine will attempt to identify potential analysis targets and use a data model to automatically select one as the analysis target. Improved package and dependency management for .NET projects Binary analysis Binary analysis engines have been updated to use the forth-generation analysis architecture Binary analysis for C and C++ are now available on on-premise instances Binary analysis now allows for explicitly setting multiple analysis targets Opportunistic binary analysis Opportunistic binary analysis is an extension of opportunistic analysis. When the build stage failed for a scan, instead of falling back to source code analysis only, opportunistic binary analysis will intelligently identify potential binary analysis targets and switch the scan to direct binary analysis when applicable. Source code analysis Source code analysis engines have been updated to use the forth-generation analysis architecture General improvements on the Android, C/C++, COBOL, ECMAScript, Go, iOS, PHP, and SQL analysis enginesHybrid analysis ML-augmented hybrid analysis ML-augmented hybrid analysis helps automatic suppression work better for each organization by learning how results are triaged and how security and weakness policies are applied. Remediation Remediation engine has been updated to use the forth-generation analysis architecture, improving the accuracy and contextual information for Instant Fixes and remediation suggestions ML-augmented vulnerability remediation ML-augmented vulnerability remediation enables vulnerability remediation algorithms to automatically adept to how developers at each organization write and secure code. Weakness policies Support for 2023 CWE Top 25Interface Multi-factor authentication is now available on on-premise instances Lucent Sky AVM for Visual Studio Code is now generally available and support Visual Studio Code 1.74 and later on Windows, macOS, and Ubuntu Lucent Sky AVM for Visual Studio (previously known as Visual Studio extension) has been updated with support for remediation suggestions and dependency update guidance Lucent Sky AVM for Eclipse IDE (previously known as Eclipse plug-in) has been updated with support for remediation suggestions and dependency update guidance, and support for Eclipse IDE 2023-09Administration The time when the scan is pending due to no available core is no longer included in the scan timeIssues fixed in 2309 MR We fixed an issue where Ruby files not properly marked as scanned by source code analysis We fixed an issue where 2022 CWE Top 25 labels are not displayed in HTML and PDF reports We fixed an issue where an unexpected error occurs when expanding certain 7-Zip archives We fixed an issue where Instant Fix or remediation suggestion might not be available to certain CWE-676 results in Go applications We fixed an issue where specifying the WebAppPath scan argument has no effect on Java applications with certain structuresBreaking changes in 2309 MR Scans created by version 4.7 and earlier are incompatible Breaking change. Scans created by Lucent Sky AVM version 4.7 and earlier are incompatible with version 2309. These scans need to be deleted before an instance can be upgraded to version 2309. Result hashes generated by version 2009 and earlier are incompatible Breaking change. Result hashs and suppression signatures generated by Lucent Sky AVM version 2009 and earlier are no longer recognized by Lucent Sky AVM version 2309. Heuristic rules created with schema version 1 are incompatible Breaking change. Heuristic rule schema has been updated to version 2. Rule packages containing heuristic rules created with version 1 schema need to be updated before they can be used on Lucent Sky AVM version 2309 and later. Latest Java runtime changed from Java SE 17 to Java SE 21 Potential breaking change. The latest Java runtime will be migrated from Java SE 17 to Java SE 21. As a result, custom runtimes and applications set to use the latest Java runtime will be using Java 21. If these applications are incompatible with Java 21, explicity change their runtime from latest to Java SE 17. Analysis target as a comma-separated list Potential breaking change. In verrsion 2309, multiple analysis targets can be specified through a comma-separated list. Therefore, if the path of the analysis target contains commas, the path needs to be enclosed in double-quotes. For example, if the analysis target is ContosoContoso,Web.csproj, it needs to be changed to "ContosoContoso,Web.csproj". Scan argument changes BuildOutputPath - Potential breaking change. In version 2306 and prior, build output path (specified through the scan argument BuildOutputPath) is relative to the root of the source code archive. In version 2309, it is relative to the parent directory of the analysis target (explicitly specified or automatically found). For example, if the analysis target is ContosoContoso.csproj and the build output path is ContosoDebugContoso.dll, the BuildOutputPath scan argument needs to be changed from ContosoDebugContoso.dll to DebugContoso.dll. JavaSourcePath - Potential breaking change. In version 2306 and prior, Java source path (specified through the scan argument JavaSourcePath) is relative to the root of the source code archive. In version 2309, it is relative to the parent directory of the analysis target (explicitly specified or automatically found). For example, if the analysis target is Contosopom.xml and the Java source path is Contososource, the JavaSourcePath scan argument needs to be changed from Contososource to source. WebAppPath - Potential breaking change. In version 2306 and prior, the root of web app within the project (specified through the scan argument WebAppPath) is relative to the root of the source code archive. In version 2309, it is relative to the parent directory of the analysis target (explicitly specified or automatically found). For example, if the analysis target is Contosopom.xml and the root of web app is Contosowebapp, the WebAppPath scan argument needs to be changed from Contosowebapp to webapp. ", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2403": { "id": "248075", "url": "/en/avm/release-notes/2403", "title": "Lucent Sky AVM version 2403 release notes", "description": "", "date": "2024/5/1", "content" : "Lucent Sky AVM version 2403 releases Lucent Sky AVM version 2403 SU1 (build 10.2.6050) Lucent Sky AVM version 2403 MR (build 10.2.6004)Lucent Sky AVM version 2403 SU1New features in 2403 SU1Build Compatibility improvements to analysis target detection algorithmsBinary analysis Performance improvements for very large binary files Compatibility improvements to opportunistic binary analysis algorithmsWeakness policies Support for CWE 4.14Interfaces Improved UI/UX for binary analysis results when source code and symbols are unavailableIssues fixed in 2403 SU1 We fixed an issue where certain binary files are excluded from license check on Lucent Sky AVM On-Demand instances We fixed an issue where hash is missing for some files when advanced dependency discovery is enabled We fixed an issue where opportunistic binary analysis is not triggered for certain ASP.NET applicationsLucent Sky AVM version 2403 MRNew features in 2403 MRTechnology stack Support for .NET 8Build Improved MSBuild support for .NET Framework applications .NET Framework applications will use the MSBuild bundled with .NET Framework 4.8 by default, instead of the MSBuild builded with the .NET Framework running CLEAR Engine. In addition, it is possible to use the MSBuild bundled with .NET Framework 3.5 by setting the MSBuild scan argument to 2. Automatic Java source path detection If the Java source path of a Java application is not at a conventional location (such as src/main/java) and nor specified in the JavaSourcePath argument, build engine will attempt to detect the correct Java source path instead of failing the scan. If a valid Java source path could not be found, the hybrid analysis engine will use contextual information to correlated binary files and source code files. General improvements on the .NET build engine General improvements on on the Java build engine Build caching for Java applications are enabled by default Performance and compatibility improvements for Ant projects Support for using wildcard to specify multiple build artifacts for Maven projects Binary analysis Improvements on direct binary analysis for Java applications Support for JSP when using direct binary analysis Additional context and improved performance when using direct binary analysis on Java binaries without source code Support for automatic Java source path detection and Java source path hints (by explicitly specifying the JavaSourcePath scan argument) when using direct binary analysis on Java binaries without source code Improved context and diagnosis on direct binary analysis with missing or mismatching source code General improvements on binary analysis engines General improvements on opportunistic binary analysisSource code analysis Accuracy and performance improvements on the Android and iOS source code analysis engines General improvements on the C/C++, ECMAScript, PHP, and Python source code analysis enginesDependency analysis Performance improvements when using Real-time Intelligence Stability improvementsHybrid analysis Automatic Java source path detection If a valid Java source path is not available, either because the source code is not at a conventional location or because the source path was not specified, the hybrid analysis engine will use contextual information to correlated binary files and source code files. General improvements on ML-augmented hybrid analysis Remediation General improvements on ML-augmented vulnerability remediationReporting Support for generating SPDX reports alongside JSON reportsWeakness policies Support for CWE 4.13Interfaces German and Japanese Web UI are now available on on-premise instances General improvements on the Web UIAdministration New installation of CLEAR Engine will use SQL Server 2022 by default Process isolation is now available on on-premise instances and enabled by default Support for Azure Monitor as an APM providerIssues fixed in 2403 MR We fixed an issue where certain PHP files caused unexpected errors during source code analysis We fixed an issue where it is not possible to specify the build output path for MSBuild to the parent directory of its project file We fixed an issue where it is not possible to specify the Java source path to the parent directory of its project file We fixed an issue where the default settings for multi-factor authentication on on-premise instances is disabled instead of enabled We fixed an issue where certain binary library files are counted toward the LOC license limit We fixed an issue where validation fails unexpected when creating a new scan by uploading a directory We fixed an issue where an incorrect build artifact was used for binary analysis on Java applications using certain custom JDK 1.8 runtimes We fixed an issue where some results are missing filenames in Java application using sbt due to case sensitivity We fixed an issue where results from certain precompiled JSP files are reported twiceBreaking changes in 2403 MR Managed MSBuild and the MSBuild scan argument Potential breaking change. In version 2403, managed MSBuild has been deprecated. In previous versions, .NET Framework applications default to managed MSBuild and are built with the MSBuild bundled with the .NET Framework running CLEAR Engine. In version 2403, .NET Framework applications defaults to the MSBuild bundled with .NET Framework 4.8. In addition, two additional value are available for the MSBuild scan argument. Setting it to 4 (the default value, which is identical to Managed) indicates that MSBuild bundled with .NET Framework 4.8 should be used, while setting it to 2 indicates that MSBuild bundled with .NET Framework 3.5 should be used. The default runtime for Java applications Potential breaking change. When creating a new Java application in version 2312 and earlier, it will use Tomcat 7 (Java SE 6) as the default runtime. In version 2403, it will use Tomcat 9 (Java SE 8) as the default runtime. This only affects newly created applications and does not change the selected runtime for existing applications. Ant projects and their build artifacts Potential breaking change. In version 2312 and earlier, when building a Java application without a explictly specified build file, a template build file will be used alongside the application's own build file (if it has one) to improve compatibility of the build process. With improvements of the Java build engine in version 2403, this is no longer necessary and Ant projects with valid build files will be built only with their own build files. Ant projects without a build file will continue to use the template build file. Potential breaking change. In version 2312 and earlier, if no build artifact is specified and Ant produces multiple build artifacts, the first one produced will be used for binary analysis. In version 2403, the build engine searches for the primary build artifact in the buildjar directory, then in the build directory, and finally in the entire project directory. The BuildOutputPath scan argument Potential breaking change. In version 2309, not setting the scan argument and setting it to empty both indicate that the build output path is not set. In version 2403, setting it to empty indicates that it should be set to the parent directory of the project file(s). For Java applications, setting it to empty will result in the scan arguments being invalid. The JavaSourcePath scan argument Potential breaking change. In version 2309, not setting the scan argument and setting it to empty both indicate that the Java source path is not set. In version 2403, setting it to empty indicates that it should be set to the parent directory of the project file(s). New Relic account and application linking Breaking change. In version 2309 and earlier, only New Relic is supported as an APM provider. As version 2403 adds support of additional APM providers, the linking schema has changed. Applications previously linked between Lucent Sky AVM and New Relic will be unlinked and need to be linked again. ", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2406": { "id": "243606", "url": "/en/avm/release-notes/2406", "title": "Lucent Sky AVM version 2406 release notes", "description": "", "date": "2024/6/19", "content" : "Lucent Sky AVM version 2406 releases Lucent Sky AVM version 2406 MR (build 10.3.6099)Lucent Sky AVM version 2406 MRNew features in 2406 MRTechnology stack Support for PHP 8.3 Improved support for C# 11, 12, and VB.NET 19BuildBinary analysis Additional context when analyzing Java binary files without symbols or corresponding source code General improvements on binary analysis enginesSource code analysis Accuracy and performance improvements on the .NET and Java source code analysis engines Performance improvements when using intelligent analysis General improvements on the C/C++, ECMAScript, Go, and PHP source code analysis enginesDependency analysis Improved dependency identification algorithms General improvements on dependency analysis enginesHybrid analysis General improvements on ML-augmented hybrid analysisRemediation General improvements on remediation for results identified by binary analysis General improvements on ML-augmented vulnerability remediationImportation Compatibility improvements on importation of OpenText Fortify analysis reportsReporting Support for 'quick mode' when generating HTML reports, which has certain interactive features such as syntax highlighting deactivated by defaultInterfaces Localization improvements on the API and the Web UI General improvements on the Web UIAdministrationIssues fixed in 2406 MR We fixed an issue where long statements are partially obstructed in high-quality PDF reportsBreaking changes in 2406 MR Dependency analysis result hash Breaking change. In version 2406, an updated hash algorithm is used for vulnerable dependencies. While this allows for better correlation of dependency vulnerabilities across applications and projects, the hash for a result identified by dependency analysis will differ from the hash of the same result in earlier versions. In addition, suppression signatures generated by earlier versions will no longer be recognized in version 2406. ", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2409": { "id": "245279", "url": "/en/avm/release-notes/2409", "title": "Lucent Sky AVM version 2409 release notes", "description": "", "date": "2024/10/16", "content" : "Lucent Sky AVM version 2409 releases Lucent Sky AVM version 2409 MR (build 11.0.6218)Lucent Sky AVM version 2409 MRNew features in 2409 MRTechnology stack Support for Lua applications Support for Rust applicationsWeakness policies Support for CWE 4.15Pre-analysis and Build Improvements on the Go parser Compatibility improvements on multi-module Maven projectsBinary analysis Support for C and C++ binaries in ELF and Mach-O formats Accuracy improvements on the .NET binary analysis engine Improved compatibility for analyzing binary files without source code mapping Improvements on opportunistic binary analysis algorithms General improvements on binary analysis enginesSource code analysis Infrastructure-as-code analysis generally available Source code analysis for infrastructure-as-code (IaC) can detect insecure access control, exposure of sensitive data, and other misconfigurations in IaC files using Bicep and Terraform. Improvements on intelligent analysis algorithms Accuracy improvements on the .NET and Java source code analysis engines General improvements on the C/C++, ECMAScript, Go, PHP, and Python source code analysis enginesDependency analysis Improved dependency identification algorithms General improvements on dependency analysis enginesHybrid analysis General improvements on ML-augmented hybrid analysisRemediation Explanations for vulnerabilities and remediation Explanations provide additional context to identified vulnerabilities and their remediation, such as how a vulnerability might be exploited and why the remediation can prevent the vulnerabilities from being exploited. General improvements on remediation engine General improvements on ML-augmented vulnerability remediationReporting Remediation confidence revision Remediation categories and confidence levels have been revised to provide a unified experience: Instant Fix remains the name of remediation that is production-ready and can be applied directly to code. The remediation confidence can be high or low. Guided Fix is the new name for contextual suggestion, remediation generated from the vulnerable source code, but requires developer review before it can be applied to code. The remediation confidence is always guided. Guided Update is the new name for update guidance, remediation enabling developers to update vulnerable dependencies to a secure version in a single step. The remediation confidence is always guided. Suggestion is reserved for generic recommendations that are based on the application's technology stack. The remediation confidence is always none. XML schema revision Interfaces Cross-platform CLI generally available Also referred to as CLI Core, the new cross-platform CLI is built with .NET 8 and works natively on Windows, Linux, and macOS. It has feature parity and shares the same syntax with the CLI built with .NET Framework, and can be used as a direct replacement. To learn more about the cross-platform CLI, view the following article in the Lucent Sky Knowledge Base:Get started with Lucent Sky AVM CLI Lucent Sky AVM for IntelliJ IDEA generally available Lucent Sky AVM for IntelliJ IDEA is the latest IDE extensions and plugins of Lucent Sky AVM, enabling Java and Kotlin developers to scan and secure their applications as they write their code in a familiar environment. To learn more about Lucent Sky AVM for IntelliJ IDEA, view the following article in the Lucent Sky Knowledge Base:Get started with Lucent Sky AVM for IntelliJ IDEA Cross-platform support for Lucent Sky AVM for Eclipse General improvements on the Web UI General improvements on the CLI General improvements on the APIAdministration General improvements of the CLEAR Engine installerIssues fixed in 2409 MR We fixed an issue where certain exceptions in .NET and Java applications misclassified We fixed an issue where some result details might be missing when process concurrency is enabled We fixed an issue where broadcast messages might be obfuscated on the Web UI We fixed an issue where certain CWE-209 results are missed by Java source code analysis We fixed an issue where certain autopilot failures might cause previous autopilot scans of the same application to be deleted We fixed an issue where certain results might be missing when using intelligence analysis on instances with very large number of vCPUs We fixed an issue where Lucent Sky AVM for VS Code fails to load scans with no identified result.Breaking changes in 2409 MR XML report schema Breaking change. The XML report schema for item collections has changed. The following table illustrates the changes: 2409 and later 2406 and earlier report/scan/results/result report/scan/result report/scan/results/result/transformations/transformation report/scan/result/transformation report/scan/results/result/explanations/explanation N/A report/scan/files/file report/scan/file report/scan/files/file/dependencies/dependency report/scan/file/dependency CLI internal methods Potentially breaking change. The output of method Scan.GetStages has changed. The method Tools.DetectFramework requires authentication. IDE extensions and plugins requirements Breaking change. Lucent Sky AVM for Eclipse, IntelliJ IDEA, and VS Code, and Visual Studio now requires the cross-platform CLI. This change enables compatibility with Linux and macOS. The directories IDE extensions and plugins will look for the CLI remain unchanged. ", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2412": { "id": "242017", "url": "/en/avm/release-notes/2412", "title": "Lucent Sky AVM version 2412 release notes", "description": "", "date": "2024/12/17", "content" : "Lucent Sky AVM version 2412 releases Lucent Sky AVM version 2412 MR (build 11.1.6275)Lucent Sky AVM version 2412 MRNew features in 2412 MRWeakness policies Support for CWE 4.16Pre-analysis and build Support for scanning from Subversion repositoriesSource code analysis Compatibility improvements on ASP and ASP.NET General improvements on the source code analysis enginesDependency analysis General improvements on dependency analysis enginesHybrid analysis General improvements on the hybrid analysis enginesRemediation General improvements on ML-augmented vulnerability remediation and explanationsInterfaces General improvements on the Web UI Support for recent versions of Eclipse IDE, InteliJ IDEA, and Visual Studio CodeAdministration Support for Windows Server 2025 General improvements of the CLEAR Engine installerIssues fixed in 2412 MR We fixed an issue where scan logs are not available when build failed with opportunistic analysis enabled We fixed an issue where users are unable to change password on instances with certain versions of CryptoAPI We fixed an issue where certain control characters in statements prevent HTML reports from being correctly generated We fixed an issue where certain CWE-295 results in Ruby are incorrectly suppressed when automatic suppression is enabled We fixed an issue where APL for ECMAScript is not included in the remediated source code archiveBreaking changes in 2412 MR Build tools in custom .NET runtimes Potentially breaking change. The build tools in custom .NET runtimes will only allow latest and managed. Existing custom runtimes using legacy values such as framework and visualstudio will be migrated to their corresponding new values. ", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2503": { "id": "251403", "url": "/en/avm/release-notes/2503", "title": "Lucent Sky AVM version 2503 release notes", "description": "", "date": "2025/03/20", "content" : "Lucent Sky AVM version 2503 releases Lucent Sky AVM version 2503 MR (build 11.2.6375)Lucent Sky AVM version 2503 MRNew features in 2503 MRTechnology stack Support for Perl Support for PHP 8.4Weakness policies Support for mappings between OWASP Mobile Top 10 2024 and CWE IDs Revision of mappings between PCI DSS 4.0 and CWE IDsBinary analysis General improvements on the .NET and Java binary analysis enginesSource code analysis Expanded secret scanning Performance and accuracy improvements on the source code analysis engines Compatibility improvements on Java applications with JSF and JSP files Compatibility improvements on static web sites General improvements on the ABAP, ASP, C/C++, ECMAScript, Go, PHP, Python, and static web pages source code analysis enginesDependency analysis Improvements on Maven packages and Node modules analysis General improvements on dependency analysis enginesHybrid analysis General improvements on the hybrid analysis enginesRemediation General improvements on remediation for ASP applications General improvements on ML-augmented vulnerability remediation and explanationsReporting Intelligence System configuration in HTML and PDF reportsInterfaces Dependency interface available on the API, CLI, and Web UI On the CLI, the GetList method in the Dependency interface returns a list of dependencies discovered in previous scans, while the GetProjectList method returns a list of applications which have a dependency in the most recent scan. On the Web UI, a dedicated interface enables browsing dependencies discovered in previous scans, filtering dependencies by their vendors, product names, and versions, as well as viewing a list of applications which have a dependency in the most recent scan. The Dependency interface in the API enables these features and provides additional ways to interact with discovered dependencies. Performance, security, and user experience improvements on the Web UI Intelligence System configuration on the Web UIAdministration General improvements of the CLEAR Engine installerIssues fixed in 2503 MR We fixed a bug where remediated CWE-94 vulenrabilities are still reported We fixed a bug where a long-running scan might fail with certain storage configurations We fixed a bug where enforcing MFA system-wide has no effect on certain usersBreaking changes in 2503 MR The Query.QueryDependency method of the API Deprecation. The Query.QueryDependency method of the API has been deprecated in favor of methods introduced in the Dependency interface of the API. The deprecated methods might be removed in a later release. 80-bit TOTP MFA shared secret Deprecation. The shared secret for TOTP multi-factor authentication has been increased to 160-bit. Existing TOTP MFA will continue to work, but MFA-enabled users are recommended to adopt 160-bit shared secret by resetting their TOTP MFA. ", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2506": { "id": "258633", "url": "/en/avm/release-notes/2506", "title": "Lucent Sky AVM version 2506 release notes", "description": "", "date": "2025/07/17", "content" : "Lucent Sky AVM version 2506 releases Lucent Sky AVM version 2506 MR (build 11.3.6498)Lucent Sky AVM version 2506 MRNew features in 2506 MRWeakness policies Support for CWE 4.17 Support for PCI-DSS 4.0.1Binary analysis Improved data-flow analysis in binary analysis for Java applicationsSource code analysis Improved data-flow and control-flow analysis and other general improvements in source code analysis for C#, Java, and VB.NET General improvements in the ASP, ECMAScript, Go, PHP, and Python source code analysis engines More efficient source code analysis infrastructure, with performance improvements in all source code analysis enginesDependency analysis General improvements in the dependency analysis engineRemediation Expanded availability of Instant Fixes and Guided Fixes for .NET, ASP, and Java applications More accurate Guided Fixes for vulnerable dependencies through ML-augmented dependency analysis General improvements in the remediation engine General improvements in ML-augmented vulnerability remediation and explanationsInterfaces Enhancements in the Dependency interface Notable enhancements include significant performance improvements when querying dependencies, and ability to list dependencies discovered in a particular application or scan. Performance and user experience improvements in the Web UI On the Web UI, notable changes include improved navigation between different data views, the ability to open results in new tabs, and improved data availability in low data mode. Improved error handling in the CLI General improvements in the dependency interfaceAdministration API key expiration Starting with version 2506, API keys created on the Web UI has a configurable expiration date with a 90-day default. API keys created using the API already has a configurable expiration date but do not expire by default. Cluster-wide analysis mode configuration A custom default analysis mode can be configured for all applications or by technology stack in the storage configuration. Issues fixed in 2506 MR We fixed a bug where CWE Top 25 categories might be displayed with incorrect years in the HTML and PDF reports We fixed a bug where Active Directory users can be added when Active Directory is unavailable We fixed a bug where the MultiFactorAuthentication and ProcessIsolation settings are reverted to defaults during upgrades We fixed a bug where repository settings are visible to application membersBreaking changes in 2506 MR The Result interface of the API Potentially breaking change. Several internal properties of the models used by methods in the Result interface have been renamed. The Maintenance interface of the CLI Breaking change. The JSON outputs for the methods in the Maintenance interface have been changed to a dictionary from an array of dictionaries and the keys have been changed to snake_case from PascalCase. This change makes the output structure consistent with other similar methods in the CLI. ", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2509": { "id": "254468", "url": "/en/avm/release-notes/2509", "title": "Lucent Sky AVM version 2509 release notes", "description": "", "date": "2025/09/26", "content" : "Lucent Sky AVM version 2509 releases Lucent Sky AVM version 2509 MR (build 12.0.6555)Lucent Sky AVM version 2509 MRNew features in 2509 MRWeakness policies Support for CWE 4.18 Improved mappings for PCI DSS 4.0.1Pre-analysis and build General improvements in the ECMAScript and Swift parsersBinary analysis General improvements in the Java binary analysis engineSource code analysis General improvements in the C/C++, ECMAScript, Go, PHP, and Python source code analysis engines Expanded support for Bicep, SQL, Terraform files Improved analysis for minified ECMAScript files Improved Intelligent Analysis algorithms and performanceDependency analysis Improved dependency identification and correlation algorithms Improved license observation algorithms Performance improvements on the dependency analysis engineRemediation General improvements in ML-augmented vulnerability remediation and explanationsReporting Secure score Secure score aggregates security findings from a scan into a single score to help developers and stakeholders assess the security posture of an application at a glance. The higher the score, the lower the application's identified risk level is. The algorithms take into account over 200 signals generated during the scan to calculate the secure score, including the risk identified vulnerabilities and the ease of remediation, the exploitability and reachability of vulnerable software components, and the general context of the application. The CVSS score of a vulnerable dependency now includes the original CVSS base score of the vulnerability along with the calculated CVSS base score for the vulnerable dependency in the context of the application. Interfaces User experience enhancements in the Web UI Streamlined navigation between different context, such as navigating from the vulnerability list of a scan to the dependency list of a scan. The application list and scan list have been resigned application to improve information density. The Efficiency Hub has been updated to show secure score trends. The Dependency API is now generally available with additional enhancements Additional context is available when viewing the details of a dependency on the Web UI, such as applications referencing the dependency, files where the dependency were discovered, vulnerabilities resulted from the dependency, and the observed licenses of the dependency. Performance improvements for the Dependency interfaces of the API and the CLI. The File API is now generally available with support for additional file types The File API supports retrieving the content of a specific file of a scan. On the Web UI, the File API enables viewing files related to a specific vulnerability or dependency, as well as highlighting relevant lines. Support for recent versions of Eclipse IDE, InteliJ IDEA, and Visual Studio Code Issues fixed in 2509 MR We fixed a bug where the scan may fail when the source code archive contains certain license files We fixed a bug where a file was parsed using an alternative parser We fixed a bug where syntax highlighting on the Web UI is always set to dark mode We fixed a bug where scan tags are not visible on the scan index pageBreaking changes in 2509 MR The Project interface of the API Breaking change. The Clone method has been deprecated and removed. Developers should switch to the Duplicate method, which has the same parameters and return type but performs additional checks when duplicating an application. The Scan Details API model Potentially breaking change. In 2506 MR and earlier, the AnalysisEngines field in the Scan Details API model returns the analysis engines that were configured to execute during a scan. In 2509 MR, it returns the analysis engines that were actually executed during a scan. As a result, when accessing scans created by an agent running versions earlier than 2509 MR, this field returns an empty list. Preview configuration Potentially breaking change for on-premise instances. In 2506 MR and earlier, preview features are enabled by configuring the Preview CLEAR Engine setting. In 2509 MR, it is enabled by including the preview flag in the FeatureFlags CLEAR Engine setting. ", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2512": { "id": "251567", "url": "/en/avm/release-notes/2512", "title": "Lucent Sky AVM version 2512 release notes", "description": "", "date": "2026/02/02", "content" : "Lucent Sky AVM version 2512 releases Lucent Sky AVM version 2512 MR (build 12.1.6703)Lucent Sky AVM version 2512 MRNew features in 2512 MRTechnology stack Support for .NET 10 Support for Java 25 Support for PHP 8.5 Support for Python 3.14Weakness policies Support for CWE 4.19.1 Support for CWE Top 25 2025 Support for OWASP Top 10 2025Pre-analysis and build New parsing and lexing infrastructure A new unified parsing and lexing infrastructure has been introduced to enable more accurate and consistent code analysis across all supported languages. This redesigned foundation provides more accurate handling of modern language features across supported languages, such as those introduced in recent versions of C#, Dart, ECMAScript, Python, and others. While the new infrastructure offers greater accuracy and extensibility, it may introduce a slight performance regression in limited scenarios. Parsing and lexing performance is expected to improve over the next two releases as the new infrastructure being optimized. Binary analysis General improvements in the .NET and Java binary analysis enginesSource code analysis General improvements in the Bash, C/C++, C#, ECMAScript, Go, Java, PHP, PowerShell, Python, Ruby, and VB.NET source code analysis enginesDependency analysis Improved dependency discovery and analysis for binary files built with .NET, C/C++, Go, Java, and Rust Expanded license observation coverage Improved vulnerability identification algorithms Performance improvements on the dependency analysis engineRemediation General improvements in the remediation engines General improvements in ML-augmented vulnerability remediation and explanationsReporting Improved secure score calculation algorithms Support for CycloneDX 1.7 SBOM generationInterfaces Support for Visual Studio 2026 and recent versions of Eclipse, IntelliJ, and Visual Studio CodeIssues fixed in 2512 MR We fixed a bug where long statements might be cut off on PDF reports We fixed a bug where the charts in report might show incorrect number of results when remediation is disabled We fixed a bug where real-time intelligence updates might fail when network latency is exceedingly highBreaking changes in 2512 MR Result hash Breaking change. The new parsing and lexing infrastructure uses more information to generate the hash of a result. While this change increases hash specificity and sensitivity, some result hashes might change. As a result, some suppression signatures generated by previous versions of Lucent Sky AVM might no longer be recognized by version 2512 and later. SBOM generation Potentially breaking change. The file names for generated CycloneDX SBOM and SPDX SBOM have been changed to Report.cdx.json and Report.spdx.json in 2512 MR. Visual Studio integration Potentially breaking change. Using Lucent Sky AVM for Visual Studio in Visual Studio 2015 is no longer supported. Lucent Sky AVM for Visual Studio might work for Visual Studio 2015 and older versions of Visual Studio, but such scenarios are not supported. ", "keywords": "avm, releasenotes" } , "/en/avm/release-notes/2603": { "id": "267105", "url": "/en/avm/release-notes/2603", "title": "Lucent Sky AVM version 2603 release notes", "description": "", "date": "2026/03/30", "content" : "Lucent Sky AVM version 2603 releases Lucent Sky AVM version 2603 MR (build 12.2.6752)Lucent Sky AVM version 2603 MRNew features in 2603 MRPre-analysis and build Improved parsing and lexing for Dart, Visual Basic, and VBScript Improved opportunistic analysis algorithms Source code analysis Performance and other improvements in the C/C++, C#, ECMAScript, Go, Java, PHP, Python, Ruby, and VB.NET source code analysis enginesDependency analysis Vulnerability interface available on the API and Web UI On the Web UI, a dedicated interface enables browsing vulnerabilities discovered in previous scans or during routine monitoring, sorting vulnerabilities by their severity or discovery dates. The details page provides information on the vulnerability, as well as the dependencies and applications impacted by the vulnerability. The Vulnerability interface in the API enables these features and provides additional ways to interact with discovered dependency vulnerabilities Enhancements in dependency management Notable enhancements include expanded license discovery and management that utilizes both on-device machine learning and Real-time Intelligence to more accurately identify licenses of software components and dependencies, and the ability to manually override identified dependency information and licenses. Vulnerability monitoring is now available on on-premise instances Improved dependency discovery and analysis for ECMAscript and Node.js Performance improvements on the dependency analysis engineRemediation The ML-augmented vulnerability remediation adapts more efficiently to developer preferences and work more effectively for teams with diverse or conflicting security policies General improvements in ML-augmented vulnerability remediation and explanationsReporting General improvements in Secure Score calculationInterfaces Performance enhancements in the API and the Web UI A new I/O subsystem intelligently adapts to the IOPS of on-premises instances to provide faster and more consistent API performance, particularly on systems with slower IOPS and a large number of applications or scans. User experience enhancements in the Web UI Issues fixed in 2603 MR We fixed a bug where scans might fail when analyzing C# and VB.NET files that contains syntax errorsBreaking changes in 2603 MRThere is no breaking change in version 2603.", "keywords": "avm, releasenotes" } , "/en/avm/troubleshoot/ant": { "id": "337854", "url": "/en/avm/troubleshoot/ant", "title": "Troubleshoot Ant errors", "description": "", "date": "2020/12/1", "content" : "SymptomsWhen you scan a Java application in Lucent Sky AVM and the JavaBuild scan argument is not set or set to Ant, the scan fails with the following errors:One or more Ant build errors occurred when building the application. (-42220040)One or more Ant build errors occurred when building the application. (-42220041)In addition, Ant build log contains the following message:BUILD FAILEDCauseWhen scanning a Java application and the JavaBuild scan argument is not set or set to Ant, Apache Ant is used to build the application. If errors occurred during Ant build, the scan fails.ResolutionTo resolve this issue, use the following methods starting with the first method below. If that does not resolve the issue, try the next method.Method 1Resolve errors in Ant logs, then scan the application again.To learn more about common types of Ant errors, see the More Information section.Method 2Use direct binary analysis to scan Java applications without building them in Lucent Sky AVM. To learn more about how to use direct binary analysis, view the following article in the Lucent Sky Knowledge Base:Scan an application using direct binary analysisMethod 3To disable binary analysis and only use source code analysis to scan a Java application, include AnalysisEngines,20 in scan arguments.More InformationWhen a build file (such as build.xml) is not specified, Lucent Sky AVM attempts to find a build file in the source code archive. If a build file is found, a modified copy of the build file is created for use in the build process to improve its compatibility. However, this modification might instead cause the application fail to build. To use a specific build file as it is in the build process, specify the relative path to the build file in the source code archive in Analysis Target.Common types of Ant build errors include: A package does not exist or a symbol cannot be found - javac could not find the JAR library containing the namespace or class listed in the error message. Place the required JAR library in the lib directory of the application. findJAR.com might be helpful in locating the JAR library containing a certain class file. Syntax and semantic errors - There are two common causes of syntax and sematic errors in a JDK compilation, either that there are actual syntax and semantic errors in the source code, or the source code was compiled with an incorrect encoding. For more information on how to resolve encoding problems, view the following article in the Lucent Sky Knowledge Base:Troubleshoot encoding problems", "keywords": "avm, troubleshoot, build, java, ant" } , "/en/avm/compliance/application-frameworks-and-languages": { "id": "229053", "url": "/en/avm/compliance/application-frameworks-and-languages", "title": "Application frameworks and languages supported by Lucent Sky AVM", "description": "", "date": "2026/02/23", "content" : "This article describes the application frameworks and languages supported by Lucent Sky AVM.Supported application frameworks and languagesThis table denotes the application frameworks and languages supported by Lucent Sky AVM. Application framework Languages Versions1 .NET C#VB.NET .NET Core 1.0 - 3.1.NET Framework 2.0 - 4.8.NET 5 - 10 Active Server Page VBScript 3.0 Android C#DartECMAScriptJavaKotlin API Level 10 - 36 C and C++ CC++ C89 - C23C++98 - C++23 Go Go 1.25 iOS C#DartECMAScriptObjective-CSwift 6 - 26 Java GroovyJavaScala 1.5 - 25 Lua Lua 5 PHP PHP 4 - 8.5 Python Python 2 - 3.14 Ruby Ruby 2 - 4 Rust Rust 1 Visual Basic Visual Basic 6 Lucent Sky AVM also supports cross-framework languages such as Bash, CFML, CFScript, CSS, Dart, ECMAScript (including ActionScript, JavaScript, and TypeScript), HTML, PowerShell, and SQL, and data interchange and configuration languages such as Bicep, HCL, JSON, XML, and YAML.Lucent Sky AVM instances with specific add-on licenses also support domain-specific languages, such as ABAP, Apex, COBOL, EGL, and SQR.1.Only application framework and language versions that have been released are included. Lucent Sky AVM may support preview or otherwise unreleased versions of application frameworks and versions. For more information about support for an unreleased version of an application framework or language, contact Lucent Sky support.", "keywords": "avm, compliance, list" } , "/en/avm/troubleshoot/aspnet-compilation": { "id": "321792", "url": "/en/avm/troubleshoot/aspnet-compilation", "title": "Troubleshoot ASP.NET compilation errors", "description": "", "date": "2024/1/19", "content" : "SymptomsWhen you scan a ASP.NET web application or web site in Lucent Sky AVM, the scan fails with one of the following errors:MSBuild was skipped. ASP.NET compilation failed. (-42110061)MSBuild failed. ASP.NET compilation failed. (-42110063)MSBuild did not produce expected output. ASP.NET compilation failed. (-42110064)Alternatively, the scan might complete but with the following warning:ASP.NET compilation failed. Output from MSBuild will be used instead. (41110042)CauseWhen scanning a ASP.NET web application web site, ASP.NET Compilation Tools is used to compile dynamic web pages and controls to assemblies. If errors occurred during ASP.NET compilation, the scan fails or completes partially.ResolutionTo resolve this issue, use the following methods starting with the first method below. If that does not resolve the issue, try the next method.Method 1Resolve errors in ASP.NET compilation logs, then scan the application again. ASP.NET compilation logs contain the following error message: error ASPCONFIG: Could not load file or assembly '...' or one of its dependencies. An attempt was made to load a program with an incorrect format. The web application or web site uses an assembly that is x86 only. By default, Lucent Sky AVM uses the 64-bit version of ASP.NET Compilation Tool, which cannot load a x86 only assembly. To make Lucent Sky AVM use the 32-bit version of ASP.NET Compilation Tool, Include Bitness,32 in scan arguments. ASP.NET compilation logs contain the following error message: error ASPCONFIG: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. This error commonly occurs when Lucent Sky AVM failed to correctly detect the root of the web application or web site. For web applications, specify the relative path of its project file in the source code archive as the analysis target. For example, Contoso.WebContoso.Web.csproj; for web sites, put its root directory in the root of the source code archive. ASP.NET compilation logs contain the following error message: error ASPPARSE: Could not load type '...' A reference used by the web application or website is missing. Make sure all referenced assemblies exist in the bin directory of the ASP.NET web application or web site. ASP.NET compilation logs contain the following message: error ASPRUNTIME: The current identity (NT AUTHORITYNETWORK SERVICE) does not have write access to 'C:WindowsMicrosoft.NETFramework64v2.0.50727Temporary ASP.NET Files'. Process isolation is enabled, but the NetworkService account does not have access to directories used by ASP.NET 2.0. To grant it access, run the following command as an administrator on the system running CLEAR Engine: C:WindowsMicrosoft.NETFramework64v2.0.50727aspnet_regiis.exe -ga "NT AUTHORITYNETWORK SERVICE" To learn more about resolving ASP.NET compilation errors before scanning the web application or web site, see the More Information section.Method 2Use direct binary analysis to scan ASP.NET web applications or web sites without building them in Lucent Sky AVM. To learn more about how to use direct binary analysis, view the following article in the Lucent Sky Knowledge Base:Scan an application using direct binary analysisMethod 3To disable binary analysis and only use source code analysis to scan a ASP.NET web application or web site, include AnalysisEngines,20 in scan arguments.More InformationBefore scanning an ASP.NET web application or web site, use ASP.NET Compilation Tool to make sure it is free of ASP.NET compilation errors. In PowerShell, navigate to %WINDIR%Microsoft.NETFrameworkv2.0.50727 (for ASP.NET web applications and web sites running on .NET Framework 2.0 - 3.5) or %WINDIR%Microsoft.NETFrameworkv4.0.30319 (for ASP.NET web applications or web sites running on .NET Framework 4.0 or newer). Enter the following command: # Replace <WebAppPath> with path to the web application $webAppPath = "<WebAppPath>" # Replace <PublishPath> with path to a temporary directory $publishPath = "<PublishPath>" .aspnet_compiler.exe -v / -p 'C:website-root' 'C:website-temp-root' -f Resolve any error during the publication process. Repeat the previous step until no error occurred. If the publication has completed successfully, the temporary directory specified in a previous step should contain the published website. Otherwise, it should be empty. When scanning the application normally, use the content of <WebAppPath> as the source code archive; when using direct binary analysis, use the content of <PublishPath> as the source code archive.To learn more about precompiling ASP.NET web applications or web sites, see the following articles on the Microsoft Learn website:Precompiling Your Website (C#) and Precompiling Your Website (VB)", "keywords": "avm, troubleshoot, build, dotnet, aspnet" } , "/en/avm/integrations/azure-classic-pipelines": { "id": "232046", "url": "/en/avm/integrations/azure-classic-pipelines", "title": "Use Lucent Sky AVM with Azure Classic Pipelines", "description": "", "date": "2026/02/10", "content" : "This article describes how to integrate Lucent Sky AVM with Azure Classic Pipelines. By integrating Lucent Sky AVM with an application's continuous integration pipelines, developers can ensure that only code changes meeting the security standards are committed or deployed.The Lucent Sky AVM CLI commands used in this article favor simplicity over scalability. For example, asynchronous methods such as BeginAnalyze might be more suitable than their synchronous counterparts when working with a large application. To learn about more advanced functionalities of the CLI, view the following article in the Lucent Sky Knowledge Base:Lucent Sky AVM CLI referenceIn this article, you will learn how to: Prepare Lucent Sky AVM CLI for use in Azure Classic Pipelines. Start a scan in Azure Classic Pipelines. Download and evaluate a scan report in Azure Classic Pipelines. Download the remediated source code and merge it to the repository.At the end, you will be use Lucent Sky AVM in Azure Pipelines to start a scan, download and evaluate reports, and work with remediated source code in Azure Pipelines.Prepare Lucent Sky AVM CLI for use in Azure PipelinesLucent Sky AVM CLI needs to be downloaded to the Azure Pipeline agent before it can be used. How the CLI is downloaded varies and depends on each organization's needs and requirements, and the CLI might already be present if using a self-hosted agent.To learn more about how to install Lucent Sky AVM CLI on different operating systems, view the following article in the Lucent Sky Knowledge Base:Administration guide to Lucent Sky AVM CLI Navigate to the Pipelines > Pipelines section of the Azure DevOps project and edit the pipeline with Azure Pipeline designer. Create a secret variable named ApiKey with the value of an API key to the Lucent Sky AVM server. In Azure Pipeline designer, navigate to the variables section and add a variable named InstanceFqdn with the FQDN or IP address of the Lucent Sky AVM instance and a variable named ApplicationId with the value of the project's application ID on the Lucent Sky AVM instance. In Azure Pipeline designer, navigate to the Tasks tab and locate an appropriate location to download the CLI, such as after the application build is completed. Add a PowerShell task to the pipeline to download the CLI setup file to $(Agent.ToolsDirectory)/clear-cli.zip and extract its content to $(Agent.ToolsDirectory)/clear-cli. Configure the task as follows: Display name: Download CLI Type: Inline Script: $platform = switch -Regex ($PSVersionTable.OS) { "Darwin" { "osx-x64" } "Linux" { "linux-x64" } default { "win-x64" } } Invoke-WebRequest -Uri "https://lsky.co/clearcli-$platform" -OutFile '$(Agent.ToolsDirectory)/clear-cli.zip' Expand-Archive -Path '$(Agent.ToolsDirectory)/clear-cli.zip' -DestinationPath '$(Agent.ToolsDirectory)/clear-cli' Remove-Item '$(Agent.ToolsDirectory)/clear-cli.zip' The URL https://lsky.co/clearcli-win-x64 points to the latest Lucent Sky AVM CLI for Windows. To pin the CLI to a specific version, append -version after the URL. For example, https://lsky.co/clearcli-win-x64-2512. Add a PowerShell task after the previous task to configure the CLI to use a remote Lucent Sky AVM instance. Configure the task as follows: Display name: Configure CLI Type: Inline Advanced > Working Directory: $(Agent.ToolsDirectory)/clear-cli Script: # Replace <InstanceFqdn> with the FQDN or IP address of the Lucent Sky AVM instance $InstanceFqdn = "<InstanceFqdn>" ./SkyAnalyzer.Interface.Cli--Interface config --Method set --Value "endpoint = $(InstanceFqdn):5759" Start a scan in Azure Pipelines In Azure Pipeline designer, navigate to the Tasks tab and locate an appropriate location to start the scan, such as after the build artifacts are available. Add a PowerShell task to generate a random scan ID. Configure the task as follows: Display name Generate scan ID Type: Inline Script: $scanId = New-Guid echo "##vso[task.setvariable variable=ScanId]$scanId" Add a PowerShell task after the previous task to create a scan under the application on Lucent Sky AVM server, and upload the build artifact for analysis. Configure the task as follows: Display name: Create and start scan Type: Inline Advanced > Working Directory: $(Agent.ToolsDirectory)/clear-cli Script ./SkyAnalyzer.Interface.Cli --Key $(ApiKey) --Interface Scan --Method Create --ApplicationId $(ApplicationId) --ScanId $(ScanId) ./SkyAnalyzer.Interface.Cli --Key $(ApiKey) --Interface Scan --Method Analyze --ScanId $(ScanId) --SourceCodePath '$(Build.SourcesDirectory)/target/ContosoWeb.war' Add a PowerShell task after the previous task to check the scan result code to determine if the scan was completed successfully. Configure the task as follows: Display name: Get scan result Type: Inline Advanced > Working Directory: $(Agent.ToolsDirectory)/clear-cli Script $scanResult = ./SkyAnalyzer.Interface.Cli --Key $(ApiKey) --Interface Scan --Method GetResult --ScanId $(ScanId) if ($scanResult -lt 0) { [Console]::Error.WriteLine("Scan failed ($scanResult)") } Download and evaluate a scan report in Azure Pipelines In Azure Pipeline designer, navigate to the Tasks tab and locate an appropriate location to evaluate the scan report, such as after the scan is completed. Add a PowerShell task to generate and download the XML report of the scan. Configure the task as follows: Display name: Download XML report Type: Inline Advanced > Working Directory: $(Agent.ToolsDirectory)/clear-cli Script ./SkyAnalyzer.Interface.Cli --Key $(ApiKey) --Interface Scan --Method Report --ScanId $(ScanId) --ReportPath "$(System.DefaultWorkingDirectory)/ScanResults/Xml-Report.zip" --ReportFormat xml Add an Extract files task after the previous task to extract the XML report. Configure the task as follows: Display name: Extract XML report Archive file patterns: $(System.DefaultWorkingDirectory)/ScanResults/Xml-Report.zip Destination folder: $(System.DefaultWorkingDirectory)/ScanResults Clean destination folder before extracting: false Add a PowerShell task after the previous task to query the XML report to evaluate if the scan has found any vulnerability with a priority score of 2 or higher. Configure the task as follows: Display name: Query XML report Type: Inline Advanced > Working Directory: $(Agent.ToolsDirectory)/clear-cli Script $resultCount = ./SkyAnalyzer.Interface.Cli --Interface Query --Method Execute --QueryDataSource "$(System.DefaultWorkingDirectory)/ScanResults/Report.xml" --QueryStatement "SELECT COUNT(ID) FROM Results WHERE PRIORITY <= 2" echo "##vso[task.setvariable variable=ResultCount]$resultCount" Add a PowerShell task after the previous task to publish the build artifact as a pipeline artifact named war if no vulnerability with a priority score of 2 or higher was found. Configure the task as follows: Display name: Query XML report Type: Inline Advanced > Working Directory: $(Agent.ToolsDirectory)/clear-cli Script $resultCount = ./SkyAnalyzer.Interface.Cli --Interface Query --Method Execute --QueryDataSource "$(System.DefaultWorkingDirectory)/ScanResults/Report.xml" --QueryStatement "SELECT COUNT(ID) FROM Results WHERE PRIORITY <= 2" echo "##vso[task.setvariable variable=ResultCount]$resultCount" Add a Publish Pipeline Artifacts task after the previous task to generate and download the HTML report when at least one vulnerability with a priority score of 2 or higher was found. Configure the task as follows: Display name: Publish build artifact pipeline artifact File or directory path: $(Build.SourcesDirectory)/target/ContosoWeb.war Artifact: war Artifact publish location: Azure Pipelines Control Options > Run this task: Custom conditions Control Options > Custom condition: eq(variables['ResultCount'], '0'). Add a PowerShell task after the previous task to generate and download the HTML report when at least one vulnerability with a priority score of 2 or higher was found. Configure the task as follows: Display name: Download HTML report Type: Inline Advanced > Working Directory: $(Agent.ToolsDirectory)/clear-cli Control Options > Run this task: Custom conditions Control Options > Custom condition: ne(variables['ResultCount'], '0'). Script: ./SkyAnalyzer.Interface.Cli --Key $(ApiKey) --Interface Scan --Method Report --ScanId $(ScanId) --ReportPath "$(System.DefaultWorkingDirectory)/ScanResults/Html-Report.zip" --ReportFormat html Add an Extract files task after the previous task. Configure the task as follows: Display name: Extract HTML report Archive file patterns $(System.DefaultWorkingDirectory)/ScanResults/Html-Report.zip Destination folder $(System.DefaultWorkingDirectory)/ScanResults Clean destination folder before extracting: false Control Options > Run this task: Custom conditions Control Options > Custom condition: ne(variables['ResultCount'], '0') Add a Publish Pipeline Artifacts task after the previous task to publish the HTML report as a pipeline artifact named report when at least one vulnerability with a priority score of 2 or higher was found. Configure the task as follows: Display name: Publish HTML report as pipeline artifact File or directory path: $(System.DefaultWorkingDirectory)/ScanResults/Report.html Artifact name: report Artifact publish location: Azure Pipelines Control Options > Run this task: Custom conditions Control Options > Custom condition: ne(variables['ResultCount'], '0') Download the remediated source code and merge it back to the repository In Azure Pipeline designer, navigate to the Tasks tab and locate an appropriate location to work with the remediated source code, such as after the pipeline failed security policy evaluation. Add a PowerShell task to the pipeline to generate and download the remediated source code when at least one vulnerability with a priority score of 2 or higher was found. Configure the task as follows: Display name: Download remediated source code Type: Inline Advanced > Working Directory: $(Agent.ToolsDirectory)/clear-cli Control Options > Run this task: Custom conditions Control Options > Custom condition: ne(variables['ResultCount'], '0'). Script: ./SkyAnalyzer.Interface.Cli --Key $(ApiKey) --Interface Scan --Method Remediate --ScanId $(ScanId) --RemediatedSourceCodePath "$(System.DefaultWorkingDirectory)/ScanResults/RemediatedSource.zip" --RemediationOption 0 Add an Extract files task after the previous task to extract the remediated source code over the original source code when at least one vulnerability with a priority score of 2 or higher was found. Configure the task as follows: Display name: Extract remediated source code Archive file patterns $(System.DefaultWorkingDirectory)/ScanResults/RemediatedSource.zip Destination folder $(Build.SourcesDirectory) Clean destination folder before extracting: false Control Options > Run this task: Custom conditions Control Options > Custom condition: ne(variables['ResultCount'], '0') Add the necessary tasks to merge the remediated source code into the repository when at least one vulnerability with a priority score of 2 or higher was found. Add a PowerShell task to the pipeline to fail the pipeline when at least one vulnerability with a priority score of 2 or higher was found. Configure the task as follows: Display name: Fail pipeline Type: Inline Advanced > Fail on Standard Error: true Control Options > Run this task: Custom conditions Control Options > Custom condition: ne(variables['ResultCount'], '0'). Script: [Console]::Error.WriteLine('This build did not pass the scan criteria.') ", "keywords": "avm, integration, azure, devops, continuousintegration, ci" } , "/en/avm/integrations/azure-monitor": { "id": "242984", "url": "/en/avm/integrations/azure-monitor", "title": "Link applications between Lucent Sky AVM and Azure Monitor", "description": "", "date": "2024/1/24", "content" : "This article describes how to link applications in Lucent Sky AVM to their counterparts in Azure Monitor. After the project is linked to an application, you can navigate to your Azure Monitor dashboard for the project directly from Lucent Sky AVM Web UI.In this article, you will learn how to: Link an application in Lucent Sky AVM to its counterpart in Azure Monitor.At the end, you will be able to link an application on Lucent Sky AVM to its counterpart in Azure Monitor.Link an application on Lucent Sky AVM application in Azure Monitor On portal.azure.com, log into your Azure account. Select the Application Insights resource you want to link with a Lucent Sky AVM project. The path of the URL (the part after https://portal.azure.com/) is the resource path. For example, if the Application Insights URL to the application is https://portal.azure.com/#@contoso.com/resource/subscriptions/6ef2a9b6-e680-445d-9cbc-b32fa7b127d5/resourceGroups/Contoso-Web/providers/microsoft.insights/components/web-contoso-com, then the resource path is #@contoso.com/resource/subscriptions/6ef2a9b6-e680-445d-9cbc-b32fa7b127d5/resourceGroups/Contoso-Web/providers/microsoft.insights/components/web-contoso-com. On Lucent Sky AVM Web UI, go to the application list. Hover over the application to link, and select the APM icon. In the edit application dialog, enter Azure in APM Provider and resource path in APM Resource Path, and the select Save.", "keywords": "avm, integration, azure, azuremonitor, applicationinsights" } , "/en/avm/integrations/azure-pipelines": { "id": "214042", "url": "/en/avm/integrations/azure-pipelines", "title": "Use Lucent Sky AVM with Azure Pipelines", "description": "", "date": "2026/02/10", "content" : "This article describes how to integrate Lucent Sky AVM with Azure Pipelines. By integrating Lucent Sky AVM with an application's continuous integration pipelines, developers can ensure that only code changes meeting the security standards are committed or deployed.The Lucent Sky AVM CLI commands used in this article favor simplicity over scalability. For example, asynchronous methods such as BeginAnalyze might be more suitable than their synchronous counterparts when working with a large application. To learn about more advanced functionalities of the CLI, view the following article in the Lucent Sky Knowledge Base:Lucent Sky AVM CLI referenceIn this article, you will learn how to: Prepare Lucent Sky AVM CLI for use in Azure Pipelines. Start a scan in Azure Pipelines. Download and evaluate a scan report in Azure Pipelines. Download the remediated source code and create a pull request in Azure Pipelines.At the end, you will be use Lucent Sky AVM in Azure Pipelines to start a scan, download and evaluate reports, and work with remediated source code in Azure Pipelines.Prepare Lucent Sky AVM CLI for use in Azure PipelinesLucent Sky AVM CLI needs to be downloaded to the Azure Pipeline agent before it can be used. How the CLI is downloaded varies and depends on each organization's needs and requirements, and the CLI might already be present if using a self-hosted agent.To learn more about how to install Lucent Sky AVM CLI on different operating systems, view the following article in the Lucent Sky Knowledge Base:Administration guide to Lucent Sky AVM CLI Navigate to the Pipelines > Pipelines section of the Azure DevOps project and edit the pipeline with Azure Pipeline designer. Create a secret variable named ApiKey with the value of an API key to the Lucent Sky AVM server. Open the .yml file of the Azure Pipeline. Locate the variables section and add the following variables: variables: - name: InstanceFqdn # Replace <InstanceFqdn> with the FQDN or IP address of the Lucent Sky AVM instance value: <InstanceFqdn> - name: ApplicationId # Replace <ApplicationId> with the value of the project's application ID on the Lucent Sky AVM instance value: <ApplicationId> In the .yml file, locate an appropriate location to download the CLI, such as after the application build is completed. Insert the following code to the .yml file, which downloads the CLI setup file to $(Agent.ToolsDirectory)/clear-cli.zip and extracts its content to $(Agent.ToolsDirectory)/clear-cli. - task: PowerShell@2 displayName: Download CLI inputs: targetType: 'inline' script: | $platform = switch -Regex ($PSVersionTable.OS) { "Darwin" { "osx-x64" } "Linux" { "linux-x64" } default { "win-x64" } } Invoke-WebRequest -Uri "https://lsky.co/clearcli-$platform" -OutFile '$(Agent.ToolsDirectory)/clear-cli.zip' Expand-Archive -Path '$(Agent.ToolsDirectory)/clear-cli.zip' -DestinationPath '$(Agent.ToolsDirectory)/clear-cli' Remove-Item '$(Agent.ToolsDirectory)/clear-cli.zip' The URL https://lsky.co/clearcli-win-x64 points to the latest Lucent Sky AVM CLI for Windows. To pin the CLI to a specific version, append -version after the URL. For example, https://lsky.co/clearcli-win-x64-2512. Insert the following code to the .yml file, which configures the CLI to use a remote Lucent Sky AVM instance. - task: PowerShell@2 displayName: Configure CLI inputs: targetType: 'inline' workingDirectory: '$(Agent.ToolsDirectory)/clear-cli' script: | # Replace <InstanceFqdn> with the FQDN or IP address of the Lucent Sky AVM instance $InstanceFqdn = "<InstanceFqdn>" ./SkyAnalyzer.Interface.Cli --Interface config --Method set --Value "endpoint = $(InstanceFqdn):5759" Start a scan in Azure Pipelines Open the .yml file of the Azure Pipeline, and locate an appropriate location to start the scan, such as after the build artifacts are available. Insert the following code to the .yml file, which generates a random scan ID. - task: PowerShell@2 displayName: Generate scan ID inputs: targetType: 'inline' script: | $scanId = New-Guid Write-Host "##vso[task.setvariable variable=ScanId]$scanId" Insert the following code to the .yml file, which creates a scan under the application on Lucent Sky AVM server, and uploads the build artifact for analysis. - task: PowerShell@2 displayName: Create and start scan inputs: targetType: 'inline' workingDirectory: '$(Agent.ToolsDirectory)/clear-cli' script: | ./SkyAnalyzer.Interface.Cli --Key $(ApiKey) --Interface Scan --Method Create --ApplicationId $(ApplicationId) --ScanId $(ScanId) ./SkyAnalyzer.Interface.Cli --Key $(ApiKey) --Interface Scan --Method Analyze --ScanId $(ScanId) --SourceCodePath '$(Build.SourcesDirectory)/target/ContosoWeb.war' Insert the following code to the .yml file, which checks the scan result code to determine if the scan was completed successfully. - task: PowerShell@2 displayName: Get scan result inputs: targetType: 'inline' workingDirectory: '$(Agent.ToolsDirectory)/clear-cli' script: | $scanResult = ./SkyAnalyzer.Interface.Cli --Key $(ApiKey) --Interface Scan --Method GetResult --ScanId $(ScanId) if ($scanResult -lt 0) { [Console]::Error.WriteLine("Scan failed ($scanResult)") } Download and evaluate a scan report in Azure Pipelines Open the .yml file of the Azure Pipeline, and locate an appropriate location to evaluate the scan report, such as after the scan is completed. Insert the following code to the .yml file, which generates and downloads the XML report of the scan. - task: PowerShell@2 displayName: Download XML report inputs: targetType: 'inline' workingDirectory: '$(System.DefaultWorkingDirectory)/tools/clear-cli' script: | ./SkyAnalyzer.Interface.Cli --Key $(ApiKey) --Interface Scan --Method Report --ScanId $(ScanId) --ReportPath "$(System.DefaultWorkingDirectory)/ScanResults/Xml-Report.zip" --ReportFormat xml Insert the following code to the .yml file, which extracts the XML report. - task: ExtractFiles@1 displayName: Extract XML report inputs: archiveFilePatterns: '$(System.DefaultWorkingDirectory)/ScanResults/Xml-Report.zip' destinationFolder: '$(System.DefaultWorkingDirectory)/ScanResults' cleanDestinationFolder: false Insert the following code to the .yml file, which queries the XML report to evaluate if the scan has found any vulnerability with a priority score of 2 or higher. - task: PowerShell@2 displayName: Query XML report inputs: targetType: 'inline' workingDirectory: '$(Agent.ToolsDirectory)/clear-cli' script: | $resultCount = ./SkyAnalyzer.Interface.Cli --Interface Query --Method Execute --QueryDataSource "$(System.DefaultWorkingDirectory)/ScanResults/Report.xml" --QueryStatement "SELECT COUNT(ID) FROM Results WHERE PRIORITY <= 2" echo "##vso[task.setvariable variable=ResultCount]$resultCount" Insert the following code to the .yml file, which publishes the build artifact as a pipeline artifact named war if no vulnerability with a priority score of 2 or higher was found. - task: PublishPipelineArtifact@1 displayName: Publish build artifact pipeline artifact condition: eq(variables['ResultCount'], '0') inputs: targetPath: '$(Build.SourcesDirectory)/target/ContosoWeb.war' artifact: 'war' publishLocation: 'pipeline' Insert the following code to the .yml file, which generates and downloads the HTML report when at least one vulnerability with a priority score of 2 or higher was found. - task: PowerShell@2 displayName: Download HTML report condition: ne(variables['ResultCount'], '0') inputs: targetType: 'inline' workingDirectory: '$(Agent.ToolsDirectory)/clear-cli' script: | ./SkyAnalyzer.Interface.Cli --Key $(ApiKey) --Interface Scan --Method Report --ScanId $(ScanId) --ReportPath "$(System.DefaultWorkingDirectory)/ScanResults/Html-Report.zip" --ReportFormat html Insert the following code to the .yml file, which extracts the HTML report when at least one vulnerability with a priority score of 2 or higher was found. - task: ExtractFiles@1 displayName: Extract HTML report condition: ne(variables['ResultCount'], '0') inputs: archiveFilePatterns: '$(System.DefaultWorkingDirectory)/ScanResults/Html-Report.zip' destinationFolder: '$(System.DefaultWorkingDirectory)/ScanResults' cleanDestinationFolder: false Insert the following code to the .yml file, which publishes the HTML report as a pipeline artifact named report when at least one vulnerability with a priority score of 2 or higher was found. - task: PublishPipelineArtifact@1 displayName: Publish HTML report as pipeline artifact condition: ne(variables['ResultCount'], '0') inputs: targetPath: '$(System.DefaultWorkingDirectory)/ScanResults/Report.html' artifact: 'report' publishLocation: 'pipeline' Download the remediated source code and create a pull request in Azure Pipelines Open the .yml file of the Azure Pipeline, and locate an appropriate location to work with the remediated source code, such as after the pipeline failed security policy evaluation. Insert the following code to the .yml file, which configures Git on the Azure Pipelines agent and creates a branch for the remediated source code when at least one vulnerability with a priority score of 2 or higher was found.. - task: PowerShell@2 displayName: Configure Git condition: ne(variables['ResultCount'], '0') inputs: targetType: 'inline' workingDirectory: '$(Build.SourcesDirectory)' script: | # Replace <UserEmail> with the user email to use for Git $UserEmail = "<UserEmail>" # Replace <UserName> with the user name to use for Git $UserName = "<UserName>" git config --global user.email "$UserEmail" git config --global user.name "$UserName" git checkout -b scan-$(ScanId) Insert the following code to the .yml file, which generates and downloads the remediated source code when at least one vulnerability with a priority score of 2 or higher was found. - task: PowerShell@2 displayName: Download remediated source code condition: ne(variables['ResultCount'], '0') inputs: targetType: 'inline' workingDirectory: '$(Agent.ToolsDirectory)/clear-cli' script: | ./SkyAnalyzer.Interface.Cli --Key $(ApiKey) --Interface Scan --Method Remediate --ScanId $(ScanId) --RemediatedSourceCodePath "$(System.DefaultWorkingDirectory)/ScanResults/RemediatedSource.zip" --RemediationOption 0 Insert the following code to the .yml file, which extracts the remediated source code over the original source code when at least one vulnerability with a priority score of 2 or higher was found. - task: ExtractFiles@1 displayName: Extract remediated source code condition: ne(variables['ResultCount'], '0') inputs: archiveFilePatterns: '$(System.DefaultWorkingDirectory)/ScanResults/RemediatedSource.zip' destinationFolder: '$(Build.SourcesDirectory)' cleanDestinationFolder: false Insert the following code to the .yml file, which commits the remediated source code to a branch when at least one vulnerability with a priority score of 2 or higher was found. - task: PowerShell@2 displayName: Commit and push remediated source code condition: ne(variables['ResultCount'], '0') inputs: targetType: 'inline' workingDirectory: '$(Build.SourcesDirectory)' script: | # Replace <AplPath> with Application Protection Library files suitable for the framework of the project AplPath="<AplPath>" git add **/$AplPath git commit -m "Instant Fixes from scan $(ScanId)" git push -u origin scan-$(ScanId) Insert the following code to the .yml file, which fails the pipeline when at least one vulnerability with a priority score of 2 or higher was found. - task: PowerShell@2 displayName: Fail pipeline condition: ne(variables['ResultCount'], '0') inputs: targetType: 'inline' script: | [Console]::Error.WriteLine('This build did not pass the scan criteria.') failOnStderr: true Navigate to the Repos > Pull requests section of the Azure DevOps project, and create a pull request from the branch containing the remediated source code. ", "keywords": "avm, integration, azure, devops, continuousintegration, ci" } , "/en/avm/how-to/backup-and-restore": { "id": "228579", "url": "/en/avm/how-to/backup-and-restore", "title": "Backup and restore a Lucent Sky AVM instance or cluster", "description": "", "date": "2026/02/13", "content" : "A Lucent Sky AVM instance can be backed up and restored along with the operating system. The configuration and data of a Lucent Sky AVM instance or cluster can also be backed up and restored separately from the operating system.This article describes how to backup a Lucent Sky AVM instance or cluster and restore them at a later time.In this article, you will learn how to: Backup a Lucent Sky AVM instance along with the operating system. Restore a Lucent Sky AVM instance along with the operating system. Backup the configuration and data of a Lucent Sky AVM cluster. Restore the configuration and data of a Lucent Sky AVM cluster.At the end, you will be able to back up and restore a Lucent Sky AVM instance or cluster.Backup a Lucent Sky AVM instance along with the operating systemWindows Server Backup can be used to backup a Lucent Sky AVM instance along with the operating system. Open PowerShell as administrator and enter the following command to install and start Windows Server Backup: Install-WindowsFeature Windows-Server-Backup wbadmin.msc Select Local Backup in the Console Tree. On the Action menu, select Backup Once. On the Backup Options page, select Different options, and then select Next. On the Select backup configuration page, select Full server (recommended), and then select Next. On the Specify Destination Type page, select the type of backup location, and then select Next. On the Select Backup Destination page, select the backup location, and then select Next. On the Confirmation page, select Backup. Once the backup has completed, select Close. For Lucent Sky AVM cluster, repeat the steps above on each node of the cluster.If the Lucent Sky AVM instance is running on a virtual machine, you may be able to export the virtual machine with the following methods: For Microsoft Hyper-V, view the following article on the Microsoft Learn website:Export and Import virtual machines For VMware, view the following article on the VMware Docs website:Deploying OVF and OVA Templates Using the methods above might not be supported scenarios.Restore a Lucent Sky AVM instance along with the operating systemWindows Server Backup can be used to restore a Lucent Sky AVM instance along with the operating system. Start the installation of the Windows Server operating system that is the same version as the backup. Select the installation language, and then select Next. Select Repair your computer, and the follow the on-screen prompts to recover from the backup. For Lucent Sky AVM cluster, repeat the steps above on each node of the cluster.Backup the configuration and data of a Lucent Sky AVM clusterThe backup process is the same for a cluster with a single node (a standalone instance) or a cluster with multiple nodes. On each node of the Lucent Sky AVM cluster, open PowerShell as administrator and enter the following command to to stop the CLEAR Engine service and backup the instance configuration files to the backup location: # Replace <BackupDirectory> with path to the directory to store the backup files $backupDirectory = "<BackupDirectory>" Stop-Service "CLEAR Engine" Copy-Item -Path "C:Program FilesLucent SkyCLEAR EngineSkyAnalyzer.config" -Destination "$backupDirectorySkyAnalyzer.config" Copy-Item -Path "C:Program FilesLucent SkyCLEAR EngineSkyAnalyzer.Engine.exe.config" -Destination "$backupDirectorySkyAnalyzer.Engine.exe.config" On the server containing the storage of the cluster, open PowerShell as administrator, and then enter the following command to backup the content of the cluster storage to the backup location: # Replace <BackupDirectory> with path to the directory to store the backup files $backupDirectory = "<BackupDirectory>" # Replace C:ProgramDataLucent SkyCLEAR Engine if using a custom file system storage location $fileSystemStorage = "C:ProgramDataLucent SkyCLEAR Engine" Copy-Item -Path "$fileSystemStorage" -Destination "$backupDirectoryFileSystemStorage" -Recurse To learn more about locating the file system storage location, view the following article in the Lucent Sky Knowledge Base: Install Lucent Sky AVM license On the server containing the database of the cluster, open PowerShell as administrator, and then enter the following command to backup the Lucent Sky AVM database: # Replace <BackupDirectory> with path to the directory to store the backup files $backupDirectory = "<BackupDirectory>" # Replace .SQLEXPRESS if using a custom SQL Server instance $sqlInstance = ".SQLEXPRESS" sqlcmd -S $sqlInstance -Q "BACKUP DATABASE SkyAnalyzer TO DISK = '$backupDirectoryDatabase.bak'" The SQL Server service account (such as NT ServiceMSSQLSERVER) must have the Write permission to the backup directory. To learn more about creating a backup for a SQL Server database, view the following article on the Microsoft Learn website: Quickstart: Backup and restore a SQL Server database on-premises Optionally, on each node of the Lucent Sky AVM cluster, open PowerShell as administrator and enter the following command to start the CLEAR Engine service: Start-Service "CLEAR Engine" Restore the configuration and data of a Lucent Sky AVM clusterThe restore process is the same for a cluster with a single node (a standalone instance) or a cluster with multiple nodes. The restore process will delete existing configuration and data of the cluster. On each node of the Lucent Sky AVM cluster, open PowerShell as administrator and enter the following command to to stop the CLEAR Engine service and restore the instance configuration files from the backup location: # Replace <BackupDirectory> with path to the directory to store the backup files $backupDirectory = "<BackupDirectory>" Stop-Service "CLEAR Engine" Copy-Item -Path "$backupDirectorySkyAnalyzer.config" -Destination "C:Program FilesLucent SkyCLEAR EngineSkyAnalyzer.config" Copy-Item -Path "$backupDirectorySkyAnalyzer.Engine.exe.config" -Destination "C:Program FilesLucent SkyCLEAR EngineSkyAnalyzer.Engine.exe.config" On the server containing the storage of the cluster, open PowerShell as administrator, and then enter the following command to restore the content of the cluster storage from the backup location: # Replace <BackupDirectory> with path to the directory to store the backup files $backupDirectory = "<BackupDirectory>" # Replace C:ProgramDataLucent SkyCLEAR Engine if using a custom file system storage location $fileSystemStorage = "C:ProgramDataLucent SkyCLEAR Engine" Remove-Item "$fileSystemStorage*" -Recurse -Force Copy-Item -Path "$backupDirectoryFileSystemStorage*" -Destination "$fileSystemStorage" -Recurse -Force To learn more about locating the file system storage location, view the following article in the Lucent Sky Knowledge Base: Install Lucent Sky AVM license On the server containing the database of the cluster, open PowerShell as administrator, and then enter the following command to restore the Lucent Sky AVM database: # Replace <BackupDirectory> with path to the directory to store the backup files $backupDirectory = "<BackupDirectory>" # Replace .SQLEXPRESS if using a custom SQL Server instance $sqlInstance = ".SQLEXPRESS" sqlcmd -S $sqlInstance -Q "DROP DATABASE SkyAnalyzer" sqlcmd -S $sqlInstance -Q "RESTORE DATABASE SkyAnalyzer FROM DISK = '$backupDirectoryDatabase.bak'" The SQL Server service account (such as NT ServiceMSSQLSERVER) must have the Read permission to the backup location. To learn more about restoring a backup for a SQL Server database, view the following article on the Microsoft Learn website: Quickstart: Backup and restore a SQL Server database on-premises On each node of the Lucent Sky AVM cluster, open PowerShell as administrator and enter the following command to to start the CLEAR Engine service: Start-Service "CLEAR Engine" ", "keywords": "avm, howto, administration, backup" } , "/en/avm/how-to/change-password-requirements": { "id": "222031", "url": "/en/avm/how-to/change-password-requirements", "title": "Change password requirements for user accounts", "description": "", "date": "2024/12/2", "content" : "This article describes how to change password requirements for user accounts.In this article, you will learn how to: Change password requirements for user accounts.At the end, you will be able to change password requirements for user accounts.Change password requirements for user accounts Open PowerShell as administrator and enter the following command to open the Web UI configuration file with the default text editor: "C:Program FilesLucent SkyCLEAR EngineSkyAnalyzer.Engine.exe.config" | Invoke-Item Locate the SqlMembershipProvider element in the system.webmembership section. Modify the attributes of the SqlMembershipProvider element to change password requirements: maxInvalidPasswordAttempts: the number of failed sign-in attempts before the account is locked. Default is 5. minRequiredPasswordLength: the minimum length of password. Default is 8. passwordAttemptWindow: the duration (in minutes) of account lock due to failed sign-in attempts. Default is 30. The following attributes are also available. However, modifying them is not recommended as it may lower the strength of the authenticators. minRequiredNonalphanumericCharacters: the number of non-alphanumeric characters (symbols) required in password. Default is 0. passwordStrengthRegularExpression: the regular expression used to validate the password strength. Default is empty. In PowerShell, enter the following command to restart CLEAR Engine: Stop-Service "CLEAR Engine"; Start-Service "CLEAR Engine" For Lucent Sky AVM cluster, repeat the steps above on each node of the cluster.", "keywords": "avm, howto, administration" } , "/en/avm/how-to/change-serial-number": { "id": "203582", "url": "/en/avm/how-to/change-serial-number", "title": "Change the serial number of a Lucent Sky AVM instance", "description": "", "date": "2022/05/05", "content" : "This article describes how to change the serial number of a Lucent Sky AVM instance.In this article, you will learn how to: Change the serial number of a Lucent Sky AVM instance.At the end, you will be able to change the serial number of a Lucent Sky AVM instance.Change the serial number of a Lucent Sky AVM instance Open PowerShell as administrator and enter the following command to open the instance configuration file with the default text editor: "C:Program FilesLucent SkyCLEAR EngineSkyAnalyzer.config" | Invoke-Item Locate the SerialNumber key and change its value to the new serial number. Use the Web UI or CLI to activate the product key associated with the new serial number. To learn more about how to activate a product key, view the following article in the Lucent Sky Knowledge Base: Install Lucent Sky AVM license Open PowerShell as administrator, enter Stop-Service "CLEAR Engine"; Start-Service "CLEAR Engine" to restart CLEAR Engine.", "keywords": "avm, howto, administration, licensing" } , "/en/avm/admin-guides/clear-engine-and-web-ui": { "id": "306011", "url": "/en/avm/admin-guides/clear-engine-and-web-ui", "title": "Administration guide to CLEAR Engine and Web UI", "description": "", "date": "2025/08/10", "content" : "A Lucent Sky AVM instance has two major components: CLEAR Engine and Web UI. By default, they are installed on the same computer, but can also be installed on different computers as well. This guide covers the installation, configuration, administration, and removal of CLEAR Engine and Web UI.In this article Plan a CLEAR Engine installation Install CLEAR Engine and the Web UI as a standalone instance Install CLEAR Engine and the Web UI as the first node of a new cluster Install CLEAR Engine and the Web UI as a node in an existing cluster Configure Internet Information Services (IIS) for Web UI Install Lucent Sky AVM license Perform optional tasks Backup and restore CLEAR Engine settings and data Upgrade CLEAR Engine and the Web UI Uninstall CLEAR Engine and the Web UIPlan a CLEAR Engine installationPrerequisites Windows Communication Foundation (WCF) - CLEAR Engine communicate with its interfaces through WCF, using bindings including named pipes, TCP, and optionally other WCF channels. Windows Server - CLEAR Engine runs as a Windows Service and Web UI runs on Internet Information Services (IIS). You might need to change settings of Windows Firewall to allow communications between CLEAR Engine and its interfaces.System RequirementsProcessor, memory, and hard disk space requirements: Processor: two 1.6 GHz x64 processors Memory: 4 GB Hard disk space: 40 GBCLEAR Engine can be installed on the following operating systems: Windows Server 2025 Windows Server 2022 Windows Server 2019 Windows Server 2016CLEAR Engine might also work with Windows Server versions that have reached end of support, such as Windows Server 2012 R2^.The following components are required: .NET Framework: .NET Framework 4.8. .NET Runtime: .NET 8.0 Runtime. Lucent Sky AVM setup includes the required .NET Runtime and will install it automatically if the required .NET Runtime is not present on the system. Database: SQL Server 2014 or later. Lucent Sky AVM setup includes SQL Server 2022 Express and can install it as part of the setup process. Network software: Supported operating systems for CLEAR Engine have built-in network software. CLEAR Engine supports the following network protocols: named pipe and TCP/IP. Windows features: Desktop Experience: This feature can be installed by running the following PowerShell command as administrator: Install-WindowsFeature Desktop-Experience Internet Information Services: This feature and its subfeatures are installed automatically as part of the setup process. They can also be installed by running the following PowerShell command as administrator: Install-WindowsFeature -Name Web-Server, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Health, Web-Http-Logging, Web-Performance, Web-Stat-Compression, Web-Dyn-Compression, Web-Security, Web-Filtering, Web-App-Dev, Web-Net-Ext, Web-Net-Ext45, Web-Asp-Net, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Tools, Web-Mgmt-Console Additional considerations: Database: SQL Server Express has scale limits on database size, compute capacity, and memory capacity. It is recommended to use SQL Server Enterprise or SQL Server Standard for scaled deployments. Database: When using an existing SQL Server in Windows Authentication mode as CLEAR Engine database, the computer account ('NT AUTHORITYSYSTEM') of the computer running the CLEAR Engine instance must have a login on the SQL Server. If the computer is a standalone instance or a first node in a cluster, the login must have permissions to create databases; if the computer is a node in an existing cluster, the login must have the 'db_owner' role to the 'SkyAnalyzer' database. File system: When using a mapped network share as CLEAR Engine file storage, the computer account ('NT AUTHORITYSYSTEM') of the computer running the CLEAR Engine instance must have Full Control permissions to the storage location and the network share, and the Network Service account ('NT AUTHORITYNETWORK SERVICE') must have Read and Write permissions to the storage location. JDK and JRE: CLEAR Engine comes with its own JDK. It is recommended to install CLEAR Engine on a computer without any JDK or JRE installed. Virtualization: CLEAR Engine can be installed on virtual machines running a supported operating system, provided running the operating system system on the virtualization software is supported by the vendor of the operating system.Install CLEAR Engine and Web UI as a standalone instance Sign on with a local or domain administrator account. It is recommended to use the built-in local Administrator account for the installation process. Extract and execute the self-extracting file (CLEAR_x64.exe) in the CLEAR Engine setup package. It will create a CLEAR_x64 directory. Navigate to the CLEAR_x64 directory, select and hold (or right-click) Setup.bat, and select Run as administrator to launch the setup program: Welcome – Select Next. License – Review the end-user licensing agreement (EULA). If you accept the EULA, select Agree. Otherwise, select Decline to exit the setup program. Prerequisites – Select Validate Windows Features to validate the required Windows features have been installed. The validation process will also install missing features if Internet access is available. Once the validation completes, select Next. Cluster - Select A Standalone Instance, then select Next. Setup Instance - In Serial Number, enter the serial number of this instance. Then, select Next. Database – If you want to install and setup a new SQL Server Express instance for CLEAR Engine, select Install SQL Server. If you want to setup an existing SQL Server instance for CLEAR Engine, select Use Existing SQL Server. Install SQL Server – Select Launch SQL Server Setup to launch the setup program of SQL Server Express. Follow the setup program to install SQL Server Express, and the setup parameters have been preconfigured so you should be able to accept the default configurations. When the installation is completed, go back to Lucent Sky AVM server setup, and then select Next. Use Existing SQL Server – Enter the FQDN, IP address, or the computer name, and instance name in SQL Server (for example, sqlserver.contoso.comMSSQLSERVER, where sqlserver.contoso.com is the FQDN of the SQL Server, and MSSQLSERVER is the instance name), select the authentication mode, as well as username and password if necessary, and then select Next. CLEAR Engine – The path button indicates the default storage location. To choose a different storage location, select the path button and select the desired location. Then, select Next. The setup program may become unresponsive for several minutes during this process. Web UI – To install Web UI on the same computer, enter the FQDN or IP (computer name such as ClearServer is not supported) of the Web UI in Web UI FQDN or IP address, then select Next. To install Web UI on another computer or to skip its installation, select Skip. Complete – CLEAR Engine and Web UI setup has completed. Install CLEAR Engine and Web UI as the first node of a new cluster Sign in with a local or domain administrator account. It is recommended to use the built-in local Administrator account for the installation process. Extract and execute the self-extracting file (CLEAR_x64.exe) in the CLEAR Engine setup package. It will create a CLEAR_x64 directory. Navigate to the CLEAR_x64 directory, select and hold (or right-click) Setup.bat, and select Run as administrator to launch the setup program: Welcome – Select Next. License – Review the end-user licensing agreement (EULA). If you accept the EULA, select Agree. Otherwise, select Decline to exit the setup program. Prerequisites – Select Validate Windows Features to validate the required Windows features have been installed. The validation process will also install missing features if Internet access is available. Once the validation completes, select Next. Cluster – Select Create a New Cluster, then select Next. Setup Instance and Cluster - In Serial Number, enter the serial number of this instance. A new cluster key will be shown in the Cluster Key field. Write down this key as it is required to join other instances to this cluster. Then, select Next. Database – If you want to install and setup a new SQL Server Express instance for CLEAR Engine, select Install SQL Server. If you want to setup an existing SQL Server instance for CLEAR Engine, select Use Existing SQL Server. Install SQL Server – Select Launch SQL Server Setup to launch the setup program of SQL Server Express. Follow the setup program to install SQL Server Express, and the setup parameters have been preconfigured so you should be able to accept the default configurations. When the installation is completed, go back to Lucent Sky AVM server setup, and then select Next. Setup SQL Server – Enter the FQDN, IP address, or the computer name, and instance name in SQL Server (for example, sqlserver.contoso.comMSSQLSERVER, where sqlserver.contoso.com is the FQDN of the SQL Server, and MSSQLSERVER is the instance name), select the authentication mode, as well as username and password if necessary, and then select Next. CLEAR Engine – The path button indicates the default storage location. To choose a different storage location, select the path button and select the desired location. Leave the cluster key as it is. Then, select Next. The setup program may become unresponsive for several minutes during this process. Web UI – To install Web UI on the same computer, enter the FQDN or IP (computer name such as ClearServer is not supported) of the Web UI in Web UI FQDN or IP address, then select Next. To install Web UI on another computer or to skip its installation, select Skip. Complete – CLEAR Engine and Web UI setup has completed. Install CLEAR Engine and the Web UI as a node in an existing cluster Sign on with a local or domain administrator account. It is recommended to use the built-in local Administrator account for the installation process. Extract and execute the self-extracting file (CLEAR_x64.exe) in the CLEAR Engine setup package. It will create a CLEAR_x64 directory. Navigate to the CLEAR_x64 directory, select and hold (or right-click) Setup.bat, and select Run as administrator to launch the setup program: Welcome – Select Next. License – Review the end-user licensing agreement (EULA). If you accept the EULA, select Agree. Otherwise, select Decline to exit the setup program. Prerequisites – Select Validate Windows Features to validate the required Windows features have been installed. The validation process will also install missing features if Internet access is available. Once the validation completes, select Next. Cluster - Select Join an Existing Cluster, then select Next. Setup Instance and Cluster - In Serial Number, enter the serial number of this instance. In Cluster Key, enter the cluster key of the cluster this instance will join. Then, select Next. Database – Enter the FQDN, IP address, or the computer name, and instance name in SQL Server (for example, sqlserver.contoso.comMSSQLSERVER, where sqlserver.contoso.com is the FQDN of the SQL Server, and MSSQLSERVER is the instance name), select the authentication mode, as well as username and password if necessary, and then select Next. CLEAR Engine – The path button indicates he default storage location. To choose a different storage location, select the path button and select the desired location. Verify the cluster key is correct. To change the cluster key, select the cluster key button. Then select Next. The setup program may become unresponsive for several minutes during this process. Web UI – To install Web UI on the same computer, enter the FQDN or IP (computer name such as ClearServer is not supported) of the Web UI in Web UI FQDN or IP address, then select Next. To install Web UI on another computer or to skip its installation, select Skip. Complete – CLEAR Engine and Web UI setup has completed. Configure Internet Information Services (IIS) for Web UI Open Internet Information Services (IIS) Manager. In the Connections pane, select the computer that has Web UI installed. In Features View, select Server Certificates. For the SSL binding of Web UI, you can choose to use a self-signed certificate, to import an existing certificate, or to create a certificate request. Creating a self-signed certificate – In the Actions pane, select Create Self-Signed Certificate…. In the Create Self-Signed Certificate dialog, enter a friendly name for the certificate, for example, Lucent Sky AVM Web UI. Importing an existing certificate – In the Actions pane, select Import… and follow the on-screen instructions. Creating a certificate request – In the Actions pane, select Create Certificate Request… and follow the on-screen instructions. Under Connections, expand the computer that has Web UI installed, expand Sites, select and hold (or right-click) CLEAR Web, and then select Edit Bindings… In the Site Bindings dialog, select Add… In the Add Site Binding dialog, select https in the Type drop-down list. If necessary, change the IP address, Port, and specify a Host name. Select the certificate created in last step in the SSL certificate drop-down list, and then select OK. Select the http binding, and select Remove. Select Close to close the Site Bindings dialog. Right-click on CLEAR Web, select Manage Website, and then select Start.Install Lucent Sky AVM licenseTo learn more about installing Lucent Sky AVM license to the CLEAR Engine instance, view the following article in the Lucent Sky Knowledge Base:Install Lucent Sky AVM licensePerform pptional tasksAfter you have installed CLEAR Engine and the Web UI, you may want to complete these optional tasks depending on your environment:Enable long path supportConsider enabling long path support if you need to scan applications developed on non-Windows operating systems. To learn more about installing Lucent Sky AVM license to the CLEAR Engine instance, view the following article in the Lucent Sky Knowledge Base:Enable long path supportExclude CLEAR Engine files from antivirus scanningExcluding CLEAR Engine files from antivirus scanning can improve performance. To learn more about installing Lucent Sky AVM license to the CLEAR Engine instance, view the following article in the Lucent Sky Knowledge Base:Exclude CLEAR Engine files from antivirus scanningConfigure package repositoriesConfiguring custom package repositories can make storage maintenance easier. To learn more about configurating custom package repositories, view the following article in the Lucent Sky Knowledge Base:Configure package repositoriesConfigure advanced settingsBoth CLEAR Engine and the Web UI can be configured through configuration files. To learn more about configuring settings of CLEAR Engine and the Web UI, view the following article in the Lucent Sky Knowledge Base:Configure CLEAR Engine and Web UI settingsBackup and restore CLEAR Engine settings and dataCLEAR Engine settings and data can be backed up and restored individually or along with the operating system. To learn more about how to backup and restore CLEAR Engine settings and data, view the following article in the Lucent Sky Knowledge Base:Backup and restore a Lucent Sky AVM instance or clusterUpgrade CLEAR Engine and Web UIBefore upgrading CLEAR Engine and Web UI, consider creating a backup of CLEAR Engine settings and data. The setup program also automatically backs up CLEAR Engine configurations before starting the upgrade process. Verify that no scan on the CLEAR Engine instance (or across all nodes of the cluster if there is more than one node) is in progress or pending. Sign on with a local or domain administrator account. It is recommended to use the built-in local Administrator account for the upgrade process. Extract and execute the self-extracting file (CLEAR_x64.exe) in the CLEAR Engine setup package. It will create a CLEAR_x64 directory. Navigate to the CLEAR_x64 directory, select and hold (or right-click) Setup.bat, and select Run as administrator to launch the setup program. The setup program will start at the Maintenance page. If it start at a different page, it indicates that a valid CLEAR Engine installation was not detected. Restart the computer and start the setup program again. In the Maintenance page, select Update CLEAR Engine + Web UI. The setup program may become unresponsive for several minutes during this process. A dialog box indicates the upgrade has been completed.If there is more than one node in the cluster, perform the same process on each node of the cluster. Nodes running older versions of Lucent Sky AVM are unable to perform certain operations until they are upgraded.Uninstall CLEAR Engine and Web UIBefore removing CLEAR Engine, consider deactivating CLEAR Engine license so that it can be moved to another computer. To learn more about deactivating Lucent Sky AVM license from the CLEAR Engine instance, view the following article in the Lucent Sky Knowledge Base:Install Lucent Sky AVM license Sign in with a local or domain administrator account. Open PowerShell as administrator. Enter the following commands: cd "C:ProgramDataLucent SkyCLEAR EngineMaintenanceCurrent" .Setup.bat -m Select Remove CLEAR Engine. This will remove the Windows service. To remove CLEAR Engine completely from the system, delete the directory C:Program FilesLucent SkyCLEAR Engine. Select Remove Web UI. This will remove the IIS Application Pool and Site. To remove Web UI completely from the system, delete the directory C:Program FilesLucent SkyCLEAR Web.If this is a standalone instance, follow these steps to remove its data from the system: Open PowerShell as administrator. Enter the following command: # Replace .SQLEXPRESS if using a custom SQL Server instance $sqlInstance = ".SQLEXPRESS" sqlcmd -S $sqlInstance -Q "drop database [SkyAnalyzer]" Enter the following command: Remove-Item "C:ProgramDataLucent Sky" -Recurse If this is the last node in the CLEAR Engine cluster, follow these steps to remove its data from the system: On the computer hosting the cluster database, sign in with a local or domain administrator account. Open PowerShell as administrator. Enter the following command: # Replace .SQLEXPRESS if using a custom SQL Server instance $sqlInstance = ".SQLEXPRESS" sqlcmd $sqlInstance -Q "drop database [SkyAnalyzer]" On the computer hosting the cluster storage, sign in with a local or domain administrator account. Open PowerShell as administrator. Enter the following command: # Replace C:ProgramDataLucent Sky if using a custom file system storage location $fileSystemStorage = "C:ProgramDataLucent SkyCLEAR Engine" Remove-Item $fileSystemStorage -Recurse ", "keywords": "avm, guide, administration" } , "/en/avm/admin-guides/clear-engine-system-selection": { "id": "506022", "url": "/en/avm/admin-guides/clear-engine-system-selection", "title": "Administration guide to CLEAR Engine system selection", "description": "", "date": "2025/08/07", "content" : "The recommended system specification for a CLEAR Engine instance is determined by the instance scale, which is calculated by the applications the instance will scan, and the frequency of the scans. This guide provides a guidance on choosing the right system configuration for a CLEAR Engine instance.This article covers the hardware aspects of the system. To learn more about other system requirements or recommendations, such as operating system, view the following article in the Lucent Sky Knowledge Base:Administration guide to CLEAR Engine and Web UIIn this article, you will learn how to: Determine the instance scale Choose the right system configurationAt the end, you will be able to determine the instance scale, and choose the right system configuration for the instance.Determine the instance scaleThere are two primary sectors determining the scale of the instance: The maximum number of applications it will need to scan at any given time Known as "core" or "concurrent scans" Consider peak periods when a larger number of applications might need to be scanned at a short period of time The size of the largest applications it will scan: XS - anything smaller than Small Small - between 500 thousand to 1 million lines of code and below 100 MB of library Medium - between 1 to 2 million lines of code and between 100 to 200 MB of library Large - between 2 to 4 million lines of code and above 200 MB of library XL - anything larger than Large Choose the right system configurationBasic principals The installed processor cores should be at least double of maximum concurrent scans. For example, a system with 4 maximum concurrent scans should have at least 8 processor cores. The installed memory (in GB) should be at least 4 times (for XS and small applications), 8 times (for medium and large applications), or 16 times (for XL applications) of maximum concurrent scans. For example, a system with 4 maximum concurrent scans that often scans medium and large applications should have at least 32 GB of memory. The storage should have at least 5,000 total IOPS per maximum concurrent scan. For example, a system with 4 maximum concurrent scans should have a disk with at least 20,000 IOPS. The available storage space should be quadruple of the size of scans that are persisted on the system. For example, if 10 applications, each 100 MB of size, are scanned daily, and are persisted for 7 days before being archived, the system should have at least 28 GB of disk space available to CLEAR Engine.Reference system specifications1-core Standard Edition for XS and small applications Configuration Storage Azure AWS 2 vCPU, 8 GB memory 5,000 IOPS D2s m7i.large 2-core Enterprise Edition for small and medium applications Configuration Storage Azure AWS 4 vCPU, 16 GB memory 10,000 IOPS D4s m7i.xlarge 2-core Enterprise Edition for medium and large applications Configuration Storage Azure AWS 4 vCPU, 24 GB memory 10,000 IOPS E4s r7i.xlarge 4-core Enterprise Edition for large and XL applications Configuration Storage Azure AWS 16 vCPU, 128 GB memory 20,000 IOPS E16s r7i.4xlarge ", "keywords": "avm, guide, administration" } , "/en/avm/troubleshoot/clear-engine": { "id": "200905", "url": "/en/avm/troubleshoot/clear-engine", "title": "Troubleshoot CLEAR Engine errors", "description": "", "date": "2025/6/16", "content" : "SymptomsThe CLEAR Engine service fails to start.CauseVarious reasons can cause CLEAR Engine fail to start. This article describes common causes and solutions to CLEAR Engine start errors.Resolution In Windows Logs > Application, there is an error from SkyAnalyzer Engine: Service cannot be started. System.Exception: CLEAR Engine could not start because the license store is invalid. Reinitialize the license store and reactivate the prodcut key. You receive this error because the license store is invalid. It is usually caused by significant changes in system configuration or system time. To reinitialize the license store, follow these steps: Open PowerShell as administrator, and enter the following commands: Remove-Item "C:ProgramDataLucent SkyCLEAR" ."C:ProgramDataLucent SkyCLEAR EngineMaintenanceCurrentSkyAnalyzer.Engine.Installer.exe" -I Start-Service "CLEAR Engine" A dialog box will appear to confirm that the license store has been initialized. Use either the Web UI or the installer to activate the product key. In Windows Logs > Application, there is an error from SkyAnalyzer Engine: Service cannot be started. System.Exception: CLEAR Engine could not start because the storage is offline. Ensure the storage is online and no nodes in the cluster is performing maintenance. You receive this error because the storage is offline. The storage is taken offline when CLEAR Engine is performing maintenance. If the CLEAR Engine instance belongs to a cluster, it is likely that another node in the cluster is being updated. If the CLEAR Engine is a standalone instance or you are certain that the storage can be brought online safely, follow these steps to bring the storage online: Open PowerShell as administrator, and enter the following commands: Remove-Item ((Select-Xml -Path "C:Program FilesLucent SkyCLEAR EngineSkyAnalyzer.config" -XPath "skyAnalyzer/add[@key='StorageRoot']").Node.value + "storage_offline") Start-Service "CLEAR Engine" In Windows Logs > Application, there is an error from SkyAnalyzer Engine: Service cannot be started. System.Exception: CLEAR Engine could not start because startup validation failed. (ERROR_CODE) You receive this error because CLEAR Engine detected an error during startup validation. Contact Lucent Sky support to learn how to resolve the underlying issue. ", "keywords": "avm, troubleshoot, engine, clearengine" } , "/en/avm/reference/cli-core": { "id": "243100", "url": "/en/avm/reference/cli-core", "title": "Lucent Sky AVM CLI Reference", "description": "", "date": "2026/04/30", "content" : "This article provides reference materials about the features and functions of Lucent Sky AVM CLI.This article is about the cross-platform CLI built with .NET, also referred to as CLI Core. For the corresponding article about the CLI built with .NET Framework, view the following article in the Lucent Sky Knowledge Base:Get started with Lucent Sky AVM CLILucent Sky AVM CLI has the following sets of features: Application, Autopilot, Config, Dependency, Group, Maintenance, Query, Result, Scan, Tools, and User. They are called interfaces. Each interface has several methods, while each method accepts one or more arguments. If a method is declared as internal, it is for use by other Lucent Sky AVM interfaces (such as IDE extensions). Using internal methods is unsupported.The names of interfaces, methods, and arguments are case-insensitive.In this article Application Autopilot Config Dependency Group Maintenance Query Result Scan Tools UserApplicationThe Application interface has the following methods: Create, Delete, GetEncodedList, GetList, GetRulePackages, and GetRuleRuntime.CreateCreate a new application../SkyAnalyzer.Interface.Cli --Interface Application --Method Create [--Key] --ApplicationId --Name --Framework [--Tags] [--WeaknessPolicies] [--Vectors] [--AnalysisTarget] [--Repository] [--Arguments] [--RulePackageId] [--RuntimeId]This method requires membership of the built-in Users group.To learn about using a custom rule package, view the following article in the Lucent Sky Knowledge Base:Scan an application using a custom rule packageTo learn about using a specific runtime, view the following article in the Lucent Sky Knowledge Base:Scan an application with a specific runtimeExamplesCreate a DotNet application named ContosoWeb.$applicationId = New-Guid./SkyAnalyzer.Interface.Cli --Interface Application --Method Create --ApplicationId $applicationId --Name "ContosoWeb" --Framework "DotNet"Create a DotNet application named ContosoWeb, with tags prod and bay. Weakness policies are CWE79,0 and CWE501,2 Database and WebRequest are the vectors considered potentially dangerous. The relative path to the analysis target is ContosoWebContosoWeb.csproj, big5 is set as the native encoding, while using the specified custom rule package and custom runtime.$applicationId = New-Guid./SkyAnalyzer.Interface.Cli --Interface Application --Method Create --ApplicationId $applicationId --Name "ContosoWeb" --Framework "DotNet" --Tags "prod;bay" --WeaknessPolicies "CWE79,0;CWE501,2" --Vectors "Database,WebRequest" --AnalysisTarget "ContosoWebContosoWeb.csproj" --Arguments "encoding,big5" --RulePackageid $rulePackId --RuntimeId $runtimeIdRequired arguments --Name The name of the application to be created. --Framework The framework of the application. Valid frameworks are DotNet, Android, ASP, Cpp, Go, iOS, Java, Lua, PHP, Python, Ruby, Rust, StaticWeb, Universal, and VisualBasic. Optional arguments --Key The API key. --ApplicationId A GUID to identify the application. If this argument is not present, it will be generated automatically. --Tags The tags of the application to be created. Each tag should be separated by a semicolon. --WeaknessPolicies The weakness policies, separated by semicolons. For example, CWE79,0;CWE501,2. If this argument is not present, the system default value will be used. --Vectors The types of vectors considered potentially dangerous, separated by commas. For example, Database,WebRequest. If this argument is not present, the system default value will be used. --AnalysisTarget The relative path to the analysis target within the source code archive or directory. --Repository The repository connection string to pull the source code. --Arguments The default scan arguments of the application. --RulePackageId The GUID of the rule package to be set as the default rule package of the application. If this argument is not present, the system default value will be used. --RuntimeId The GUID of the runtime to be set as the default runtime of the application. If this argument is not present, the system default value will be used. DeleteDelete an application../SkyAnalyzer.Interface.Cli --Interface Application --Method Delete [--Key] --ApplicationIdThis method requires the Owner role of the application, or Write permission to the Application API interface.ExamplesDelete the specified application../SkyAnalyzer.Interface.Cli --Interface Application --Method Delete --ApplicationId 'AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA'Required arguments --ApplicationId The GUID of the specified application. Optional arguments --Key The API key. GetEncodedListInternal: Return a list of all applications.GetListReturn a list of all applications../SkyAnalyzer.Interface.Cli --Interface Application --Method GetList [--Key] [--Filter]This method requires the Member or Owner role to the applications, or the Execute and Read permissions to the Application API interface.ExamplesGet a list of all applications../SkyAnalyzer.Interface.Cli --Interface Application --Method GetListOptional arguments --Key The API key. --Filter The filter used to list applications. Valid filters are all and my. GetRulePackagesInternal: Return a list of rule packages.GetRuntimesInternal: Return a list of runtimes.AutopilotThe Autopilot interface has the following method: Start.StartStart an autopilot run with the specified source code archive or directory../SkyAnalyzer.Interface.Cli --Interface Autopilot --Method Start [--Key] [--Name] [--Tags] [--WeaknessPolicies] [--Vectors] [--Arguments] [--RulePackageId] --SourceCodePathThis method requires membership of the built-in Users group.ExamplesIdentify the application frameworks in the specified source code archive, create corresponding applications (with ContosoWeb as the name and the application framework as the tag), automatically generate a new autopilot identifier, and start scanning../SkyAnalyzer.Interface.Cli --Interface Autopilot --Method Start --Name "ContosoWeb" --SourceCodePath "C:Source.zip"Identify the application frameworks in the specified source code archive, use existing applications with the autopilot identifier AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA, and start scanning../SkyAnalyzer.Interface.Cli --Interface Autopilot --Method Start --Tag "autopilot-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" --SourceCodePath "C:Source.zip"Required arguments --SourceCodePath The path to the source code archive or directory to be analyzed. For source code archives, the path must have one of the following extensions: .7z or .zip. Optional arguments --Key The API key. --Name The name of the application(s) to be created. This argument is required if an existing autopilot identifier is not specified in the --Tags argument; otherwise, this argument is ignored. --Tags The tags of the application to be created. Each tag should be separated by a semicolon. If no autopilot identifier is specified in this argument, one will be automatically generated. If an existing autopilot identifier is specified in this argument, all other tags are ignored. --WeaknessPolicies The weakness policies, separated by semicolons. For example, CWE79,0;CWE501,2. If this argument is not present, the system default value will be used. This argument is ignored if an existing autopilot identifier is specified in the --Tags argument. --Vectors The types of vectors considered potentially dangerous, separated by commas. For example, Database,WebRequest. If this argument is not present, the system default value will be used. This argument is ignored if an existing autopilot identifier is specified in the --Tags argument. --Arguments The default scan arguments of the application. Arguments not applicable to the identified framework(s) are ignored. This argument is ignored if an existing autopilot identifier is specified in the --Tags argument. --RulePackageId The GUID of the rule package to be set as the default rule package of the application. If this argument is not present, the system default value will be used. This argument is ignored if an existing autopilot identifier is specified in the --Tags argument. ConfigThe Config interface has the following method: Set.SetSet a configuration option../SkyAnalyzer.Interface.Cli --Interface Config --Method Set --ValueThis method does not require authentication.ExamplesConfigure the CLI to communicate with a remote Lucent Sky AVM instance.# Replace <InstanceFqdn> with the FQDN or IP address of the CLEAR Engine instance$InstanceFqdn = "<InstanceFqdn>"./SkyAnalyzer.Interface.Cli --Interface Config --Method Set --Value "endpoint = ${InstanceFqdn}:5759"Configure the CLI to use named pipe endpoints to communicate with a CLEAR Engine instance:./SkyAnalyzer.Interface.Cli --Interface Config --Method Set --Value "endpoint = namedpipe"Required arguments --Value The key and value to configure, in the format of key = value. Valid key is endpoint. DependencyThe Dependency interface has the following method: GetEncodedList, GetList, GetEncodedProjectList, and GetProjectList.GetEncodedListInternal: Return a list of all dependencies.GetListReturn a list of all dependencies../SkyAnalyzer.Interface.Cli --Interface Dependency --Method GetList [--Key]This method requires the Member or Owner role to the applications, or the Execute and Read permissions to the Application API interface.ExamplesGet a list of all dependencies../SkyAnalyzer.Interface.Cli --Interface Dependency --Method GetListOptional arguments --Key The API key. GetEncodedProjectListInternal: Return a list of applications of which the most recent scan includes the specified dependency.GetProjectListReturn a list of applications of which the most recent scan includes the specified dependency../SkyAnalyzer.Interface.Cli --Interface Dependency --Method GetProjectList --QueryStatement [--Key]This method requires the Member or Owner role to the applications, or the Execute and Read permissions to the Application API interface.ExamplesGet a list of applications that have the jquery dependency with version number lower than 1.4.2.1 in their most recent scan../SkyAnalyzer.Interface.Cli --Interface Dependency --Method GetProjectList --QueryStatement "Name = 'jquery' AND Version < '1.4.2.1'"Required arguments --QueryStatement The query statement to execute. Optional arguments --Key The API key. GroupThe Group interface has the following methods: Create, Delete, Edit, GetEncodedList, and GetList.CreateCreate a new group../SkyAnalyzer.Interface.Cli --Interface Group --Method Create [--Key] --NameThis method requires Full Control of the Group API interface.ExamplesCreate a group named Auditors../SkyAnalyzer.Interface.Cli --Interface Group --Method Create --Name "Auditors"Required arguments --Name The name of the group. Optional arguments --Key The API key. DeleteDelete a group../SkyAnalyzer.Interface.Cli --Interface Group --Method Delete [--Key] --GroupIdThis method requires Full Control of the Group API interface.ExamplesDelete the specified group../SkyAnalyzer.Interface.Cli --Interface Group --Method Delete --GroupId "0A0A0A0A-0A0A-00AA-0A00-0A0A0A0A00A0"Required arguments GroupId The GUID of the group. Optional arguments --Key The API key. EditEdit a group../SkyAnalyzer.Interface.Cli --Interface Group --Method Edit [--Key] --GroupId --Name --Members --PermissionsThis method requires Full Control of the Group API interface.ExamplesUpdate the specified group to have read permission for the Application and related API interfaces../SkyAnalyzer.Interface.Cli --Interface Group --Method Edit --GroupId "0A0A0A0A-0A0A-00AA-0A00-0A0A0A0A00A0" --Permissions "Application,4"Update the specified group to have users 01010101-0101-0011-0100-010101010010 and 02020202-0202-0022-0200-020202020020 as its members../SkyAnalyzer.Interface.Cli --Interface Group --Method Edit --GroupId "0A0A0A0A-0A0A-00AA-0A00-0A0A0A0A00A0" --Members "01010101-0101-0011-0100-010101010010,02020202-0202-0022-0200-020202020020"Required arguments GroupId The GUID of the group. Optional arguments --Key The API key. --Name The name of the group. If this argument is not present or is empty, the group's name will not be modified. --Members The GUID of the member users of the group, separated by commas. If this argument is not present, the group's members will not be modified. If this argument is empty, all members will be removed from the group. --Permissions The API permissions the group's members have access to, with the interface and permission separated by a comma and permission entries separated by semicolons. Valid interfaces are Project, Settings, and User. Permission is a bit field (a set of flags). 0 represents no permission, 1 represents execute or list permission, 2 represents write permission, and 4 represents read permission. For example, Project,7;Settings,4 gives full control (execute, write, and read permissions) to the Project and related API interfaces, read permission to the Settings and related API interfaces, and no permission to other interfaces. If this argument is not present, the group's permissions will not be modified. If this argument is empty, all permissions will be removed from the group. GetEncodedListInternal: Return a list of all groups.GetListReturn a list of all groups../SkyAnalyzer.Interface.Cli --Interface Group --Method GetList [--Key]This method requires authentication and does not require specific permission.ExamplesGet a list of all groups../SkyAnalyzer.Interface.Cli --Interface Group --Method GetListOptional arguments --Key The API key. MaintenanceThe Maintenance interface has the following methods: DownloadApl, DownloadLogs, GetLicense, and GetSystemStatus.DownloadAplDownload the APL files of the specified framework../SkyAnalyzer.Interface.Cli --Interface Maintenance --Method DownloadApl [--Key] --Framework --AplPathThis method requires authentication and does not require specific permission.ExamplesDownload the APL files for DotNet to C:APL-DotNet.zip../SkyAnalyzer.Interface.Cli --Interface Maintenance --Method DownloadApl --Framework "DotNet" --AplPath "C:APL-DotNet.zip"Required arguments --Framework The framework of the APL binaries. Valid frameworks are DotNet, Android, ASP, Cpp, Go, iOS, Java, Lua, PHP, Python, Ruby, Rust, StaticWeb, Universal, and VisualBasic --AplPath The path to save the APL binaries. The path must have the extension .zip. Optional arguments --Key The API key. DownloadLogsDownload the system logs of the specified date../SkyAnalyzer.Interface.Cli --Interface Maintenance --Method DownloadLogs [--Key] --LogsDate --LogsPathThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesDownload the system logs on 2020/4/1 to C:System-Logs-20200401.zip../SkyAnalyzer.Interface.Cli --Interface Maintenance --Method DownloadLogs --LogsDate "2020/4/1" --LogsPath "C:System-Logs-20200401.zip"Required arguments --LogsDate The date, in system time, of the system logs to download. --LogsPath The path to save the log files. The path must have the extension .zip. Optional arguments --Key The API key. GetLicenseReturn the license information of the CLEAR Engine instance../SkyAnalyzer.Interface.Cli --Interface Maintenance --Method GetLicense [--Key]This method requires authentication and does not require specific permission.ExamplesGet the license information of the CLEAR Engine instance../SkyAnalyzer.Interface.Cli --Interface Maintenance --Method GetLicenseOptional arguments --Key The API key. GetSystemStatusReturn the system status of the CLEAR Engine instance../SkyAnalyzer.Interface.Cli --Interface Maintenance --Method GetSystemStatus [--Key]This method requires authentication and does not require specific permission. Getting performance counters requires membership of the built-in Users group.ExamplesGet the system status of the CLEAR Engine instance../SkyAnalyzer.Interface.Cli --Interface Maintenance --Method GetSystemStatusOptional arguments --Key The API key. QueryThe Query interface has the following method: Execute.ExecuteExecute the specified query against the data source../SkyAnalyzer.Interface.Cli --Interface Query --Method Execute [--Key] --QueryDataSource --QueryStatementThis method does not require authentication when querying against a local data source and requires Execute and Read permissions of the Query API interface when querying against a CLEAR Engine instance.ExamplesQuery the number of results in an XML report with a 1 or 2 priority../SkyAnalyzer.Interface.Cli --Interface Query --Method Execute --QueryDataSource "C:Report.xml" --QueryStatement "SELECT COUNT(ID) FROM Results WHERE PRIORITY <= 2"Query the application ID of applications that have the jquery dependency with version number lower than 1.4.2.1 in their most recent scan../SkyAnalyzer.Interface.Cli --Interface Query --Method Execute --QueryDataSource "Engine" --QueryStatement "SELECT ApplicationId FROM Dependencies WHERE Name = 'jquery' AND Version < '1.4.2.1'"Required arguments --QueryDataSource The path to the data source. Valid values are Engine or the path to an XML report. --QueryStatement The query statement to execute. Optional arguments --Key The API key. ResultThe Result interface has the following methods: Hide and Unhide.HideHide a result../SkyAnalyzer.Interface.Cli --Interface Result --Method Hide [--Key] --ResultIdThis method requires the Owner role of the application or the scan, or Write permission to the Result API interfaces.ExamplesHide the specified result../SkyAnalyzer.Interface.Cli --Interface Result --Method Hide --ResultId "01010010-0101-0010-0101-001001010010"Required arguments --ResultId The GUID of the specified result. Optional arguments --Key The API key. UnhideUnhide a result../SkyAnalyzer.Interface.Cli --Interface Result --Method Unhide [--Key] --ResultIdThis method requires the Owner role of the application or the scan, or Write permission to the Result API interfaces.ExamplesUnhide the specified result../SkyAnalyzer.Interface.Cli --Interface Result --Method Unhide --ResultId "01010010-0101-0010-0101-001001010010"Required arguments --ResultId The GUID of the specified result. Optional arguments --Key The API key. ScanThe Scan interface has the following methods: Analyze, Archive, BeginAnalyze, BeginImport, BeginRemediate, BeginReport, Create, Delete, DownloadLogs, EndRemediate, EndReport, GetRemediateStatus, GetReportStatus, GetResult, GetStage, GetStatus, Import, Purge, Remediate, and Report.AnalyzeUpload the source code and start the scan. This is a synchronous method and will not return until the scan is completed../SkyAnalyzer.Interface.Cli --Interface Scan --Method Analyze [--Key] --ScanId --SourceCodePathThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface. It also requires membership of the built-in Users group.To learn more about creating the source code archive of an application, view the following article in the Lucent Sky Knowledge Base:Prepare an application for scanningExamplesUpload the source code archive at C:Source.zip to the specified scan and start the scan../SkyAnalyzer.Interface.Cli --Interface Scan --Method Analyze --ScanId "55555555-5555-5555-5555-555555555555" --SourceCodePath "C:Source.zip"Pull source code using the repository connecting string to the specified scan and start the scan../SkyAnalyzer.Interface.Cli --Interface Scan --Method Analyze --ScanId "55555555-5555-5555-5555-555555555555" --SourceCodePath ".repository"Required arguments --ScanId The GUID of the specified scan. --SourceCodePath The path to the source code archive or directory to be analyzed. For source code archives, the path must have one of the following extensions: .7z, .jar, .war, or .zip. To pull source code using the repository connection string of the application or scan, set the path to .repository. Optional arguments --Key The API key. ArchiveArchive scans created before a specified date and time../SkyAnalyzer.Interface.Cli --Interface Scan --Method Archive [--Key] --PurgeThresholdThis method requires Execute and Read permissions to the Scan API interface.ExamplesArchive scans created before June 15, 2019 1:45:30 PM (UTC)../SkyAnalyzer.Interface.Cli --Interface Scan --Method Archive --PurgeThreshold "2019-06-15T13:45:30"Required arguments --PurgeThreshold The date and time threshold, in UTC, to purge or archive scans. The threshold must be at least 168 hours earlier than the current time. Scans started before the threshold will be deleted, unless they are in progress or in queue. Applications with no scan after the purge will also be deleted, unless the CascadePurge argument is set to False. The date and time format must conform with .NET Standard Date and Time Format Strings, such as 2009-06-15T13:45:30. Optional arguments --Key The API key. --CascadePurge True (default) will delete applications with no scan after the purge and False will keep applications with no scan after the purge. BeginAnalyzeUpload the source code then start the scan. This is an asynchronous method and will return when the scan starts../SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginAnalyze [--Key] --ScanId --SourceCodePathThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface. It also requires membership of the built-in Users group.ExamplesUpload the source code archive at C:Source.zip to the specified scan and start the scan../SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginAnalyze --ScanId "55555555-5555-5555-5555-555555555555" --SourceCodePath "C:Source.zip"Pull source code using the repository connection string to the specified scan and start the scan../SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginAnalyze --ScanId "55555555-5555-5555-5555-555555555555" --SourceCodePath ".repository"Required arguments --ScanId The GUID of the specified scan. --SourceCodePath The path to the source code archive or directory to be analyzed. For source code archives, the path must have one of the following extensions: .7z, .jar, .war, or .zip. To pull source code using the repository connection string of the application or scan, set the path to .repository. Optional arguments --Key The API key. BeginImportUpload the source code and foreign report file then start the scan. This is an asynchronous method and will return when the scan starts../SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginImport [--Key] --ScanId --ForeignReportPath --SourceCodePathThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface. It also requires membership of the built-in Users group.ExamplesUpload the foreign report file at C:Report.xml and the source code archive at C:Source.zip to the specified scan and start the scan../SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginImport --ScanId "55555555-5555-5555-5555-555555555555" --ForeignReportPath "C:Report.xml" --SourceCodePath "C:Source.zip"Required arguments --ScanId The GUID of the specified scan. --ForeignReportPath The path to the foreign report file to be imported. The path must have one of the following extensions: .fpr, .txt, or .xml. --SourceCodePath The path to the source code archive or directory to be analyzed. For source code archives, the path must have one of the following extensions: .7z, .jar, .war, or .zip. Optional arguments --Key The API key. BeginRemediateGenerate remediated source code of a completed scan. This is an asynchronous method and will return a tick representing this specific remediated source code archive when generation starts.$ticks = ./SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginRemediate [--Key] --ScanId --RemediationOptionThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesStart to generate the remediated source code archive of the specified scan, including remediation information and original source code in the remediated source code. A tick representing the remediated source code archive will be saved to the ticks variable.$ticks = ./SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginRemediate --ScanId "55555555-5555-5555-5555-555555555555" --RemediationOption 3Required arguments --ScanId The GUID of the specified scan. Optional arguments --Key The API key. --RemediationOption Use this argument to control how the remediated source code is generated. This argument is a bit field (a set of flags). 1 indicates that remediation information should be included as comments, 2 indicates that the original source code should be included as comments, 4 indicates that a diff file should be generated, and 8 indicates that only modified files should be included. For example, when RemediationOption is set to 5, the remediated source code will include remediation information as comments and include the diff file. If this argument is not present, 0 will be used (does not include any of the above). BeginReportGenerate the report of a completed scan. This is an asynchronous method and will return a tick representing this specific report when generation starts.$ticks = ./SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginReport [--Key] --ScanId --ReportFormat [--ReportLanguage]This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesStart to generate a report in xml format of the specified scan. A tick representing the report will be saved to the ticks variable.$ticks = ./SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginReport --ScanId "55555555-5555-5555-5555-555555555555" --ReportFormat "xml"Required arguments --ScanId The GUID of the specified scan. If this argument is not present, it will be generated automatically. --ReportFormat The format of the report. Valid formats are html, pdf, and xml. Optional arguments --Key The API key. --ReportLanguage The language of the report. Valid values are en (default), de, ja, and zh. CreateCreate a new scan../SkyAnalyzer.Interface.Cli --Interface Scan --Method Create [--Key] --ApplicationId --ScanId [--Tags] [--WeaknessPolicies] [--Vectors] [--AnalysisTarget] [--Repository] [--Arguments] [--Type] [--SkipValidation]This method requires the Member or Owner role of the application, or Read permission of the Application API interface. It also requires membership of the built-in Users group.ExamplesCreate a scan under the specified application.$scanId = New-Guid./SkyAnalyzer.Interface.Cli --Interface Scan --Method Create --ApplicationId "A4A4A4A4-A4A4-A4A4-A4A4-A4A4A4A4A4A4" --ScanId $scanIdCreate a scan under the specified application using intelligent analysis, with tags prod and bay. Weakness policies are CWE79,0 and CWE501,2 Database and WebRequest are the vectors considered potentially dangerous. The relative path to the analysis target is ContosoWebContosoWeb.csproj, and scan arguments encoding,big5.$scanId = New-Guid./SkyAnalyzer.Interface.Cli --Interface Scan --Method Create --ApplicationId "A4A4A4A4-A4A4-A4A4-A4A4-A4A4A4A4A4A4" --ScanId "55555555-5555-5555-5555-555555555555" --Tags "prod;bay" --WeaknessPolicies "CWE79,0;CWE501,2" --Vectors "Database" --AnalysisTarget "ContosoWebContosoWeb.csproj" --Arguments "encoding,big5"Create a scan under the specified application using intelligent analysis, and override the application's weakness policies with default weakness policies.The WeaknessPolicies argument is set to a space character to ensure it is parsed correctly as empty instead of null.$scanId = New-Guid./SkyAnalyzer.Interface.Cli --Interface Scan --Method Create --ApplicationId "A4A4A4A4-A4A4-A4A4-A4A4-A4A4A4A4A4A4" --ScanId "55555555-5555-5555-5555-555555555555" --WeaknessPolicies " "Required arguments --ScanId A GUID to identify the scan. If this argument is not present, it will be generated automatically. --ApplicationId The GUID of the application this scan belongs to. Optional arguments --Key The API key. --Tags The tags of the scan to be created. Each tag should be separated by a semicolon. --WeaknessPolicies The weakness policies, separated by semicolons. For example, CWE79,0;CWE501,2. If this argument is not present, the value from application will be used. If this argument is empty or contains only spaces, default weakness policies will be used. --Vectors The types of vectors considered potentially dangerous, separated by commas. For example, Database,WebRequest. If this argument is not present, the value from application will be used. If this argument is empty or contains only spaces, default vectors will be used. --AnalysisTarget The relative path to the analysis target, such as a project file or a binary file, within the source code archive or directory. If this argument is not present, the value from application will be used. If this argument is empty or contains only spaces, analysis target will be detected automatically. --Repository The repository connection string to pull the source code. --Arguments The scan arguments for this scan. If this argument is not present, the value from application will be used. If this argument is empty or contains only spaces, no scan argument will be set. --Type The scan analysis type. 0 is built-in static analysis (default) and 1 is foreign analysis importation. --SkipValidation False (default) will perform rule package integrity check and True will skip rule package integrity check. DeleteDelete a scan../SkyAnalyzer.Interface.Cli --Interface Scan --Method Delete [--Key] --ScanIdThis method requires the Owner role of the application or the scan, or Write permission of the Scan API interface.ExamplesDelete the specified scan../SkyAnalyzer.Interface.Cli --Interface Scan --Method Delete --ScanId $scanIdRequired arguments --ScanId The GUID of the specified scan. Optional arguments --Key The API key. DownloadLogsDownload log files associated with a scan../SkyAnalyzer.Interface.Cli --Interface Scan --Method DownloadLogs [--Key] --ScanId --LogsPathThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesDownload the log files of the specified scan to C:Logs.zip../SkyAnalyzer.Interface.Cli --Interface Scan --Method DownloadLogs --ScanId "55555555-5555-5555-5555-555555555555" --LogsPath "C:Logs.zip"Required arguments --ScanId The GUID of the specified scan. --LogsPath The path to save the log files. The path must have the extension .zip. Optional arguments --Key The API key. EndRemediateDownload the specified remediated source code of a completed scan, or the last remediated source code archive of a completed scan if none was specified../SkyAnalyzer.Interface.Cli --Interface Scan --Method EndRemediate [--Key] --ScanId --RemediatedSourceCodePath [--Ticks]This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesDownload the remediated source code archive of the specified scan that is associated with the specified ticks to C:RemediatedSource.zip../SkyAnalyzer.Interface.Cli --Interface Scan --Method EndRemediate --ScanId "55555555-5555-5555-5555-555555555555" --RemediatedSourceCodePath "C:RemediatedSource.zip" --Ticks "637449696000000000"Required arguments --ScanId The GUID of the specified scan. --RemediatedSourceCodePath The path to save the remediated source code. The path must have the extension .zip. Optional arguments --Key The API key. --Ticks The ticks associated with a remediated source code archive. If this argument is not present, the last remediated source code archive will be downloaded. EndReportDownload the specified report of a completed scan, or the last report of a completed scan if none was specified../SkyAnalyzer.Interface.Cli --Interface Scan --Method EndReport [--Key] --ScanId --ReportPath --ReportFormat [--ReportLanguage] [--Ticks]This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesDownload the xml report of the specified scan that is associated with the specified ticks to C:Report.zip:./SkyAnalyzer.Interface.Cli --Interface Scan --Method EndReport --ScanId "55555555-5555-5555-5555-555555555555" --ReportPath "C:Report.zip" --ReportFormat "xml" --Ticks "637449696000000000"Required arguments --ScanId The GUID of the specified scan. --ReportFormat The format of the report. Valid formats are html, pdf, and xml. --ReportPath The path to save the report. The path must have the extension .zip. Optional arguments --Key The API key. --ReportLanguage The language of the report. Valid values are en (default), de, ja, and zh. --Ticks The ticks associated with a specific report. If this argument is not present, the last report of the specified or default language will be download. GetRemediateStatusReturn the status of remediated source code generation. 0 if the generation is ongoing, 1 if the generation has completed, and 2 if the generation has failed../SkyAnalyzer.Interface.Cli --Interface Scan --Method GetRemediateStatus [--Key] --ScanId --TicksThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesGet the status of the remediated source code archive of the specified scan that is associated with the specified ticks:./SkyAnalyzer.Interface.Cli --Interface Scan --Method GetRemediateStatus --ScanId "55555555-5555-5555-5555-555555555555" --Ticks "637449696000000000"Required arguments --ScanId The GUID of the specified scan. --Ticks The ticks associated with a specific remediated source code archive. Optional arguments --Key The API key. GetReportStatusReturn the status of report generation. 0 if the generation is ongoing, 1 if the generation has completed, 2 if the generation has failed../SkyAnalyzer.Interface.Cli --Interface Scan --Method GetReportStatus [--Key] --ScanId --Ticks --ReportFormatThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesGet the status of the xml report of the specified scan that is associated with the specified ticks../SkyAnalyzer.Interface.Cli --Interface Scan --Method GetReportStatus --ScanId "55555555-5555-5555-5555-555555555555" --Ticks "637449696000000000" --ReportFormat "xml"Required arguments --ScanId The GUID of the specified scan. --ReportFormat The format of the report. Valid formats are html, pdf, and xml. --Ticks The ticks associated with a specific report. Optional arguments --Key The API key. GetResultReturn the result code of a completed scan. If the scan completed successfully, 0 is returned regardless if the scan has warnings; if the scan failed, the actual result code is returned../SkyAnalyzer.Interface.Cli --Interface Scan --Method GetResult [--Key] --ScanIdThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesGet the result code of the specified scan../SkyAnalyzer.Interface.Cli --Interface Scan --Method GetResult --ScanId $scanIdRequired arguments --ScanId The GUID of the specified scan. Optional arguments --Key The API key. GetStageInternal: Return the stage and progress of an ongoing scan.GetStatusReturn the status of a scan. True if the scan has completed (even if the scan has failed) and False if the scan is ongoing../SkyAnalyzer.Interface.Cli --Interface Scan --Method GetStatus [--Key] --ScanIdThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesGet the status of the specified scan../SkyAnalyzer.Interface.Cli --Interface Scan --Method GetStatus --ScanId $scanIdRequired arguments --ScanId The GUID of the specified scan. Optional arguments --Key The API key. ImportUpload the source code and foreign report file and start the scan. This is a synchronous method and will not return until the scan is completed../SkyAnalyzer.Interface.Cli --Interface Scan --Method Import [--Key] --ScanId --ForeignReportPath --SourceCodePathThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface. It also requires membership of the built-in Users group.ExamplesUpload the foreign report file at C:Report.xml and the source code archive at C:Source.zip to the specified scan and start the scan../SkyAnalyzer.Interface.Cli --Interface Scan --Method Import --ScanId "55555555-5555-5555-5555-555555555555" --ForeignReportPath "C:Report.xml" --SourceCodePath "C:Source.zip"Required arguments --ScanId The GUID of the specified scan. --ForeignReportPath The path to the foreign report file to be imported. The path must have one of the following extensions: .fpr, .txt, or .xml. --SourceCodePath The path to the source code archive or directory to be analyzed. For source code archives, the path must have one of the following extensions: .7z, .jar, .war, or .zip. Optional arguments --Key The API key. PurgeDelete scans created before a specified date and time../SkyAnalyzer.Interface.Cli --Interface Scan --Method Purge [--Key] --PurgeThreshold [--CascadePurge]This method requires Execute and Read permissions to the Scan API interface.ExamplesPurge scans created before June 15, 2019 1:45:30 PM (UTC)../SkyAnalyzer.Interface.Cli --Interface Scan --Method Purge --PurgeThreshold "2019-06-15T13:45:30"Required arguments --PurgeThreshold The date and time threshold, in UTC, to purge or archive scans. The threshold must be at least 168 hours earlier than the current time. Scans started before the threshold will be deleted, unless they are in progress or in queue. Applications with no scan after the purge will also be deleted, unless the CascadePurge argument is set to False. The date and time format must conform with .NET Standard Date and Time Format Strings, such as 2009-06-15T13:45:30. Optional arguments --Key The API key. --CascadePurge True (default) will delete applications with no scan after the purge and False will keep applications with no scan after the purge. RemediateGenerate remediated source code of a completed scan and download it when generation is completed. This is a synchronous method and will not return until the generation is completed.$ticks = ./SkyAnalyzer.Interface.Cli --Interface Scan --Method Remediate [--Key] --ScanId --RemediatedSourceCodePath [--RemediationOption]This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesGenerate the remediated source code archive of the specified scan, including remediation information and original source code in the remediated source code, and download it to C:RemediatedSource.zip.$ticks = ./SkyAnalyzer.Interface.Cli --Interface Scan --Method Remediate --ScanId "55555555-5555-5555-5555-555555555555" --RemediationOption 3 --RemediatedSourceCodePath "C:RemediatedSource.zip"Required arguments --ScanId The GUID of the specified scan. --RemediatedSourceCodePath The path to save the remediated source code. The path must have the extension .zip. Optional arguments --Key The API key. --RemediationOption Use this argument to control how the remediated source code is generated. This argument is a bit field (a set of flags). 1 indicates that remediation information should be included as comments, 2 indicates that the original source code should be included as comments, 4 indicates that a diff file should be generated, and 8 indicates that only modified files should be included. For example, when RemediationOption is set to 5, the remediated source code will include remediation information as comments and include the diff file. If this argument is not present, 0 will be used (does not include any of the above). ReportGenerate the report of a completed scan and download it when generation is completed. This is a synchronous method and will not return until the generation is completed../SkyAnalyzer.Interface.Cli --Interface Scan --Method Report --ScanId --ReportFormat --ReportPath [--ReportLanguage]This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesGenerate a report in html format with dark style of the specified scan and download it to C:Report.zip:./SkyAnalyzer.Interface.Cli --Interface Scan --Method Report --ScanId "55555555-5555-5555-5555-555555555555" --ReportFormat "html,dark" --ReportPath "C:Report.zip"Required arguments --ScanId The GUID of the specified scan. --ReportFormat The format, style, and verbosity of the report. Valid values must start with one of the following formats: html, pdf, and xml, and optionally followed by one or more style and verbosity options. Valid style options are audit, dark, and quick for html; audit and quality for pdf. Valid verbosity options are detailedverbosity and minimalverbosity for html and pdf. --ReportPath The path to save the report. The path must have the extension .zip. Optional arguments --Key The API key. --ReportLanguage The language of the report. Valid values are en (default), de, ja, and zh. ToolsThe Tools interface has the following methods: Base64Encode and DetectFrameworks.Base64EncodeGenerate the base64-encoded value of a user object../SkyAnalyzer.Interface.Cli --Interface Tools --Method Base64Encode --ValueThis method does not require authentication.ExamplesGenerate the base64-encoded string of a user object of the built-in account eve@contoso.com with the password password and save it to the variable $userObject.$userObject = ./SkyAnalyzer.Interface.Cli --Interface Tools --Method Base64Encode --Value "eve@contoso.com password Sql"Required arguments --Value The format is Email Password AccountType. Use Sql as AccountType for built-in accounts; ActiveDirectory for organizational accounts. DetectFrameworksInternal: Detect the application frameworks of the specified directory.UserThe User interface has the following methods: Authenticate, Create, Delete, Edit, GetEncodedList, GetList, Migrate, and SetPassword.AuthenticateInternal: Validate if the user credentials are valid.CreateCreate a new user../SkyAnalyzer.Interface.Cli --Interface User --Method Create [--Key] --Email --Provider [--Password]This method requires Write permission to the User API interface.ExamplesCreate a new local user carol@contoso.com with password password../SkyAnalyzer.Interface.Cli --Interface User --Method Create --Provider "Sql" --Email "carol@contoso.com" --Password "password"Create a new organizational user carol@contoso.com../SkyAnalyzer.Interface.Cli --Interface User --Method Create --Provider "ActiveDirectory" --Email "carol@contoso.com"Required arguments --Email The email of the user. --Provider The membership provider of the user. Valid providers are ActiveDirectory and Sql. Optional arguments --Key The API key. --Password The password of the user. This argument is required when using the SQL membership provider and is ignored when using the Active Directory membership provider. DeleteDelete a user../SkyAnalyzer.Interface.Cli --Interface User --Method Delete [--Key] --UserIdThis method requires Write permission to the User API interface.ExamplesDelete the specified user../SkyAnalyzer.Interface.Cli --Interface User --Method Delete --UserId "01010101-0101-0011-0100-010101010010"Required arguments --UserId GUID of the specified user. Optional arguments --Key The API key. EditEdit a user../SkyAnalyzer.Interface.Cli --Interface User --Method Edit --UserId --GroupsThis method requires Write and Read permissions to the User API interface.ExamplesUpdate the specified user to have membership of groups 0A0A0A0A-0A0A-00AA-0A00-0A0A0A0A00A0 and 0B0B0B0B-0B0B-00BB-0B00-0B0B0B0B00B0../SkyAnalyzer.Interface.Cli --Interface User --Method Edit --UserId "01010101-0101-0011-0100-010101010010" --Groups "0A0A0A0A-0A0A-00AA-0A00-0A0A0A0A00A0,0B0B0B0B-0B0B-00BB-0B00-0B0B0B0B00B0"Required arguments --UserId GUID of the specified user. Optional arguments --Key The API key. GetEncodedListInternal: Return a list of all users.GetListReturn a list of all users../SkyAnalyzer.Interface.Cli --Interface User --Method GetList [--Key]This method requires authentication and does not require specific permission.ExamplesGet a list of all users../SkyAnalyzer.Interface.Cli --Interface User --Method GetListOptional arguments --Key The API key. MigrateMigrate the data of one user to another user../SkyAnalyzer.Interface.Cli --Interface User --Method Migrate [--Key] --UserId --ValueThis method requires Write and Read permissions to the User API interface.ExamplesMigrate the data of user 01010101-0101-0011-0100-010101010010 to destination user 02020202-0202-0022-0200-020202020020../SkyAnalyzer.Interface.Cli --Interface User --Method Migrate --UserId "01010101-0101-0011-0100-010101010010" --Value "02020202-0202-0022-0200-020202020020"Required arguments --UserId GUID of the source user. --Value GUID of the destination user. Optional arguments --Key The API key. SetPasswordSet the password of a user../SkyAnalyzer.Interface.Cli --Interface User --Method SetPassword [--Key] --UserId --PasswordThis method requires Write permission to the User API interface.ExamplesSet the password for user with user ID 01010101-0101-0011-0100-010101010010 to password../SkyAnalyzer.Interface.Cli --Interface User --Method SetPassword --UserId "01010101-0101-0011-0100-010101010010" --Password "password"Required arguments --UserId GUID of the specified user. --Password Password of the user. Optional arguments --Key The API key. AppendixVerbsLucent Sky AVM CLI supports the use of verbs instead of interfaces and methods. Combine the Interface and Method arguments with a space in between to use as a verb. As with the names of interfaces and methods, verbs are case-insensitive.When using a verb, it must be the first argument.Example$applicationId = New-Guid# Replace <ApplicationName> with a descriptive name of the application$applicationName = "<ApplicationName>"# Replace <Framework> with the framework of the application$framework = "<Framework>"./SkyAnalyzer.Interface.Cli application create --Name $applicationName --Framework $framework --ApplicationId $applicationIdEnvironment variablesLucent Sky AVM CLI supports the following environment variables: --CLEAR_API_KEY The API key. If both the Key argument and the CLEAR_API_KEY environment variable are present, the value of the Key argument will be used. ExampleSet the CLEAR_API_KEY to the value of an API key, then get the list of all applications.$env:CLEAR_API_KEY = "lsDZG9X9PlkuK+bv+tJFpg8tUS4ISbWTi4+kQKm7Wh0="./SkyAnalyzer.Interface.Cli --Interface Application --Method GetListLog in using credentialsLog in using user credentials has been deprecated in favor of using API keys. To log in using user credentials, omit the Key argument and set the Credential argument to the Base64-encoded user object.ExamplesCreate an user object of the local user eve@contoso.com with password password and get the list of all applications.$userObject = ./SkyAnalyzer.Interface.Cli --Interface Tools --Method Base64Encode --Value "eve@contoso.com password Sql"./SkyAnalyzer.Interface.Cli --Interface Application --Method GetList --Credential $userObjectResolve common issues using CLI exit codeAfter calling a method in CLI, the process will return an exit code. The default exit code 0 will be returned if the process has completed successfully. Refer to the table below for a list of all exit codes, their causes and solutions. 0 - The process has completed successfully. -11 - User authentication failed. (AUTHENTICATION_FAILED) -12 - User authorization failed. (AUTHORIZATION_FAILED) -100 - The license has expired, has no remaining scans, or is invalid. (INVALID_LICENSE) -111 - The number of applications has reached the limit of the license. (PROJECT_LIMIT_REACHED) -112 - The number of users has reached the limit of the license. (USER_LIMIT_REACHED) -121 - The specified framework is not available. (INVALID_FRAMEWORK) -122 - The specified report format is not available. (INVALID_REPORT_FORMAT) -123 - The specified remediation option is not available. (INVALID_MITIGATION_OPTION) -201 - The API model is null. (NULL_API_MODEL) -202 - The API model is invalid. (INVALID_API_MODEL) -203 - The input is invalid. (INVALID_INPUT) -301 - The storage is offline. (OFFLINE) -302 - The storage functional level is incompatible. (FUNCTIONAL_LEVEL) -20000 - An unexpected error occurred. -20001 - The platform or architecture is unsupported. -20002 - The configuration file is invalid. -20004 - Network error. Verify the network status or try again later. -20005 - Operation timeout. Verify the network status or try again later. -20006 - Communication error. Verify the network status or try again later. 20011 - The synchronized method has timed-out, but has started successfully. 20021 - The method completed successfully, but is no longer applicable to the scan. -20100 - One or more arguments is invalid. -20101 - 'Interface' is missing or invalid. -20102 - 'Method' is missing or invalid. -20103 - One or more arguments for this method is missing. -20105 - Authentication or authorization failed. -20106 - 'Value' is invalid. -20201 - 'Framework' is invalid. -20203 - 'Repository' is invalid. -20206 - 'Vectors' is invalid. -20208 - 'RulePackageId' is not present. -20209 - 'RuntimeId' is not present or is incompatible to the framework of the application. -20211 - 'Filter' is invalid. -20301 - 'Type' is invalid. -20302 - 'SourceCodePath' is not a valid path or the specified file or directory does not exist. -20303 - 'SourceCodePath' is in an unsupported format. -20304 - 'ForeignReportPath' is not a valid file path or the specified file does not exist. -20305 - 'ForeignReportPath' is in an unsupported format. -20306 - 'RemediatedSourceCodePath' must have a zip extension. -20307 - 'RemediationOption' is invalid. -20308 - 'Ticks' is invalid. -20309 - 'ReportFormat' is invalid. -20310 - 'ReportPath' must have a zip extension. -20311 - 'ReportLanguage' is invalid. -20312 - 'PurgeThreshold' is invalid. -20313 - 'LogsPath' must have a zip extension. -20401 - 'AplPath' must have a zip extension. -20403 - 'LogsDate' is invalid. -20404 - 'Groups' is invalid. -20405 - 'Members' is invalid. -20406 - 'Permissions' is invalid. -21000 - The 'ScanId' is invalid for this action. -21001 - Failed to set password. -21101 - The 'ReportProjectRoot' scan argument is not present in 'Arguments'. -21102 - Failed to download the file. The file size cannot exceed 2 GB. -21103 - The specified scan does not have any generated remediated source code. -21104 - The remediated source code is still being generated. -21105 - Failed to generate remediated source code. -21106 - An I/O error occurred. Try again later. -21107 - The specified scan does not have a generated report. -21108 - The report is still being generated. -21109 - Failed to generate report. -21110 - The specified framework is invalid for this type of foreign report. -21200 - The 'ApplicationId' is invalid for this action. -22001 - The specified data source does not exist or is not supported. -22002 - The query is not supported or invalid. -22003 - An error occurred while processing the query. -22101 - An error occurred while detecting frameworks. -23001 - An error occurred while starting autopilot. -23002 - Failed to detect the frameworks of the application. -1200001 - This method is only available after the scan has completely successfully. (ACTION_NOT_AVAILABLE) -1200002 - The scan has an analysis or importation that is in-progress or completed. (SCAN_ALREADY_EXECUTED) -1200011 - The specified scan id or ticks is invalid. (INVALID_INPUT_COMBINATION) -1200012 - This method is not available for the type of the scan. (INVALID_TYPE) 1200013 - No log is available for the specified scan. (LOG_FILE_NOT_EXIST) -1200014 - The specified threshold is invalid. (INVALID_THRESHOLD) -1300001 - This method is only available after the scan has completely successfully. (ACTION_NOT_AVAILABLE) -1400011 - An unspecified error occurred while extracting the archive file. (ARCHIVE_UNSPECIFIED_ERROR) -1400012 - The archive file is in an unsupported format. (ARCHIVE_NOT_SUPPORTED) -1400013 - An IO exception occurred while extracting the archive file. (ARCHIVE_IO_EXCEPTION) -1400014 - The archive file is corrupted. (ARCHIVE_INVALID_DATA) -1400015 - The path length of some entries in the archive exceeds the limit of the file system. (ARCHIVE_PATH_TOO_LONG) -1400017 - The scan configuration file is invalid. (ARCHIVE_INVALID_CONFIG_FILE) -1400121 - The action is not available. (ACTION_NOT_AVAILABLE) -1400122 - The uploaded report file is invalid. (INVALID_FOREIGN_REPORT) -1400131 - The repository connection string is invalid. (REPOSITORY_INVALID_CONNECTION_STRING) -1400132 - A connection error occurred when connecting to the repository. (REPOSITORY_CONNECTION_ERROR) -1400133 - An authentication or authorization error occurred when connecting to the repository. (REPOSITORY_AUTHENTICATION_ERROR) -1400139 - A generic error occurred when connecting to the repository. (REPOSITORY_GENERIC_ERROR) -1400151 - The uploaded rule package is invalid. (INVALID_RULE_PACK) -1400152 - Identification rules in the rule package are invalid. (INVALID_IDENTIFICATION_RULES) -1400153 - Identification source code rules in the rule package are invalid. (INVALID_IDENTIFICATION_SOURCE_CODE_RULES) -1400154 - Remediation rules in the rule packages are invalid. (INVALID_REMEDIATION_RULES) -1400155 - Suppression rules in the rule packages are invalid. (INVALID_SUPPRESSION_RULES) -1400156 - The rule package contains files with invalid names. (INVALID_FILE_NAME) -1400161 - The uploaded runtime is invalid. (INVALID_RUNTIME) -1400411 - The signature is invalid. (INVALID_SIGNATURE) -1700011 - The email already exists. (DUPLICATE_EMAIL) -1700012 - The email is invalid. (INVALID_EMAIL) -1700013 - The password is invalid. (INVALID_PASSWORD) -1700014 - The user does not exist in the Active Directory. (PROVIDER_ERROR) -1700021 - A generic error occurred. (GENERIC_ERROR) -1700031 - The user is invalid. (INVALID_USER) -3100001 - The specified scan arguments are invalid. (INVALID_SCAN_ARGUMENTS) -3100015 - The specified weakness policies are invalid. (INVALID_WEAKNESS_POLICIES) -3200001 - The query statement is invalid. (INVALID_QUERY_STATEMENT) -4100021 - Lucent Sky AVM Server setup program is missing. Contact your system administrator. (SETUP_NOT_FOUND) -4100031 - An unspecified error occurred during activation. Contact Lucent Sky support. (UNSPECIFIED_ACTIVATION_ERROR) -4100032 - The product key is not well-formed. (MALFORMED_PRODUCT_KEY) -4100033 - The license file is invalid. (INVALID_LICENSE_FILE) -4100034 - An error occurred while communicating with the activation server. Try again later or use offline activation. (ACTIVATION_SERVER_ERROR) -4100035 - The product key has expired or exceeded its activation limit. (EXPIRED_PRODUCT_KEY) -4100036 - The serial number in the license file does not match the serial number of this instance. (SERIAL_NUMBER_MISMATCH) -4100037 - An error occurred while setting up this instance as a node. (NODE_SETUP_ERROR) -4100038 - An error occurred while converting between editions. (CONVERSION_ERROR) -4100039 - An error occurred while initializing supplementary license store. (SUPPLEMENT_LICENSE_STORE_ERROR) 4100041 - No log is available for the specified date range. (LOG_FILE_NOT_EXIST) 4100042 - Restart CLEAR Engine to complete the maintenance. (RESTART_REQUIRED) -4100043 - There is one or more scans in progress. (SCAN_IN_PROGRESS) -9999960 - An I/O error occurred. (IO_ERROR) -9999970 - A data error occurred. (DATA_ERROR) -9999980 - A system error occurred. (SYSTEM_ERROR) -9999990 - An unexpected error occurred. (ERROR)", "keywords": "avm, reference, interface, cli" } , "/en/avm/admin-guides/cli-core": { "id": "247342", "url": "/en/avm/admin-guides/cli-core", "title": "Administration guide to Lucent Sky AVM CLI", "description": "", "date": "2026/02/10", "content" : "This article covers the installation, configuration, and uninstallation of Lucent Sky AVM CLI.This article is about the cross-platform CLI built with .NET, also referred to as CLI Core. For the corresponding article about the CLI built with .NET Framework, view the following article in the Lucent Sky Knowledge Base:Administration guide to Lucent Sky AVM CLIIn this article, you will learn how to: Install Lucent Sky AVM CLI Configure Lucent Sky AVM CLI Update Lucent Sky AVM CLI Uninstall Lucent Sky AVM CLIAt the end, you will be able to install, configure, and uninstall Lucent Sky AVM CLI.System RequirementsProcessor, memory, and hard disk space requirements: Processor: 1.6 GHz processor Memory: 1 GB Hard disk space: 200 MBLucent Sky AVM CLI can be installed on the following operating systems: Windows macOS LinuxLucent Sky AVM CLI is bundled with its own .NET Runtime.Install Lucent Sky AVM CLILucent Sky AVM CLI provides user and system level setups. The user level setup does not require Administrator or root privileges and installs the CLI to a directory under the user's home directory. The system level setup requires Administrator or root privileges and installs the CLI to a system directory so that it is available to all users in the system.Lucent Sky AVM CLI can also be installed to other locations.WindowsUser level setup Create the directory %LOCALAPPDATA%ProgramsCLEAR CLI if it does not already exist. Extract the content of the Lucent Sky AVM CLI setup file to %LOCALAPPDATA%ProgramsCLEAR CLI.System level setup Create the directory C:Program FilesLucent SkyCLEAR CLI if it does not already exist. Extract the content of the Lucent Sky AVM CLI setup file to C:Program FilesLucent SkyCLEAR CLI.macOSUser level setup Create the directory $HOME/Applications/CLEAR CLI if it does not already exist. Extract the content of the Lucent Sky AVM CLI setup file to $HOME/Applications/CLEAR CLI.System level setup Create the directory /Applications/CLEAR CLI if it does not already exist. Extract the content of the Lucent Sky AVM CLI setup file to /Applications/CLEAR CLI.LinuxUser level setup Create the directory $HOME/clear-cli if it does not already exist. Extract the content of the Lucent Sky AVM CLI setup file to $HOME/clear-cli.System level setup Create the directory /opt/clear-cli if it does not already exist. Extract the content of the Lucent Sky AVM CLI setup file to /opt/clear-cli.Configure Lucent Sky AVM CLIThe CLI needs to be configured to use a remote CLEAR Engine instance. This can be done either with the config interface or by editing the configuration file.Scriptable configuration Open PowerShell and enter the following command: # Replace <InstanceFqdn> with the FQDN or IP address of the CLEAR Engine instance $InstanceFqdn = "<InstanceFqdn>" ./SkyAnalyzer.Interface.Cli --Interface config --Method set --Value "endpoint = ${InstanceFqdn}:5759" Configuration file Navigate to the install directory of the CLI. Open appsettings.json with a text editor. Locate the Endpoint > Address property, and update its value to the address of the remote CLEAR Engine instance.In the default TCP endpoint configuration, the communication between CLEAR Engine and the CLI is not secure. To learn more about enabling Transport Layer Security for CLEAR Engine and the CLI, view the following article in the Lucent Sky Knowledge Base:Configure Transport Layer SecurityUpdate Lucent Sky AVM CLI To update Lucent Sky AVM CLI, uninstall the current version from the system, and install the new version.Uninstall Lucent Sky AVM CLI Delete the directory where Lucent Sky AVM CLI is installed.", "keywords": "avm, guide, administration, cli" } , "/en/avm/get-started/cli-core": { "id": "249789", "url": "/en/avm/get-started/cli-core", "title": "Get started with Lucent Sky AVM CLI", "description": "", "date": "2024/8/4", "content" : "Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.This article describes the basic features of the CLI, and guides you through the process of scanning an application using the CLI. To learn about other functionalities of the CLI, view the following article in the Lucent Sky Knowledge Base:Lucent Sky AVM CLI referenceThis article is about the cross-platform CLI built with .NET, also referred to as CLI Core. For the corresponding article about the CLI built with .NET Framework, view the following article in the Lucent Sky Knowledge Base:Get started with Lucent Sky AVM CLIIn this article, you will learn how to: Install and configure Lucent Sky CLI Create an API key Create a zip file containing the source code of an application. Scan an application Download the remediated source code Download the reportAt the end, you will be able to use the CLI to scan applications and generate remediated source code and reports.Prerequisites Bash, Command Prompt, or PowerShell - This article uses PowerShell in its examples, but the CLI can also be used with Bash and Command Prompt.Install and configure Lucent Sky AVM CLITo learn about how to install Lucent Sky AVM CLI, view the following article in the Lucent Sky Knowledge Base:Administration guide to Lucent Sky AVM CLICreate a zip file containing the source code of an application.To learn about creating the source code archive of an application, view the following article in the Lucent Sky Knowledge Base:Prepare an application scanningCreate an API key Go to the Web UI in your browser, and then sign in with your credentials. Go to Settings > Account, and select Create a new key. In the dialog, enter CLI as the description of the key, then select Create Key. Select and copy the generated API key.Configure the CLI Open PowerShell, and navigate to the directory where the CLI is installed. Enter the following command to set up the CLI to use a remote Lucent Sky AVM instance: # Replace <InstanceFqdn> with the FQDN or IP address of the Lucent Sky AVM instance $InstanceFqdn = "<InstanceFqdn>" ./SkyAnalyzer.Interface.Cli --Interface config --Method set --Value "endpoint = ${InstanceFqdn}:5759" Enter the following command to create an environment variable to store the API key for authentication: # Replace <ApiKey> with the API key $Env:CLEAR_API_KEY = "<ApiKey>" Scan an application Open PowerShell, and navigate to the directory where the CLI is installed. Enter the following command to create an application: $applicationId = New-Guid # Replace <ApplicationName> with a descriptive name of the application $applicationName = "<ApplicationName>" # Replace <Framework> with the framework of the application $framework = "<Framework>" ./SkyAnalyzer.Interface.Cli --Interface Application --Method Create --Name $applicationName --Framework $framework --ApplicationId $applicationId Enter the following command to create a scan: $scanId = New-Guid ./SkyAnalyzer.Interface.Cli --Interface Scan --Method Create --ApplicationId $applicationId --ScanId $scanId Enter the following command to upload the application source code and start the scan: # Replace <SourceCodePath> with path to the source code archive $sourceCodePath = "<SourceCodePath>" ./SkyAnalyzer.Interface.Cli --Interface Scan --Method Analyze --ScanId $scanId --SourceCodePath $sourceCodePath The command will exit when the scan is completed. To learn more about how to start a scan asynchronously, view the following article in the Lucent Sky Knowledge Base:Lucent Sky AVM CLI reference Download the remediated source code Enter the following command to generate and download the remediated source code: # Replace <RemediatedSourceCodePath> with path to save the remediated source code archive $remediatedSourceCodePath = "<RemediatedSourceCodePath>" ./SkyAnalyzer.Interface.Cli --Interface Scan --Method Remediate --ScanId $scanId --RemediatedSourceCodePath $remediatedSourceCodePath --RemediationOption 0 Download the report Enter the following command to generate and download a report in HTML format: # Replace <ReportPath> with path to save the remediated source code archive $reportPath = "<ReportPath>" ./SkyAnalyzer.Interface.Cli --Interface Scan --Method Report --ScanId $scanId --ReportPath $reportPath --ReportFormat html ", "keywords": "avm, getstarted, interface, cli" } , "/en/avm/reference/cli": { "id": "219913", "url": "/en/avm/reference/cli", "title": "Lucent Sky AVM CLI Reference", "description": "", "date": "2026/04/30", "content" : "This article provides reference materials about the features and functions of Lucent Sky AVM CLI.This article is about the CLI built with .NET Framework. For the corresponding article about the cross-platform CLI built with .NET, view the following article in the Lucent Sky Knowledge Base:Get started with Lucent Sky AVM CLILucent Sky AVM CLI has the following sets of features: Application, Autopilot, Config, Dependency, Group, Maintenance, Query, Result, Scan, Tools, and User. They are called interfaces. Each interface has several methods, while each method accepts one or more arguments. If a method is declared as internal, it is for use by other Lucent Sky AVM interfaces (such as IDE extensions). Using internal methods is unsupported.The names of interfaces, methods, and arguments are case-insensitive.In this article Application Autopilot Config Dependency Group Maintenance Query Result Scan Tools UserApplicationThe Application interface has the following methods: Create, Delete, GetEncodedList, GetList, GetRulePackages, and GetRuleRuntime.CreateCreate a new application..SkyAnalyzer.Interface.Console.exe --Interface Application --Method Create [--Key] --ApplicationId --Name --Framework [--Tags] [--WeaknessPolicies] [--Vectors] [--AnalysisTarget] [--Repository] [--Arguments] [--RulePackageId] [--RuntimeId]This method requires membership of the built-in Users group.To learn about using a custom rule package, view the following article in the Lucent Sky Knowledge Base:Scan an application using a custom rule packageTo learn about using a specific runtime, view the following article in the Lucent Sky Knowledge Base:Scan an application with a specific runtimeExamplesCreate a DotNet application named ContosoWeb.$applicationId = New-Guid.SkyAnalyzer.Interface.Console.exe --Interface Application --Method Create --ApplicationId $applicationId --Name "ContosoWeb" --Framework "DotNet"Create a DotNet application named ContosoWeb, with tags prod and bay. Weakness policies are CWE79,0 and CWE501,2 Database and WebRequest are the vectors considered potentially dangerous. The relative path to the analysis target is ContosoWebContosoWeb.csproj, big5 is set as the native encoding, while using the specified custom rule package and custom runtime.$applicationId = New-Guid.SkyAnalyzer.Interface.Console.exe --Interface Application --Method Create --ApplicationId $applicationId --Name "ContosoWeb" --Framework "DotNet" --Tags "prod;bay" --WeaknessPolicies "CWE79,0;CWE501,2" --Vectors "Database,WebRequest" --AnalysisTarget "ContosoWebContosoWeb.csproj" --Arguments "encoding,big5" --RulePackageid $rulePackId --RuntimeId $runtimeIdRequired arguments --Name The name of the application to be created. --Framework The framework of the application. Valid frameworks are DotNet, Android, ASP, Cpp, Go, iOS, Java, Lua, PHP, Python, Ruby, Rust, StaticWeb, Universal, and VisualBasic. Optional arguments --Key The API key. --ApplicationId A GUID to identify the application. If this argument is not present, it will be generated automatically. --Tags The tags of the application to be created. Each tag should be separated by a semicolon. --WeaknessPolicies The weakness policies, separated by semicolons. For example, CWE79,0;CWE501,2. If this argument is not present, the system default value will be used. --Vectors The types of vectors considered potentially dangerous, separated by commas. For example, Database,WebRequest. If this argument is not present, the system default value will be used. --AnalysisTarget The relative path to the analysis target within the source code archive or directory. --Repository The repository connection string to pull the source code. --Arguments The default scan arguments of the application. --RulePackageId The GUID of the rule package to be set as the default rule package of the application. If this argument is not present, the system default value will be used. --RuntimeId The GUID of the runtime to be set as the default runtime of the application. If this argument is not present, the system default value will be used. DeleteDelete an application..SkyAnalyzer.Interface.Console.exe --Interface Application --Method Delete [--Key] --ApplicationIdThis method requires the Owner role of the application, or Write permission to the Application API interface.ExamplesDelete the specified application..SkyAnalyzer.Interface.Console.exe --Interface Application --Method Delete --ApplicationId 'AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA'Required arguments --ApplicationId The GUID of the specified application. Optional arguments --Key The API key. GetEncodedListInternal: Return a list of all applications.GetListReturn a list of all applications..SkyAnalyzer.Interface.Console.exe --Interface Application --Method GetList [--Key] [--Filter]This method requires the Member or Owner role to the applications, or the Execute and Read permissions to the Application API interface.ExamplesGet a list of all applications..SkyAnalyzer.Interface.Console.exe --Interface Application --Method GetListOptional arguments --Key The API key. --Filter The filter used to list applications. Valid filters are all and my. GetRulePackagesInternal: Return a list of rule packages.GetRuntimesInternal: Return a list of runtimes.AutopilotThe Autopilot interface has the following method: Start.StartStart an autopilot run with the specified source code archive or directory..SkyAnalyzer.Interface.Console.exe --Interface Autopilot --Method Start [--Key] [--Name] [--Tags] [--WeaknessPolicies] [--Vectors] [--Arguments] [--RulePackageId] --SourceCodePathThis method requires membership of the built-in Users group.ExamplesIdentify the application frameworks in the specified source code archive, create corresponding applications (with ContosoWeb as the name and the application framework as the tag), automatically generate a new autopilot identifier, and start scanning..SkyAnalyzer.Interface.Console.exe --Interface Autopilot --Method Start --Name "ContosoWeb" --SourceCodePath "C:Source.zip"Identify the application frameworks in the specified source code archive, use existing applications with the autopilot identifier AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA, and start scanning..SkyAnalyzer.Interface.Console.exe --Interface Autopilot --Method Start --Tag "autopilot-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" --SourceCodePath "C:Source.zip"Required arguments --SourceCodePath The path to the source code archive or directory to be analyzed. For source code archives, the path must have one of the following extensions: .7z or .zip. Optional arguments --Key The API key. --Name The name of the application(s) to be created. This argument is required if an existing autopilot identifier is not specified in the --Tags argument; otherwise, this argument is ignored. --Tags The tags of the application to be created. Each tag should be separated by a semicolon. If no autopilot identifier is specified in this argument, one will be automatically generated. If an existing autopilot identifier is specified in this argument, all other tags are ignored. --WeaknessPolicies The weakness policies, separated by semicolons. For example, CWE79,0;CWE501,2. If this argument is not present, the system default value will be used. This argument is ignored if an existing autopilot identifier is specified in the --Tags argument. --Vectors The types of vectors considered potentially dangerous, separated by commas. For example, Database,WebRequest. If this argument is not present, the system default value will be used. This argument is ignored if an existing autopilot identifier is specified in the --Tags argument. --Arguments The default scan arguments of the application. Arguments not applicable to the identified framework(s) are ignored. This argument is ignored if an existing autopilot identifier is specified in the --Tags argument. --RulePackageId The GUID of the rule package to be set as the default rule package of the application. If this argument is not present, the system default value will be used. This argument is ignored if an existing autopilot identifier is specified in the --Tags argument. ConfigThe Config interface has the following method: Set.SetSet a configuration option..SkyAnalyzer.Interface.Console.exe --Interface Config --Method Set --ValueThis method does not require authentication.ExamplesConfigure the CLI to communicate with a remote Lucent Sky AVM instance.# Replace <InstanceFqdn> with the FQDN or IP address of the CLEAR Engine instance$InstanceFqdn = "<InstanceFqdn>".SkyAnalyzer.Interface.Console.exe --Interface Config --Method Set --Value "endpoint = ${InstanceFqdn}:5759"Configure the CLI to use named pipe endpoints to communicate with a CLEAR Engine instance:.SkyAnalyzer.Interface.Console.exe --Interface Config --Method Set --Value "endpoint = namedpipe"Required arguments --Value The key and value to configure, in the format of key = value. Valid key is endpoint. DependencyThe Dependency interface has the following method: GetEncodedList, GetList, GetEncodedProjectList, and GetProjectList.GetEncodedListInternal: Return a list of all dependencies.GetListReturn a list of all dependencies..SkyAnalyzer.Interface.Console.exe --Interface Dependency --Method GetList [--Key]This method requires the Member or Owner role to the applications, or the Execute and Read permissions to the Application API interface.ExamplesGet a list of all dependencies..SkyAnalyzer.Interface.Console.exe --Interface Dependency --Method GetListOptional arguments --Key The API key. GetEncodedProjectListInternal: Return a list of all dependencies.GetProjectListReturn a list of applications of which the most recent scan includes the specified dependency..SkyAnalyzer.Interface.Console.exe --Interface Dependency --Method GetProjectList --QueryStatement [--Key]This method requires the Member or Owner role to the applications, or the Execute and Read permissions to the Application API interface.ExamplesGet a list of applications that have the jquery dependency with version number lower than 1.4.2.1 in their most recent scan...SkyAnalyzer.Interface.Console.exe --Interface Dependency --Method GetProjectList --QueryStatement "Name = 'jquery' AND Version < '1.4.2.1'"Required arguments --QueryStatement The query statement to execute. Optional arguments --Key The API key. GroupThe Group interface has the following methods: Create, Delete, Edit, GetEncodedList, and GetList.CreateCreate a new group..SkyAnalyzer.Interface.Console.exe --Interface Group --Method Create [--Key] --NameThis method requires Full Control of the Group API interface.ExamplesCreate a group named Auditors..SkyAnalyzer.Interface.Console.exe --Interface Group --Method Create --Name "Auditors"Required arguments --Name The name of the group. Optional arguments --Key The API key. DeleteDelete a group..SkyAnalyzer.Interface.Console.exe --Interface Group --Method Delete [--Key] --GroupIdThis method requires Full Control of the Group API interface.ExamplesDelete the specified group..SkyAnalyzer.Interface.Console.exe --Interface Group --Method Delete --GroupId "0A0A0A0A-0A0A-00AA-0A00-0A0A0A0A00A0"Required arguments GroupId The GUID of the group. Optional arguments --Key The API key. EditEdit a group..SkyAnalyzer.Interface.Console.exe --Interface Group --Method Edit [--Key] --GroupId --Name --Members --PermissionsThis method requires Full Control of the Group API interface.ExamplesUpdate the specified group to have read permission for the Application and related API interfaces..SkyAnalyzer.Interface.Console.exe --Interface Group --Method Edit --GroupId "0A0A0A0A-0A0A-00AA-0A00-0A0A0A0A00A0" --Permissions "Application,4"Update the specified group to have users 01010101-0101-0011-0100-010101010010 and 02020202-0202-0022-0200-020202020020 as its members..SkyAnalyzer.Interface.Console.exe --Interface Group --Method Edit --GroupId "0A0A0A0A-0A0A-00AA-0A00-0A0A0A0A00A0" --Members "01010101-0101-0011-0100-010101010010,02020202-0202-0022-0200-020202020020"Required arguments GroupId The GUID of the group. Optional arguments --Key The API key. --Name The name of the group. If this argument is not present or is empty, the group's name will not be modified. --Members The GUID of the member users of the group, separated by commas. If this argument is not present, the group's members will not be modified. If this argument is empty, all members will be removed from the group. --Permissions The API permissions the group's members have access to, with the interface and permission separated by a comma and permission entries separated by semicolons. Valid interfaces are Project, Settings, and User. Permission is a bit field (a set of flags). 0 represents no permission, 1 represents execute or list permission, 2 represents write permission, and 4 represents read permission. For example, Project,7;Settings,4 gives full control (execute, write, and read permissions) to the Project and related API interfaces, read permission to the Settings and related API interfaces, and no permission to other interfaces. If this argument is not present, the group's permissions will not be modified. If this argument is empty, all permissions will be removed from the group. GetEncodedListInternal: Return a list of all groups.GetListReturn a list of all groups..SkyAnalyzer.Interface.Console.exe --Interface Group --Method GetList [--Key]This method requires authentication and does not require specific permission.ExamplesGet a list of all groups..SkyAnalyzer.Interface.Console.exe --Interface Group --Method GetListOptional arguments --Key The API key. MaintenanceThe Maintenance interface has the following methods: DownloadApl, DownloadLogs, GetLicense, and GetSystemStatus.DownloadAplDownload the APL files of the specified framework..SkyAnalyzer.Interface.Console.exe --Interface Maintenance --Method DownloadApl [--Key] --Framework --AplPathThis method requires authentication and does not require specific permission.ExamplesDownload the APL files for DotNet to C:APL-DotNet.zip..SkyAnalyzer.Interface.Console.exe --Interface Maintenance --Method DownloadApl --Framework "DotNet" --AplPath "C:APL-DotNet.zip"Required arguments --Framework The framework of the APL binaries. Valid frameworks are DotNet, Android, ASP, Cpp, Go, iOS, Java, Lua, PHP, Python, Ruby, Rust, StaticWeb, Universal, and VisualBasic. --AplPath The path to save the APL binaries. The path must have the extension .zip. Optional arguments --Key The API key. DownloadLogsDownload the system logs of the specified date..SkyAnalyzer.Interface.Console.exe --Interface Maintenance --Method DownloadLogs [--Key] --LogsDate --LogsPathThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesDownload the system logs on 2020/4/1 to C:System-Logs-20200401.zip..SkyAnalyzer.Interface.Console.exe --Interface Maintenance --Method DownloadLogs --LogsDate "2020/4/1" --LogsPath "C:System-Logs-20200401.zip"Required arguments --LogsDate The date, in system time, of the system logs to download. --LogsPath The path to save the log files. The path must have the extension .zip. Optional arguments --Key The API key. GetLicenseReturn the license information of the CLEAR Engine instance..SkyAnalyzer.Interface.Console.exe --Interface Maintenance --Method GetLicense [--Key]This method requires authentication and does not require specific permission.ExamplesGet the license information of the CLEAR Engine instance..SkyAnalyzer.Interface.Console.exe --Interface Maintenance --Method GetLicenseOptional arguments --Key The API key. GetSystemStatusReturn the system status of the CLEAR Engine instance..SkyAnalyzer.Interface.Console.exe --Interface Maintenance --Method GetSystemStatus [--Key]This method requires authentication and does not require specific permission. Getting performance counters requires membership of the built-in Users group.ExamplesGet the system status of the CLEAR Engine instance..SkyAnalyzer.Interface.Console.exe --Interface Maintenance --Method GetSystemStatusOptional arguments --Key The API key. QueryThe Query interface has the following method: Execute.ExecuteExecute the specified query against the data source..SkyAnalyzer.Interface.Console.exe --Interface Query --Method Execute [--Key] --QueryDataSource --QueryStatementThis method does not require authentication when querying against a local data source and requires Execute and Read permissions of the Query API interface when querying against a CLEAR Engine instance.ExamplesQuery the number of results in an XML report with a 1 or 2 priority..SkyAnalyzer.Interface.Console.exe --Interface Query --Method Execute --QueryDataSource "C:Report.xml" --QueryStatement "SELECT COUNT(ID) FROM Results WHERE PRIORITY <= 2"Query the application ID of applications that have the jquery dependency with version number lower than 1.4.2.1 in their most recent scan..SkyAnalyzer.Interface.Console.exe --Interface Query --Method Execute --QueryDataSource "Engine" --QueryStatement "SELECT ApplicationId FROM Dependencies WHERE Name = 'jquery' AND Version < '1.4.2.1'"Required arguments --QueryDataSource The path to the data source. Valid values are Engine or the path to an XML report. --QueryStatement The query statement to execute. Optional arguments --Key The API key. ResultThe Result interface has the following methods: Hide and Unhide.HideHide a result..SkyAnalyzer.Interface.Console.exe --Interface Result --Method Hide [--Key] --ResultIdThis method requires the Owner role of the application or the scan, or Write permission to the Result API interfaces.ExamplesHide the specified result..SkyAnalyzer.Interface.Console.exe --Interface Result --Method Hide --ResultId "01010010-0101-0010-0101-001001010010"Required arguments --ResultId The GUID of the specified result. Optional arguments --Key The API key. UnhideUnhide a result..SkyAnalyzer.Interface.Console.exe --Interface Result --Method Unhide [--Key] --ResultIdThis method requires the Owner role of the application or the scan, or Write permission to the Result API interfaces.ExamplesUnhide the specified result..SkyAnalyzer.Interface.Console.exe --Interface Result --Method Unhide --ResultId "01010010-0101-0010-0101-001001010010"Required arguments --ResultId The GUID of the specified result. Optional arguments --Key The API key. ScanThe Scan interface has the following methods: Analyze, Archive, BeginAnalyze, BeginImport, BeginRemediate, BeginReport, Create, Delete, DownloadLogs, EndRemediate, EndReport, GetRemediateStatus, GetReportStatus, GetResult, GetStage, GetStatus, Import, Purge, Remediate, and Report.AnalyzeUpload the source code and start the scan. This is a synchronous method and will not return until the scan is completed..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Analyze [--Key] --ScanId --SourceCodePathThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface. It also requires membership of the built-in Users group.To learn more about creating the source code archive of an application, view the following article in the Lucent Sky Knowledge Base:Prepare an application for scanningExamplesUpload the source code archive at C:Source.zip to the specified scan and start the scan..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Analyze --ScanId "55555555-5555-5555-5555-555555555555" --SourceCodePath "C:Source.zip"Pull source code using the repository connecting string to the specified scan and start the scan..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Analyze --ScanId "55555555-5555-5555-5555-555555555555" --SourceCodePath ".repository"Required arguments --ScanId The GUID of the specified scan. --SourceCodePath The path to the source code archive or directory to be analyzed. For source code archives, the path must have one of the following extensions: .7z, .jar, .war, or .zip. To pull source code using the repository connection string of the application or scan, set the path to .repository. Optional arguments --Key The API key. ArchiveArchive scans created before a specified date and time..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Archive [--Key] --PurgeThresholdThis method requires Execute and Read permissions to the Scan API interface.ExamplesArchive scans created before June 15, 2019 1:45:30 PM (UTC)..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Archive --PurgeThreshold "2019-06-15T13:45:30"Required arguments --PurgeThreshold The date and time threshold, in UTC, to purge or archive scans. The threshold must be at least 168 hours earlier than the current time. Scans started before the threshold will be deleted, unless they are in progress or in queue. Applications with no scan after the purge will also be deleted, unless the CascadePurge argument is set to False. The date and time format must conform with .NET Standard Date and Time Format Strings, such as 2009-06-15T13:45:30. Optional arguments --Key The API key. --CascadePurge True (default) will delete applications with no scan after the purge and False will keep applications with no scan after the purge. BeginAnalyzeUpload the source code then start the scan. This is an asynchronous method and will return when the scan starts..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method BeginAnalyze [--Key] --ScanId --SourceCodePathThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface. It also requires membership of the built-in Users group.ExamplesUpload the source code archive at C:Source.zip to the specified scan and start the scan..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method BeginAnalyze --ScanId "55555555-5555-5555-5555-555555555555" --SourceCodePath "C:Source.zip"Pull source code using the repository connection string to the specified scan and start the scan..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method BeginAnalyze --ScanId "55555555-5555-5555-5555-555555555555" --SourceCodePath ".repository"Required arguments --ScanId The GUID of the specified scan. --SourceCodePath The path to the source code archive or directory to be analyzed. For source code archives, the path must have one of the following extensions: .7z, .jar, .war, or .zip. To pull source code using the repository connection string of the application or scan, set the path to .repository. Optional arguments --Key The API key. BeginImportUpload the source code and foreign report file then start the scan. This is an asynchronous method and will return when the scan starts..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method BeginImport [--Key] --ScanId --ForeignReportPath --SourceCodePathThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface. It also requires membership of the built-in Users group.ExamplesUpload the foreign report file at C:Report.xml and the source code archive at C:Source.zip to the specified scan and start the scan..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method BeginImport --ScanId "55555555-5555-5555-5555-555555555555" --ForeignReportPath "C:Report.xml" --SourceCodePath "C:Source.zip"Required arguments --ScanId The GUID of the specified scan. --ForeignReportPath The path to the foreign report file to be imported. The path must have one of the following extensions: .fpr, .txt, or .xml. --SourceCodePath The path to the source code archive or directory to be analyzed. For source code archives, the path must have one of the following extensions: .7z, .jar, .war, or .zip. Optional arguments --Key The API key. BeginRemediateGenerate remediated source code of a completed scan. This is an asynchronous method and will return a tick representing this specific remediated source code archive when generation starts.$ticks = .SkyAnalyzer.Interface.Console.exe --Interface Scan --Method BeginRemediate [--Key] --ScanId --RemediationOptionThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesStart to generate the remediated source code archive of the specified scan, including remediation information and original source code in the remediated source code. A tick representing the remediated source code archive will be saved to the ticks variable.$ticks = .SkyAnalyzer.Interface.Console.exe --Interface Scan --Method BeginRemediate --ScanId "55555555-5555-5555-5555-555555555555" --RemediationOption 3Required arguments --ScanId The GUID of the specified scan. Optional arguments --Key The API key. --RemediationOption Use this argument to control how the remediated source code is generated. This argument is a bit field (a set of flags). 1 indicates that remediation information should be included as comments, 2 indicates that the original source code should be included as comments, 4 indicates that a diff file should be generated, and 8 indicates that only modified files should be included. For example, when RemediationOption is set to 5, the remediated source code will include remediation information as comments and include the diff file. If this argument is not present, 0 will be used (does not include any of the above). BeginReportGenerate the report of a completed scan. This is an asynchronous method and will return a tick representing this specific report when generation starts.$ticks = .SkyAnalyzer.Interface.Console.exe --Interface Scan --Method BeginReport [--Key] --ScanId --ReportFormat [--ReportLanguage]This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesStart to generate the report in xml format of the specified scan. A tick representing the report will be saved to the ticks variable.$ticks = .SkyAnalyzer.Interface.Console.exe --Interface Scan --Method BeginReport --ScanId "55555555-5555-5555-5555-555555555555" --ReportFormat "xml"Required arguments --ScanId The GUID of the specified scan. If this argument is not present, it will be generated automatically. --ReportFormat The format, style, and verbosity of the report. Valid values for format are html, pdf, and xml. Valid values for style are audit, dark, and quick if the format is html, and audit, quality if the format is pdf. Valid values for verbosity are detailedverbosity and minimalverbosity if the format is html or pdf. Optional arguments --Key The API key. --ReportLanguage The language of the report. Valid values are en (default), de, ja, and zh. CreateCreate a new scan..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Create [--Key] --ApplicationId --ScanId [--Tags] [--WeaknessPolicies] [--Vectors] [--AnalysisTarget] [--Repository] [--Arguments] [--Type] [--SkipValidation]This method requires the Member or Owner role of the application, or Read permission of the Application API interface. It also requires membership of the built-in Users group.ExamplesCreate a scan under the specified application.$scanId = New-Guid.SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Create --ApplicationId "A4A4A4A4-A4A4-A4A4-A4A4-A4A4A4A4A4A4" --ScanId $scanIdCreate a scan under the specified application using intelligent analysis, with tags prod and bay. Weakness policies are CWE79,0 and CWE501,2 Database and WebRequest are the vectors considered potentially dangerous. The relative path to the analysis target is ContosoWebContosoWeb.csproj, and scan arguments encoding,big5.$scanId = New-Guid.SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Create --ApplicationId "A4A4A4A4-A4A4-A4A4-A4A4-A4A4A4A4A4A4" --ScanId "55555555-5555-5555-5555-555555555555" --Tags "prod;bay" --WeaknessPolicies "CWE79,0;CWE501,2" --Vectors "Database" --AnalysisTarget "ContosoWebContosoWeb.csproj" --Arguments "encoding,big5"Create a scan under the specified application using intelligent analysis, and override the application's weakness policies with default weakness policies. The WeaknessPolicies argument is set to a space character to ensure it is parsed correctly as empty instead of null.$scanId = New-Guid.SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Create --ApplicationId "A4A4A4A4-A4A4-A4A4-A4A4-A4A4A4A4A4A4" --ScanId "55555555-5555-5555-5555-555555555555" --WeaknessPolicies " "Required arguments --ScanId A GUID to identify the scan. If this argument is not present, it will be generated automatically. --ApplicationId The GUID of the application this scan belongs to. Optional arguments --Key The API key. --Tags The tags of the scan to be created. Each tag should be separated by a semicolon. --WeaknessPolicies The weakness policies, separated by semicolons. For example, CWE79,0;CWE501,2. If this argument is not present, the value from application will be used. If this argument is empty or contains only spaces, default weakness policies will be used. --Vectors The types of vectors considered potentially dangerous, separated by commas. For example, Database,WebRequest. If this argument is not present, the value from application will be used. If this argument is empty or contains only spaces, default vectors will be used. --AnalysisTarget The relative path to the analysis target, such as a project file or a binary file, within the source code archive or directory. If this argument is not present, the value from application will be used. If this argument is empty or contains only spaces, analysis target will be detected automatically. --Repository The repository connection string to pull the source code. --Arguments The scan arguments for this scan. If this argument is not present, the value from application will be used. If this argument is empty or contains only spaces, no scan argument will be set. --Type The scan analysis type. 0 is built-in static analysis (default) and 1 is foreign analysis importation. --SkipValidation False (default) will perform rule package integrity check and True will skip rule package integrity check. DeleteDelete a scan..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Delete [--Key] --ScanIdThis method requires the Owner role of the application or the scan, or Write permission of the Scan API interface.ExamplesDelete the specified scan..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Delete --ScanId $scanIdRequired arguments --ScanId The GUID of the specified scan. Optional arguments --Key The API key. DownloadLogsDownload log files associated with a scan..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method DownloadLogs [--Key] --ScanId --LogsPathThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesDownload the log files of the specified scan to C:Logs.zip..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method DownloadLogs --ScanId "55555555-5555-5555-5555-555555555555" --LogsPath "C:Logs.zip"Required arguments --ScanId The GUID of the specified scan. --LogsPath The path to save the log files. The path must have the extension .zip. Optional arguments --Key The API key. EndRemediateDownload the specified remediated source code of a completed scan, or the last remediated source code archive of a completed scan if none was specified..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method EndRemediate [--Key] --ScanId --RemediatedSourceCodePath [--Ticks]This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesDownload the remediated source code archive of the specified scan that is associated with the specified ticks to C:RemediatedSource.zip..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method EndRemediate --ScanId "55555555-5555-5555-5555-555555555555" --RemediatedSourceCodePath "C:RemediatedSource.zip" --Ticks "637449696000000000"Required arguments --ScanId The GUID of the specified scan. --RemediatedSourceCodePath The path to save the remediated source code. The path must have the extension .zip. Optional arguments --Key The API key. --Ticks The ticks associated with a remediated source code archive. If this argument is not present, the last remediated source code archive will be downloaded. EndReportDownload the specified report of a completed scan, or the last report of a completed scan if none was specified..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method EndReport [--Key] --ScanId --ReportPath --ReportFormat [--ReportLanguage] [--Ticks]This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesDownload the xml report of the specified scan that is associated with the specified ticks to C:Report.zip:.SkyAnalyzer.Interface.Console.exe --Interface Scan --Method EndReport --ScanId "55555555-5555-5555-5555-555555555555" --ReportPath "C:Report.zip" --ReportFormat "xml" --Ticks "637449696000000000"Required arguments --ScanId The GUID of the specified scan. --ReportFormat The format, style, and verbosity of the report. Valid values for format are html, pdf, and xml. Valid values for style are audit, dark, and quick if the format is html, and audit, quality if the format is pdf. Valid values for verbosity are detailedverbosity and minimalverbosity if the format is html or pdf. --ReportPath The path to save the report. The path must have the extension .zip. Optional arguments --Key The API key. --ReportLanguage The language of the report. Valid languages are en (default) and zh. --Ticks The ticks associated with a specific report. If this argument is not present, the last report of the specified or default language will be download. GetRemediateStatusReturn the status of remediated source code generation. 0 if the generation is ongoing, 1 if the generation has completed, and 2 if the generation has failed..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method GetRemediateStatus [--Key] --ScanId --TicksThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesGet the status of the remediated source code archive of the specified scan that is associated with the specified ticks:.SkyAnalyzer.Interface.Console.exe --Interface Scan --Method GetRemediateStatus --ScanId "55555555-5555-5555-5555-555555555555" --Ticks "637449696000000000"Required arguments --ScanId The GUID of the specified scan. --Ticks The ticks associated with a specific remediated source code archive. Optional arguments --Key The API key. GetReportStatusReturn the status of report generation. 0 if the generation is ongoing, 1 if the generation has completed, 2 if the generation has failed..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method GetReportStatus [--Key] --ScanId --Ticks --ReportFormatThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesGet the status of the xml report of the specified scan that is associated with the specified ticks..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method GetReportStatus --ScanId "55555555-5555-5555-5555-555555555555" --Ticks "637449696000000000" --ReportFormat "xml"Required arguments --ScanId The GUID of the specified scan. --ReportFormat The format, style, and verbosity of the report. Valid values for format are html, pdf, and xml. Valid values for style are audit, dark, and quick if the format is html, and audit, quality if the format is pdf. Valid values for verbosity are detailedverbosity and minimalverbosity if the format is html or pdf. --Ticks The ticks associated with a specific report. Optional arguments --Key The API key. GetResultReturn the result code of a completed scan. If the scan completed successfully, 0 is returned regardless if the scan has warnings; if the scan failed, the actual result code is returned..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method GetResult [--Key] --ScanIdThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesGet the result code of the specified scan..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method GetResult --ScanId $scanIdRequired arguments --ScanId The GUID of the specified scan. Optional arguments --Key The API key. GetStageInternal: Return the stage and progress of an ongoing scan.GetStatusReturn the status of a scan. True if the scan has completed (even if the scan has failed) and False if the scan is ongoing..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method GetStatus [--Key] --ScanIdThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesGet the status of the specified scan..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method GetStatus --ScanId $scanIdRequired arguments --ScanId The GUID of the specified scan. Optional arguments --Key The API key. ImportUpload the source code and foreign report file and start the scan. This is a synchronous method and will not return until the scan is completed..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Import [--Key] --ScanId --ForeignReportPath --SourceCodePathThis method requires the Member or Owner role of the application, or Read permission of the Scan API interface. It also requires membership of the built-in Users group.ExamplesUpload the foreign report file at C:Report.xml and the source code archive at C:Source.zip to the specified scan and start the scan..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Import --ScanId "55555555-5555-5555-5555-555555555555" --ForeignReportPath "C:Report.xml" --SourceCodePath "C:Source.zip"Required arguments --ScanId The GUID of the specified scan. --ForeignReportPath The path to the foreign report file to be imported. The path must have one of the following extensions: .fpr, .txt, or .xml. --SourceCodePath The path to the source code archive or directory to be analyzed. For source code archives, the path must have one of the following extensions: .7z, .jar, .war, or .zip. Optional arguments --Key The API key. PurgeDelete scans created before a specified date and time..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Purge [--Key] --PurgeThreshold [--CascadePurge]This method requires Execute and Read permissions to the Scan API interface.ExamplesPurge scans created before June 15, 2019 1:45:30 PM (UTC)..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Purge --PurgeThreshold "2019-06-15T13:45:30"Required arguments --PurgeThreshold The date and time threshold, in UTC, to purge or archive scans. The threshold must be at least 168 hours earlier than the current time. Scans started before the threshold will be deleted, unless they are in progress or in queue. Applications with no scan after the purge will also be deleted, unless the CascadePurge argument is set to False. The date and time format must conform with .NET Standard Date and Time Format Strings, such as 2009-06-15T13:45:30. Optional arguments --Key The API key. --CascadePurge True (default) will delete applications with no scan after the purge and False will keep applications with no scan after the purge. RemediateGenerate remediated source code of a completed scan and download it when generation is completed. This is a synchronous method and will not return until the generation is completed.$ticks = .SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Remediate [--Key] --ScanId --RemediatedSourceCodePath [--RemediationOption]This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesGenerate the remediated source code archive of the specified scan, including remediation information and original source code in the remediated source code, and download it to C:RemediatedSource.zip.$ticks = .SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Remediate --ScanId "55555555-5555-5555-5555-555555555555" --RemediationOption 3 --RemediatedSourceCodePath "C:RemediatedSource.zip"Required arguments --ScanId The GUID of the specified scan. --RemediatedSourceCodePath The path to save the remediated source code. The path must have the extension .zip . Optional arguments --Key The API key. --RemediationOption Use this argument to control how the remediated source code is generated. This argument is a bit field (a set of flags). 1 indicates that remediation information should be included as comments, 2 indicates that the original source code should be included as comments, 4 indicates that a diff file should be generated, and 8 indicates that only modified files should be included. For example, when RemediationOption is set to 5, the remediated source code will include remediation information as comments and include the diff file. If this argument is not present, 0 will be used (does not include any of the above). ReportGenerate the report of a completed scan and download it when generation is completed. This is a synchronous method and will not return until the generation is completed..SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Report --ScanId --ReportFormat --ReportPath [--ReportLanguage]This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.ExamplesGenerate the report in html format of the specified scan and download it to C:Report.zip:.SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Report --ScanId "55555555-5555-5555-5555-555555555555" --ReportFormat "html" --ReportPath "C:Report.zip"Required arguments --ScanId The GUID of the specified scan. --ReportFormat The format, style, and verbosity of the report. Valid values for format are html, pdf, and xml. Valid values for style are audit, dark, and quick if the format is html, and audit, quality if the format is pdf. Valid values for verbosity are detailedverbosity and minimalverbosity if the format is html or pdf. --ReportPath The path to save the report. The path must have the extension .zip. Optional arguments --Key The API key. --ReportLanguage The language of the report. Valid languages are en (default) and zh. ToolsThe Tools interface has the following methods: Base64Encode and DetectFrameworks.Base64EncodeGenerate the base64-encoded value of a user object..SkyAnalyzer.Interface.Console.exe --Interface Tools --Method Base64Encode --ValueThis method does not require authentication.ExamplesGenerate the base64-encoded string of a user object of the built-in account eve@contoso.com with the password password and save it to the variable $userObject.$userObject = .SkyAnalyzer.Interface.Console.exe --Interface Tools --Method Base64Encode --Value "eve@contoso.com password Sql"Required arguments --Value The format is Email Password AccountType. Use Sql as AccountType for built-in accounts; ActiveDirectory for organizational accounts. DetectFrameworksInternal: Detect the application frameworks of the specified directory.UserThe Users interface has the following methods: Authenticate, Create, Delete, Edit, GetEncodedList, GetList, Migrate, and SetPassword.AuthenticateInternal: Validate if the user credentials are valid.CreateCreate a new user..SkyAnalyzer.Interface.Console.exe --Interface User --Method Create [--Key] --Email --Provider [--Password]This method requires Write permission to the User API interface.ExamplesCreate a new local user carol@contoso.com with password password..SkyAnalyzer.Interface.Console.exe --Interface User --Method Create --Provider "Sql" --Email "carol@contoso.com" --Password "password"Create a new organizational user carol@contoso.com..SkyAnalyzer.Interface.Console.exe --Interface User --Method Create --Provider "ActiveDirectory" --Email "carol@contoso.com"Required arguments --Email The email of the user. --Provider The membership provider of the user. Valid providers are ActiveDirectory and Sql. Optional arguments --Key The API key. --Password The password of the user. This argument is required when using the SQL membership provider and is ignored when using the Active Directory membership provider. DeleteDelete a user..SkyAnalyzer.Interface.Console.exe --Interface User --Method Delete [--Key] --UserIdThis method requires Write permission to the User API interface.ExamplesDelete the specified user..SkyAnalyzer.Interface.Console.exe --Interface User --Method Delete --UserId "01010101-0101-0011-0100-010101010010"Required arguments --UserId GUID of the specified user. Optional arguments --Key The API key. EditEdit a user..SkyAnalyzer.Interface.Console.exe --Interface User --Method Edit --UserId --GroupsThis method requires Write and Read permissions to the User API interface.ExamplesUpdate the specified user to have membership of groups 0A0A0A0A-0A0A-00AA-0A00-0A0A0A0A00A0 and 0B0B0B0B-0B0B-00BB-0B00-0B0B0B0B00B0..SkyAnalyzer.Interface.Console.exe --Interface User --Method Edit --UserId "01010101-0101-0011-0100-010101010010" --Groups "0A0A0A0A-0A0A-00AA-0A00-0A0A0A0A00A0,0B0B0B0B-0B0B-00BB-0B00-0B0B0B0B00B0"Required arguments --UserId GUID of the specified user. Optional arguments --Key The API key. GetEncodedListInternal: Return a list of all users.GetListReturn a list of all users..SkyAnalyzer.Interface.Console.exe --Interface User --Method GetList [--Key]This method requires authentication and does not require specific permission.ExamplesGet a list of all users..SkyAnalyzer.Interface.Console.exe --Interface User --Method GetListOptional arguments --Key The API key. MigrateMigrate the data of one user to another user..SkyAnalyzer.Interface.Console.exe --Interface User --Method Migrate [--Key] --UserId --ValueThis method requires Write and Read permissions to the User API interface.ExamplesMigrate the data of user 01010101-0101-0011-0100-010101010010 to destination user 02020202-0202-0022-0200-020202020020..SkyAnalyzer.Interface.Console.exe --Interface User --Method Migrate --UserId "01010101-0101-0011-0100-010101010010" --Value "02020202-0202-0022-0200-020202020020"Required arguments --UserId GUID of the source user. --Value GUID of the destination user. Optional arguments --Key The API key. SetPasswordSet the password of a user..SkyAnalyzer.Interface.Console.exe --Interface User --Method SetPassword [--Key] --UserId --PasswordThis method requires Write permission to the User API interface.ExamplesSet the password for user with user ID 01010101-0101-0011-0100-010101010010 to password..SkyAnalyzer.Interface.Console.exe --Interface User --Method SetPassword --UserId "01010101-0101-0011-0100-010101010010" --Password "password"Required arguments --UserId GUID of the specified user. --Password Password of the user. Optional arguments --Key The API key. AppendixVerbsLucent Sky AVM CLI supports the use of verbs instead of interfaces and methods. Combine the Interface and Method arguments with a space in between to use as a verb. As with the names of interfaces and methods, verbs are case-insensitive.When using a verb, it must be the first argument.Example$applicationId = New-Guid# Replace <ApplicationName> with a descriptive name of the application$applicationName = "<ApplicationName>"# Replace <Framework> with the framework of the application$framework = "<Framework>".SkyAnalyzer.Interface.Console.exe application create --Name $applicationName --Framework $framework --ApplicationId $applicationIdEnvironment variablesLucent Sky AVM CLI supports the following environment variables: --CLEAR_API_KEY The API key. If both the Key argument and the CLEAR_API_KEY environment variable are present, the value of the Key argument will be used. ExampleSet the CLEAR_API_KEY to the value of an API key, then get the list of all applications.$env:CLEAR_API_KEY = "lsDZG9X9PlkuK+bv+tJFpg8tUS4ISbWTi4+kQKm7Wh0=".SkyAnalyzer.Interface.Console.exe --Interface Application --Method GetListLog in using credentialsLog in using user credentials has been deprecated in favor of using API keys. To log in using user credentials, omit the Key argument and set the Credential argument to the Base64-encoded user object.ExamplesCreate an user object of the local user eve@contoso.com with password password and get the list of all applications.$userObject = .SkyAnalyzer.Interface.Console.exe --Interface Tools --Method Base64Encode --Value "eve@contoso.com password Sql".SkyAnalyzer.Interface.Console.exe --Interface Application --Method GetList --Credential $userObjectResolve common issues using CLI exit codeAfter calling a method in CLI, the process will return an exit code. The default exit code 0 will be returned if the process has completed successfully. Refer to the table below for a list of all exit codes, their causes and solutions. 0 - The process has completed successfully. -11 - User authentication failed. (AUTHENTICATION_FAILED) -12 - User authorization failed. (AUTHORIZATION_FAILED) -100 - The license has expired, has no remaining scans, or is invalid. (INVALID_LICENSE) -111 - The number of applications has reached the limit of the license. (PROJECT_LIMIT_REACHED) -112 - The number of users has reached the limit of the license. (USER_LIMIT_REACHED) -121 - The specified framework is not available. (INVALID_FRAMEWORK) -122 - The specified report format is not available. (INVALID_REPORT_FORMAT) -123 - The specified remediation option is not available. (INVALID_MITIGATION_OPTION) -201 - The API model is null. (NULL_API_MODEL) -202 - The API model is invalid. (INVALID_API_MODEL) -203 - The input is invalid. (INVALID_INPUT) -301 - The storage is offline. (OFFLINE) -302 - The storage functional level is incompatible. (FUNCTIONAL_LEVEL) -20000 - An unexpected error occurred. -20001 - The platform or architecture is unsupported. -20002 - The configuration file is invalid. -20004 - Network error. Verify the network status or try again later. -20005 - Operation timeout. Verify the network status or try again later. -20006 - Communication error. Verify the network status or try again later. 20011 - The synchronized method has timed-out, but has started successfully. 20021 - The method completed successfully, but is no longer applicable to the scan. -20100 - One or more arguments is invalid. -20101 - 'Interface' is missing or invalid. -20102 - 'Method' is missing or invalid. -20103 - One or more arguments for this method is missing. -20105 - Authentication or authorization failed. -20106 - 'Value' is invalid. -20201 - 'Framework' is invalid. -20203 - 'Repository' is invalid. -20206 - 'Vectors' is invalid. -20208 - 'RulePackageId' is not present. -20209 - 'RuntimeId' is not present or is incompatible to the framework of the application. -20211 - 'Filter' is invalid. -20301 - 'Type' is invalid. -20302 - 'SourceCodePath' is not a valid path or the specified file or directory does not exist. -20303 - 'SourceCodePath' is in an unsupported format. -20304 - 'ForeignReportPath' is not a valid file path or the specified file does not exist. -20305 - 'ForeignReportPath' is in an unsupported format. -20306 - 'RemediatedSourceCodePath' must have a zip extension. -20307 - 'RemediationOption' is invalid. -20308 - 'Ticks' is invalid. -20309 - 'ReportFormat' is invalid. -20310 - 'ReportPath' must have a zip extension. -20311 - 'ReportLanguage' is invalid. -20312 - 'PurgeThreshold' is invalid. -20313 - 'LogsPath' must have a zip extension. -20401 - 'AplPath' must have a zip extension. -20403 - 'LogsDate' is invalid. -20404 - 'Groups' is invalid. -20405 - 'Members' is invalid. -20406 - 'Permissions' is invalid. -21000 - The 'ScanId' is invalid for this action. -21001 - Failed to set password. -21101 - The 'ReportProjectRoot' scan argument is not present in 'Arguments'. -21102 - Failed to download the file. The file size cannot exceed 2 GB. -21103 - The specified scan does not have any generated remediated source code. -21104 - The remediated source code is still being generated. -21105 - Failed to generate remediated source code. -21106 - An I/O error occurred. Try again later. -21107 - The specified scan does not have a generated report. -21108 - The report is still being generated. -21109 - Failed to generate report. -21110 - The specified framework is invalid for this type of foreign report. -21200 - The 'ApplicationId' is invalid for this action. -22001 - The specified data source does not exist or is not supported. -22002 - The query is not supported or invalid. -22003 - An error occurred while processing the query. -22101 - An error occurred while detecting frameworks. -23001 - An error occurred while starting autopilot. -23002 - Failed to detect the frameworks of the application. -1200001 - This method is only available after the scan has completely successfully. (ACTION_NOT_AVAILABLE) -1200002 - The scan has an analysis or importation that is in-progress or completed. (SCAN_ALREADY_EXECUTED) -1200011 - The specified scan id or ticks is invalid. (INVALID_INPUT_COMBINATION) -1200012 - This method is not available for the type of the scan. (INVALID_TYPE) 1200013 - No log is available for the specified scan. (LOG_FILE_NOT_EXIST) -1200014 - The specified threshold is invalid. (INVALID_THRESHOLD) -1300001 - This method is only available after the scan has completely successfully. (ACTION_NOT_AVAILABLE) -1400011 - An unspecified error occurred while extracting the archive file. (ARCHIVE_UNSPECIFIED_ERROR) -1400012 - The archive file is in an unsupported format. (ARCHIVE_NOT_SUPPORTED) -1400013 - An IO exception occurred while extracting the archive file. (ARCHIVE_IO_EXCEPTION) -1400014 - The archive file is corrupted. (ARCHIVE_INVALID_DATA) -1400015 - The path length of some entries in the archive exceeds the limit of the file system. (ARCHIVE_PATH_TOO_LONG) -1400017 - The scan configuration file is invalid. (ARCHIVE_INVALID_CONFIG_FILE) -1400121 - The action is not available. (ACTION_NOT_AVAILABLE) -1400122 - The uploaded report file is invalid. (INVALID_FOREIGN_REPORT) -1400131 - The repository connection string is invalid. (REPOSITORY_INVALID_CONNECTION_STRING) -1400132 - A connection error occurred when connecting to the repository. (REPOSITORY_CONNECTION_ERROR) -1400133 - An authentication or authorization error occurred when connecting to the repository. (REPOSITORY_AUTHENTICATION_ERROR) -1400139 - A generic error occurred when connecting to the repository. (REPOSITORY_GENERIC_ERROR) -1400151 - The uploaded rule package is invalid. (INVALID_RULE_PACK) -1400152 - Identification rules in the rule package are invalid. (INVALID_IDENTIFICATION_RULES) -1400153 - Identification source code rules in the rule package are invalid. (INVALID_IDENTIFICATION_SOURCE_CODE_RULES) -1400154 - Remediation rules in the rule packages are invalid. (INVALID_REMEDIATION_RULES) -1400155 - Suppression rules in the rule packages are invalid. (INVALID_SUPPRESSION_RULES) -1400156 - The rule package contains files with invalid names. (INVALID_FILE_NAME) -1400161 - The uploaded runtime is invalid. (INVALID_RUNTIME) -1400411 - The signature is invalid. (INVALID_SIGNATURE) -1700011 - The email already exists. (DUPLICATE_EMAIL) -1700012 - The email is invalid. (INVALID_EMAIL) -1700013 - The password is invalid. (INVALID_PASSWORD) -1700014 - The user does not exist in the Active Directory. (PROVIDER_ERROR) -1700021 - A generic error occurred. (GENERIC_ERROR) -1700031 - The user is invalid. (INVALID_USER) -3100001 - The specified scan arguments are invalid. (INVALID_SCAN_ARGUMENTS) -3100015 - The specified weakness policies are invalid. (INVALID_WEAKNESS_POLICIES) -3200001 - The query statement is invalid. (INVALID_QUERY_STATEMENT) -4100021 - Lucent Sky AVM Server setup program is missing. Contact your system administrator. (SETUP_NOT_FOUND) -4100031 - An unspecified error occurred during activation. Contact Lucent Sky support. (UNSPECIFIED_ACTIVATION_ERROR) -4100032 - The product key is not well-formed. (MALFORMED_PRODUCT_KEY) -4100033 - The license file is invalid. (INVALID_LICENSE_FILE) -4100034 - An error occurred while communicating with the activation server. Try again later or use offline activation. (ACTIVATION_SERVER_ERROR) -4100035 - The product key has expired or exceeded its activation limit. (EXPIRED_PRODUCT_KEY) -4100036 - The serial number in the license file does not match the serial number of this instance. (SERIAL_NUMBER_MISMATCH) -4100037 - An error occurred while setting up this instance as a node. (NODE_SETUP_ERROR) -4100038 - An error occurred while converting between editions. (CONVERSION_ERROR) -4100039 - An error occurred while initializing supplementary license store. (SUPPLEMENT_LICENSE_STORE_ERROR) 4100041 - No log is available for the specified date range. (LOG_FILE_NOT_EXIST) 4100042 - Restart CLEAR Engine to complete the maintenance. (RESTART_REQUIRED) -4100043 - There is one or more scans in progress. (SCAN_IN_PROGRESS) -9999960 - An I/O error occurred. (IO_ERROR) -9999970 - A data error occurred. (DATA_ERROR) -9999980 - A system error occurred. (SYSTEM_ERROR) -9999990 - An unexpected error occurred. (ERROR)", "keywords": "avm, reference, interface, cli" } , "/en/avm/admin-guides/cli": { "id": "448674", "url": "/en/avm/admin-guides/cli", "title": "Administration guide to Lucent Sky AVM CLI", "description": "", "date": "2024/8/5", "content" : "This article covers the installation, configuration, and uninstallation of Lucent Sky AVM CLI.This article is about the CLI built with .NET Framework. For the corresponding article about the cross-platform CLI built with .NET, view the following article in the Lucent Sky Knowledge Base:Administration guide to Lucent Sky AVM CLIIn this article, you will learn how to: Install Lucent Sky AVM CLI Configure Lucent Sky AVM CLI Update Lucent Sky AVM CLI Uninstall Lucent Sky AVM CLIAt the end, you will be able to install, configure, and uninstall Lucent Sky AVM CLI.System RequirementsProcessor, memory, and hard disk space requirements: Processor: 1.6 GHz processor Memory: 1 GB Hard disk space: 200 MBLucent Sky AVM CLI can be installed on the following operating systems: Windows Server 2008 R2 with SP1 and later Windows 7 with SP1 and laterOn Windows, Lucent Sky AVM CLI requires .NET Framework 4.8 or later.Lucent Sky AVM CLI can also be installed on the following operating systems: Debian 10 and later[^](## "The Mono Project only test Mono packages on Debian 10, but they should work on newer Ubuntu versions.") (x64) macOS 10.9 and later (Apple silicon and Intel) Ubuntu 16.04 and later[^](## "The Mono Project only test Mono packages on Ubuntu 16.04, 18.04, and 20.04, but they should work on newer Ubuntu versions.") (x64)On Debian, macOS, and Ubuntu, Lucent Sky AVM CLI requires Mono 6.8 or later. Lucent Sky AVM CLI may work on other architectures (such as x86), other operating systems (such as CentOS/REHL, Fedora, and OpenSUSE), or other versions of a supported operating system through Mono as well, but these scenarios are not supported.Install Lucent Sky AVM CLILucent Sky AVM CLI provides user and system level setups. The user level setup does not require Administrator or root privileges and installs the CLI to a directory under the user's home directory. The system level setup requires Administrator or root privileges and installs the CLI to a system directory so that it is available to all users in the system.Lucent Sky AVM CLI can also be installed to other locations.WindowsUser level setup Create the directory %LOCALAPPDATA%ProgramsCLEAR CLI if it does not already exist. Extract the content of the Lucent Sky AVM CLI setup file to %LOCALAPPDATA%ProgramsCLEAR CLI.System level setup Create the directory C:Program FilesLucent SkyCLEAR CLI if it does not already exist. Extract the content of the Lucent Sky AVM CLI setup file to C:Program FilesLucent SkyCLEAR CLI.macOSUser level setup Create the directory $HOME/Applications/CLEAR CLI if it does not already exist. Extract the content of the Lucent Sky AVM CLI setup file to $HOME/Applications/CLEAR CLI.System level setup Create the directory /Applications/CLEAR CLI if it does not already exist. Extract the content of the Lucent Sky AVM CLI setup file to /Applications/CLEAR CLI.LinuxUser level setup Create the directory $HOME/clear-cli if it does not already exist. Extract the content of the Lucent Sky AVM CLI setup file to $HOME/clear-cli.System level setup Create the directory /opt/clear-cli if it does not already exist. Extract the content of the Lucent Sky AVM CLI setup file to /opt/clear-cli.Configure Lucent Sky AVM CLIThe CLI needs to be configured to use a remote CLEAR Engine instance. This can be done either with the config interface or by editing the configuration file.Scriptable configuration Open PowerShell and enter the following command: # Replace <InstanceFqdn> with the FQDN or IP address of the CLEAR Engine instance $InstanceFqdn = "<InstanceFqdn>" .SkyAnalyzer.Interface.Console.exe --Interface config --Method set --Value "endpoint = ${InstanceFqdn}:5759" Configuration file Navigate to the directory where the CLI is installed. Open SkyAnalyzer.Interface.Console.exe.config with a text editor. In the <client> section, locate a group of <endpoint> tags with the binding="netNamedPipeBinding" attribute. Comment out these tags to disable this group of endpoints. In the <client> section, locate a group of <endpoint> tags with the binding="netTcpBinding" attribute that are commented out. Remove the surrounding comment tags to enable this group of endpoints. Then, replace all occurrences of clear.contoso.com with the FQDN or IP address of the CLEAR Engine instance.In the default TCP endpoint configuration, the communication between CLEAR Engine and the CLI is not secure. To learn more about enabling Transport Layer Security for CLEAR Engine and the CLI, view the following article in the Lucent Sky Knowledge Base:Configure Transport Layer SecurityUpdate Lucent Sky AVM CLI To update Lucent Sky AVM CLI, uninstall the current version from the system, and install the new version.Uninstall Lucent Sky AVM CLI Delete the directory where Lucent Sky AVM CLI is installed.", "keywords": "avm, guide, administration, cli" } , "/en/avm/get-started/cli": { "id": "513289", "url": "/en/avm/get-started/cli", "title": "Get started with Lucent Sky AVM CLI", "description": "", "date": "2024/8/5", "content" : "Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.This article describes the basic features of the CLI, and guides you through the process of scanning an application using the CLI. To learn about other functionalities of the CLI, view the following article in the Lucent Sky Knowledge Base:Lucent Sky AVM CLI referenceThis article is about the CLI built with .NET Framework. For the corresponding article about the cross-platform CLI built with .NET, view the following article in the Lucent Sky Knowledge Base:Get started with Lucent Sky AVM CLIIn this article, you will learn how to: Install and configure Lucent Sky CLI Create an API key Create a zip file containing the source code of an application. Scan an application Download the remediated source code Download the reportAt the end, you will be able to use the CLI to scan applications and generate remediated source code and reports.Prerequisites Bash, Command Prompt, or PowerShell - This article uses PowerShell in its examples, but the CLI can also be used with Bash and Command Prompt.Install and configure Lucent Sky AVM CLITo learn about how to install Lucent Sky AVM CLI, view the following article in the Lucent Sky Knowledge Base:Administration guide to Lucent Sky AVM CLICreate a zip file containing the source code of an application.To learn about creating the source code archive of an application, view the following article in the Lucent Sky Knowledge Base:Prepare an application scanningCreate an API key Go to the Web UI in your browser, and then sign in with your credentials. Go to Settings > Account, and select Create a new key. In the dialog, enter CLI as the description of the key, then select Create Key. Select and copy the generated API key.Configure the CLI Open PowerShell, and navigate to the directory where the CLI is installed. Enter the following command to set up the CLI to use a remote Lucent Sky AVM instance: # Replace <InstanceFqdn> with the FQDN or IP address of the Lucent Sky AVM instance $InstanceFqdn = "<InstanceFqdn>" .SkyAnalyzer.Interface.Console.exe --Interface config --Method set --Value "endpoint = ${InstanceFqdn}:5759" Enter the following command to create an environment variable to store the API key for authentication: # Replace <ApiKey> with the API key $Env:CLEAR_API_KEY = "<ApiKey>" Scan an application Open PowerShell, and navigate to the directory where the CLI is installed. Enter the following command to create an application: $applicationId = New-Guid # Replace <ApplicationName> with a descriptive name of the application $applicationName = "<ApplicationName>" # Replace <Framework> with the framework of the application $framework = "<Framework>" .SkyAnalyzer.Interface.Console.exe --Interface Application --Method Create --Name $applicationName --Framework $framework --ApplicationId $applicationId Enter the following command to create a scan: $scanId = New-Guid .SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Create --ApplicationId $applicationId --ScanId $scanId Enter the following command to upload the application source code and start the scan: # Replace <SourceCodePath> with path to the source code archive $sourceCodePath = "<SourceCodePath>" .SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Analyze --ScanId $scanId --SourceCodePath $sourceCodePath The command will exit when the scan is completed. To learn more about how to start a scan asynchronously, view the following article in the Lucent Sky Knowledge Base:Lucent Sky AVM CLI reference Download the remediated source code Enter the following command to generate and download the remediated source code: # Replace <RemediatedSourceCodePath> with path to save the remediated source code archive $remediatedSourceCodePath = "<RemediatedSourceCodePath>" .SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Remediate --ScanId $scanId --RemediatedSourceCodePath $remediatedSourceCodePath --RemediationOption 0 Download the report Enter the following command to generate and download a report in HTML format: # Replace <ReportPath> with path to save the remediated source code archive $reportPath = "<ReportPath>" .SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Report --ScanId $scanId --ReportPath $reportPath --ReportFormat html ", "keywords": "avm, getstarted, interface, cli" } , "/en/avm/troubleshoot/cli": { "id": "542288", "url": "/en/avm/troubleshoot/cli", "title": "Troubleshoot Lucent Sky AVM CLI errors", "description": "", "date": "2025/08/08", "content" : "SymptomsWhen you access the CLI, you receive an error message with a negative error code. The CLI also exits with the error code.CauseVarious reasons can cause the CLI to return an error. This article describes common causes and solutions to CLI errors.For CLI errors that occurs after uploading the source code archive, view the following article in the Lucent Sky Knowledge Base:Troubleshoot source code upload errorsResolution An error code between -10 and -99 indicates authentication or authorization errors. Verify the API key is valid, and that the user has permissions to perform the task. An error code between -100 and -999 indicates that the error was returned by CLEAR Engine. Follow the error message to resolve the error. The error code -20000 indicates that an unexpected error has occurred during the operation. If the error persists, contact Lucent Sky support. The error code -20004 or -20006 indicates an network issue between the CLI and CLEAR Engine. Verify that the CLEAR Engine service is running, that the endpoints are properly configured, and that the CLI can connect to CLEAR Engine over TCP/5759. The error code -20005 indicates that a timeout occurred during the operation. This commonly occurs when uploading a large source code archive over slow network connection. For learn more about the error codes that the CLI might return and their resolutions, view the following article in the Lucent Sky Knowledge Base:Lucent Sky AVM CLI Reference", "keywords": "avm, troubleshoot, cli" } , "/en/avm/how-to/configure-clear-engine-and-web-ui-settings": { "id": "214185", "url": "/en/avm/how-to/configure-clear-engine-and-web-ui-settings", "title": "Configure CLEAR Engine and Web UI settings", "description": "", "date": "2025/09/22", "content" : "This article describes the settings available for CLEAR Engine and the Web UI, their effects, and how to configure them.In this article, you will learn how to: Configure settings of CLEAR Engine. Configure settings of the Web UI.At the end, you will be able to configure settings of CLEAR Engine and the Web UI.Configure settings of CLEAR EngineCLEAR Engine configurations are stored in the storage configuration file (also known as the cluster configuration file). All CLEAR Engine instances in a cluster share the same configuration file. Open PowerShell as administrator and enter the following command to open the CLEAR Engine storage configuration file with the default text editor: (Select-Xml -Path "C:Program FilesLucent SkyCLEAR EngineSkyAnalyzer.config" -XPath "skyAnalyzer").Node.File | Invoke-Item To change a setting, locate the key representing the setting, and change its value. Enter the following command in PowerShell to restart CLEAR Engine for the changes to take effect. Repeat this on every instance in the cluster: Stop-Service "CLEAR Engine"; Start-Service "CLEAR Engine" A CLEAR Engine storage configuration file has the following settings: AutoArchive - Sets the threshold for automatically archiving scans. Scans created before this number of days will be archived automatically. Valid value should be an integer between 7 and 10000. When set to 0, auto archive is disabled. Default is 0. AutoSuppression - When sets to true, results exist entirely in an external module are automatically suppressed. Default is false. CompatibilityMode - When sets to true, results from third-party analysis reports are preprocessed to improve compatibility. Default is false. Encoding - Sets the native encoding of the cluster. Valid value should be the WebName of a non-Unicode encoding, such as big5, shift_jis, or windows-1252. Default is empty. FeatureFlags - Sets the feature flags to control whether certain features are enabled or disabled. Valid value should be a comma-separated list of feature flags. When the feature flags include preview, preview features are enabled on instances with a preview license. Default is empty. Intelligence - Sets the real-time intelligence operation mode and ML-augmented analysis and remediation availability. Valid values are advanced, advanced,ml, basic, and off. Default is basic. Iops - Sets IOPS of the storage. When sets to 0, the IOPS will be automatically detected the next time an instance is added to the cluster. Default is 0. MaintenanceWindow - Sets the window for maintenance tasks. Valid value should be the time of the day in the format of hhmm, such as 0300. When set to empty, maintenance tasks will not run. Default is empty. MaxDegreeOfParallelism - Sets the number of concurrent processes can be used by a core. Default is 1. MaxScanQueueLength - Sets the number of scans can be held in the scan queue. Default is 10. MultiFactorAuthentication - When sets to true, multi-factor authentication is enforced on all users. When sets to false, multi-factor authentication is disabled. When sets to empty, multi-factor authentication is enabled but not enforced. Default is empty. OpportunisticAnalysis - When sets to true, additional source code analysis will replace binary analysis if the application failed to build, instead of failing the scan. Default is false. ProcessIsolation - When sets to true, some build and analysis processes are executed using a service account with minimum privileges. When sets to false, all processes are executed using the same account as CLEAR Engine. Default is true. ProcessMonitoring - When sets to true, unresponsive analysis processes are terminated automatically. Default is true. SecurityLibraries - Sets additional security libraries to be used for remediation. Default is empty. SuppressionCompatibilityMode - When sets to true, suppression signatures generated by previous versions are recognized. Default is true. Utf8EmitBom - When sets to true, generated UTF-8 files will include a Unicode byte order mark. Default is false.Configure settings of the Web UI Open PowerShell as administrator and enter the following command to open the Web UI configuration file with the default text editor: "C:Program FilesLucent SkyCLEAR Webweb.config" | Invoke-Item To change a setting, locate the key representing the setting, and change its value. The Web UI is automatically restarted when changes are made.A Web UI configuration file has the following settings: ClientFileValidationEnabled - When sets to false, files such as source code archive are not validated by the Web UI. Default is true. DefaultDomain - Sets the domain name to prefill on the sign-in page. Default is empty. Help - Sets whether to use cloud-based or local help. Valid values are cloud and local. Default is cloud. StorageRoot - Sets the storage root used for path length calculation. SystemInformationFooter - When sets to true, system information such as the number of cores available is displayed on the bottom of the sign-in page. Default is false. SystemManagement - When sets to false, system management functions on the server running CLEAR Engine are not available to users in the Administrators group. Default is true. Theme - Sets the theme of the Web UI. Default is Lucent Sky.", "keywords": "avm, howto, administration" } , "/en/avm/how-to/configure-clear-engine-non-english-environment": { "id": "215860", "url": "/en/avm/how-to/configure-clear-engine-non-english-environment", "title": "Configure CLEAR Engine on a non-English environment", "description": "", "date": "2021/3/24", "content" : "This article describes how to configure CLEAR Engine on a non-English environmentOn Lucent Sky AVM versions prior to 1906, it is recommended to install CLEAR Engine on a system where the system language is set to English. Although it is no longer necessary on recent versions of Lucent Sky AVM, the steps described in this article might help improve compatibility in certain scenarios.In this article, you will learn how to: Configure CLEAR Engine on a non-English environment.At the end, you will be able to configure CLEAR Engine on a non-English environment.Configure CLEAR Engine on a non-English environmentThe recommended approach is to set the system language to English: In Windows Settings, select Time & language > Region & language. Select Add a language. Select English then select English (United States). In Languages, select English (United States) then select Set as default. Then, select Options and then select Download under Download language pack. Wait for Windows to download and install the language pack. Open PowerShell as an administrator, and run Intl.cpl to bring up the Region settings. In the Administrative tab, select Copy settings…. Check Copy your current settings to: Welcome screen and system accounts, select OK, then select Restart now. (Optional) To restore the preferred language of your current user account, repeat step 1 through 3, then move your preferred language to the top of the Preferred languages list.The steps above uses Windows Server 2016 as an example. The exact steps might differ on a different operating system.", "keywords": "avm, howto, administration" } , "/en/avm/how-to/configure-firewall-rules-for-clear-engine": { "id": "916885", "url": "/en/avm/how-to/configure-firewall-rules-for-clear-engine", "title": "Configure firewall rules for CLEAR Engine", "description": "", "date": "2025/6/1", "content" : "This article describes how to configure firewall rules for CLEAR Engine and the Web UI.In this article, you will learn how to: Configure required firewall rules for CLEAR Engine and the Web UI. Configure optional firewall rules for CLEAR Engine.At the end, you will be able to configure firewall rules for CLEAR Engine and the Web UI.Configure firewall rules for CLEAR Engine and the Web UICLEAR EngineCLEAR Engine requires outbound connection on the following protocols, ports, and destinations: TCP/443: api.lucentskyavm.comTo enable remote access to CLEAR Engine, it also requires inbound connectivity on the following protocols and ports: TCP/5759To deploy Lucent Sky AVM in environments without Internet access, contact Lucent Sky support.Web UITo enable remote access to the Web UI, it requires inbound connectivity on the following protocols and ports: TCP/80 TCP/443Configure optional firewall rules for CLEAR EngineSome features, such as real-time intelligence, requires additional connectivity.Real-time intelligenceReal-time intelligence requires outbound connectivity on the following additional protocols, ports, and destinations: TCP/443: api.lucentskyavm.com TCP/443: update.lucentskyavm.com TCP/443: www.cisa.gov TCP/443: search.maven.org TCP/443: status.maven.org TCP/443: nvd.nist.gov TCP/443: services.nvd.nist.gov TCP/443: static.nvd.nist.gov TCP/443: registry.npmjs.org TCP/443: ossindex.sonatype.orgMachine learning servicesMachine learning services, such as ML-augmented analysis and remediation, requires outbound connectivity on the following protocols, ports, and destinations: TCP/443: api.lucentskyavm.com TCP/443: update.lucentskyavm.com", "keywords": "avm, howto, administration, firewall" } , "/en/avm/how-to/configure-package-repositories": { "id": "218041", "url": "/en/avm/how-to/configure-package-repositories", "title": "Configure package repositories", "description": "", "date": "2026/06/01", "content" : "This article describes how to configure packages repositories on CLEAR Engine.In this article, you will learn how to: Configure packages repositories for Gradle, Maven, and MSBuild on CLEAR Engine.At the end, you will be able to configure packages repositories on CLEAR Engine.Configure packages repository locationsWhen building .NET and Java applications, build tools such Maven and MSBuild might download packages required to build these applications. As these build tools are run by a service account, these packages are downloaded to directories under the profile directory of the service account such as C:WindowsServiceProfilesNetworkService or C:WindowsSysWOW64configsystemprofile. To change where build tools save downloaded packages, follow these steps: Open PowerShell as administrator. Enter the following command: # Replace C:ProgramDataLucent SkyCLEAR Engine if using a custom file system storage location $fileSystemStorage = "C:ProgramDataLucent SkyCLEAR Engine" $goPath = "$fileSystemStoragego" $gradleUserHome = "$fileSystemStorage.gradle" $nugetPackages = "$fileSystemStorage.nugetpackages" [System.Environment]::SetEnvironmentVariable('GOPATH', "$goPath", [System.EnvironmentVariableTarget]::Machine) [System.Environment]::SetEnvironmentVariable('GRADLE_USER_HOME', "$gradleUserHome", [System.EnvironmentVariableTarget]::Machine) [System.Environment]::SetEnvironmentVariable('NUGET_PACKAGES', "$nugetPackages", [System.EnvironmentVariableTarget]::Machine) Stop-Service "CLEAR Engine"; Start-Service "CLEAR Engine" In PowerShell, enter the following command to open Apache Maven's settings file with a text editor: Invoke-Item "C:Program FilesLucent SkyCLEAR EngineToolsapache-maven-*confsettings.xml" In settings.xml, locate and uncomment the <localRepository>` tag, and set its value to the location for Maven to save downloaded packages, such as C:ProgramDataLucent SkyCLEAR Engine.m2repository. In PowerShell, enter the following command to open sbt's config file with a text editor: Invoke-Item "C:Program FilesLucent SkyCLEAR EngineToolssbt-*confsbtconfig.txt" Add the following to the end of sbtconfig.txt: # Replace C:ProgramDataLucent SkyCLEAR Engine in the following lines if using a custom file system storage location -Dsbt.boot.directory="C:ProgramDataLucent SkyCLEAR Engine.sbtboot" -Dsbt.global.base="C:ProgramDataLucent SkyCLEAR Engine.sbt" -Dsbt.ivy.home="C:ProgramDataLucent SkyCLEAR Engine.ivy2" -Dsbt.repository.config="C:ProgramDataLucent SkyCLEAR Engine.sbtrepositories" Configure remote package repositoriesStarting with Lucent Sky AVM version 2112, the included Apache Maven no longer supports custom repositories using HTTP. Therefore, if a project has dependencies from custom repositories using HTTP, the Maven build will fail. This can verified by the presence of maven-default-http-blocker (http://0.0.0.0/) in the Maven logs.It is recommended to migrate these custom repositories to HTTPS. If not possible, follow these steps to enable custom repositories using HTTP: Open PowerShell as administrator. Enter the following command to open Apache Maven's settings file with a text editor: Invoke-Item "C:Program FilesLucent SkyCLEAR EngineToolsapache-maven-*confsettings.xml"` In settings.xml, locate a <mirror> tag with a <id>maven-default-http-blocker</id> tag. Comment this <mirror> tag to disable it.", "keywords": "avm, howto, administration, package, repository, maven, nuget" } , "/en/avm/how-to/configure-transport-layer-security": { "id": "212844", "url": "/en/avm/how-to/configure-transport-layer-security", "title": "Configure Transport Layer Security", "description": "", "date": "2026/02/10", "content" : "This article describes how to configure Transport Layer Security for CLEAR Engine, the Web UI, and the CLI.In this article, you will learn how to: Configure TLS over TCP for CLEAR Engine. Configure TLS over HTTP for the Web UI. Configure TLS over TCP for the CLI.At the end, you will be able to configure TLS for CLEAR Engine, the Web UI, and the CLI.Configure TLS over TCP for CLEAR EngineCLEAR Engine is built with Windows Communication Foundation (WCF), which the Web UI and the CLI use to communicate with it. By default, CLEAR Engine is only accessible through named pipe endpoints, which limits communication to process running on the same host.To make CLEAR Engine accessible to other PCs, TCP endpoints must be enabled. The default TCP endpoint configuration used by CLEAR Engine is not secure. Follow these steps to enable transport security (TLS over TCP) for TCP endpoints: Place the X.509 certificate to be used by the TCP endpoints in the machine-level Personal certificate store. The certificate can be the same used by the Web UI. Open PowerShell as administrator. Enter the following command to open the CLEAR Engine configuration file with the default text editor: (Get-ChildItem "C:Program FilesLucent SkyCLEAR EngineSkyAnalyzer.Engine.exe.config").FullName | Invoke-Item Locate the <behavior name=""> tag in the <system.serviceModel> section, and place the following before the </behavior> end tag: <serviceCredentials> <!-- Replace CertificateThumbprint with the thumbprint of the X.509 certificate. --> <serviceCertificate findValue="CertificateThumbprint" x509FindType="FindByThumbprint" /> </serviceCredentials> Locate the <binding name="DefaultTcpBinding"> tag in the <system.serviceModel> section, and replace <security> tag with the following: <security mode="Transport"> <transport clientCredentialType="None" /> </security> Locate the <binding name="LargeReceivedMessageSizeTcpBinding"> tag in the <system.serviceModel> section, and replace <security> tag with the following: <security mode="Transport"> <transport clientCredentialType="None" /> </security> Enter the following command in PowerShell to restart CLEAR Engine for the changes to take effect: Stop-Service "CLEAR Engine"; Start-Service "CLEAR Engine" For Lucent Sky AVM cluster, repeat the steps above on each node in the cluster.After enabling TLS over TCP on CLEAR Engine, clients accessing it using TCP, such as the CLI or a Web UI installed on a different server, would need to enable TLS over TCP as well.Configure TLS over HTTP for Web UIAfter the Web UI is installed, it only has an HTTP binding. Adding a HTTPS binding enables browsers to access the Web UI using HTTPS. Follow these steps to add an HTTPS binding: Place the X.509 certificate to be used by the TCP endpoints in the machine-level WebHosting certificate store. Open PowerShell as administrator. enter the following command to add a new IIS site binding: # Replace CertificateThumbprint with the thumbprint of the X.509 certificate. $certificateThumbprint = "<CertificateThumbprint>" New-IISSiteBinding -Name "CLEAR Web" -BindingInformation "*:443:" -CertificateThumbPrint "$certificateThumbprint" -CertStoreLocation "Cert:LocalMachineWebHosting" -Protocol https Enter the following command in PowerShell to restart CLEAR Engine for the changes to take effect. Stop-IISSite -Name "CLEAR Web"; Start-IISSite -Name "CLEAR Web" For Lucent Sky AVM cluster, repeat the steps above on each node in the cluster.Configure TLS over TCP for CLIThe default configuration for the CLI enables it to communicate with a CLEAR Engine instance running on the same host. To use the CLI with a CLEAR Engine instance running on another host, TCP endpoints must be enabled. The default TCP endpoint configuration used by the CLI is not secured.If using the cross-platform CLI built with .NET, follow these steps to enable transport security (TLS over TCP) for TCP endpoints: Navigate to the install directory of the CLI. Open appsettings.json with a text editor. Locate the Endpoint > Address property, and validate that the domain name of CLEAR Engine in its value matches the common name of the certificate used by CLEAR Engine. Locate the Endpoint > SecurityMode property, and change its value from None to Transport.If using the CLI built with .NET Framework, follow these steps to enable transport security (TLS over TCP) for TCP endpoints: Navigate to the install directory of the CLI. Open SkyAnalyzer.Interface.Console.exe.config with a text editor. Locate the <binding name="DefaultTcpBinding"> tag in the <system.serviceModel> section, and replace <security> tag with the following: <security mode="Transport"> <transport clientCredentialType="None" /> </security> Locate the tag in the section, and replace tag with the following: <security mode="Transport"> <transport clientCredentialType="None" /> </security> These steps assume that the CLI has been configured to use TCP endpoints instead of named pipe endpoints. To learn more about enabling TCP endpoints for the CLI, view the following article in the Lucent Sky Knowledge Base:Administration guide to Lucent Sky AVM CLI", "keywords": "avm, howto, administration, tls" } , "/en/avm/integrations/continuous-integration": { "id": "212877", "url": "/en/avm/integrations/continuous-integration", "title": "Use Lucent Sky AVM with a continuous integration pipeline", "description": "", "date": "2026/02/10", "content" : "This article describes how to integrate Lucent Sky AVM with a CI pipeline in CI tools such as CircleCI, GitLab, and Jenkins. By integrating Lucent Sky AVM with an application's continuous integration pipelines, developers can ensure that only code changes meeting the security standards are committed or deployed.The Lucent Sky AVM CLI commands used in this article favor simplicity over scalability. For example, asynchronous methods such as BeginAnalyze might be more suitable than their synchronous counterparts when working with a large application. To learn about more advanced functionalities of the CLI, view the following article in the Lucent Sky Knowledge Base:Lucent Sky AVM CLI referenceIn this article, you will learn how to: Prepare Lucent Sky AVM CLI for use in a CI pipeline. Start a scan in a CI pipeline. Download and evaluate a scan report in a CI pipeline. Download the remediated source code and create a branch a CI pipeline.At the end, you will be use Lucent Sky AVM in a CI pipeline to start a scan, download and evaluate reports, and work with remediated source code in a CI pipeline.Prepare Lucent Sky AVM CLI for use in the CI pipelineLucent Sky AVM CLI needs to be downloaded to the CI server or agent before it can be used. How the CLI is downloaded varies and depends on each organization's needs and requirements, and the CLI might already be present if using a persistent agent.To learn more about how to install Lucent Sky AVM CLI on different operating systems, view the following article in the Lucent Sky Knowledge Base:Administration guide to Lucent Sky AVM CLI In the CI pipeline, create the following variables: InstanceFqdn - the FQDN or IP address of the Lucent Sky AVM instance. ApiKey - a secret variable to store the API key to the Lucent Sky AVM instance. ApplicationId - the value of the project's application ID on the Lucent Sky AVM instance. SourcesDirectory - the directory where the application source code is located. ToolsDirectory - the directory where Lucent Sky AVM CLI will be installed to. In the CI pipeline, locate an appropriate location to download the CLI, such as after the application build is completed. Add a task (also known as step in some CI software) that runs a shell command to download the CLI setup file to $(System.DefaultWorkingDirectory)/tools/clear-cli.zip and extracts its content to $(System.DefaultWorkingDirectory)/tools/clear-cli. $platform = switch -Regex ($PSVersionTable.OS) { "Darwin" { "osx-x64" } "Linux" { "linux-x64" } default { "win-x64" } } Invoke-WebRequest -Uri "https://lsky.co/clearcli-$platform" -OutFile "$Env:ToolsDirectory/clear-cli.zip" Expand-Archive -Path "$Env:ToolsDirectory/clear-cli.zip" -DestinationPath "$Env:ToolsDirectory/clear-cli" The URL https://lsky.co/clearcli-linux-x64 points to the latest Lucent Sky AVM CLI for Linux. To pin the CLI to a specific version, append -version after the URL. For example, https://lsky.co/clearcli-linux-x64-2512. Add a task that runs a shell command to configure the CLI to use a remote Lucent Sky AVM instance. cd "$Env:ToolsDirectory/clear-cli" ./SkyAnalyzer.Interface.Cli --Interface config --Method set --Value "endpoint = ${Env:InstanceFqdn}:5759" Start a scan in the CI pipeline In the CI pipeline, locate an appropriate location to start the scan, such as after the build artifacts are available. Add a task that runs a shell command to generate a random scan ID. $scanId = New-Guid You may need to write $scanId to a specifc file or device in order to use the scan ID in later steps. Add a task that runs a shell command to create a scan under the application on Lucent Sky AVM server and upload the build artifact for analysis. cd "$Env:ToolsDirectory/clear-cli" ./SkyAnalyzer.Interface.Cli --Key "$Env:ApiKey" --Interface Scan --Method Create --ApplicationId "$Env:ApplicationId" --ScanId "$Env:ScanId" ./SkyAnalyzer.Interface.Cli --Key "$Env:ApiKey" --Interface Scan --Method Analyze --ScanId "$Env:ScanId" --SourceCodePath "$Env:SourcesDirectory/target/ContosoWeb.war" Add a task that runs a shell command to check the scan result code to determine if the scan was completed successfully. cd "$Env:ToolsDirectory/clear-cli" $scanResult = ./SkyAnalyzer.Interface.Cli --Key "$Env:ApiKey" --Interface Scan --Method GetResult --ScanId "$Env:ScanId" if ($scanResult -lt 0) { [Console]::Error.WriteLine("Scan failed ($scanResult)"); exit $scanResult } You may need to configure this task to fail with either the presence of stderr or a negative exit code. Download and evaluate a scan report in the CI pipeline In the CI pipeline, locate an appropriate location to evaluate the scan report, such as after the scan is completed. Add a task that runs a shell command to generate and download the XML report of the scan. cd "$Env:ToolsDirectory/clear-cli" ./SkyAnalyzer.Interface.Cli --Key "$Env:ApiKey" --Interface Scan --Method Report --ScanId "$Env:ScanId" --ReportPath "$Env:Temp/ScanResults/Xml-Report.zip" --ReportFormat xml Add a task that runs a shell command to extract the XML report. Expand-Archive -Path "$Env:Temp/ScanResults/Xml-Report.zip" -DestinationPath "$Env:Temp/ScanResults" Add a task that runs a shell command to query the XML report to evaluate if the scan has found any vulnerability with a priority score of 2 or higher. cd "$Env:ToolsDirectory/clear-cli" $resultCount = ./SkyAnalyzer.Interface.Cli --Interface Query --Method Execute --QueryDataSource "$Env:Temp/ScanResults/Report.xml" --QueryStatement "SELECT COUNT(ID) FROM Results WHERE PRIORITY <= 2" You may need to write $resultCount to a specifc file or device in order to use the number of results in later steps. Add a task that publishes the build artifact if no vulnerability with a priority score of 2 or higher was found. Add a task that runs a shell command to generate and download the HTML report when at least one vulnerability with a priority score of 2 or higher was found. if ($Env.ResultCount -ne 0) { cd "$Env:ToolsDirectory/clear-cli" ./SkyAnalyzer.Interface.Cli --Key "$Env:ApiKey" --Interface Scan --Method Report --ScanId "$Env:ScanId" --ReportPath "$Env:Temp/ScanResults/Html-Report.zip" --ReportFormat html } Add a task that runs a shell command to extract the HTML report when at least one vulnerability with a priority score of 2 or higher was found. if ($Env.ResultCount -ne 0) { Expand-Archive -Path "$Env:Temp/ScanResults/Xml-Report.zip" -DestinationPath "$Env:Temp/ScanResults" } Add a task that publishes the HTML report when at least one vulnerability with a priority score of 2 or higher was found. Download the remediated source code and create a pull request in the CI pipeline In the CI pipeline, locate an appropriate location to work with the remediated source code, such as after the pipeline failed security policy evaluation. Add a task that runs a shell command to configure Git on the pipeline agent and creates a branch for the remediated source code when at least one vulnerability with a priority score of 2 or higher was found. if ($Env.ResultCount -ne 0) { cd "$Env:SourcesDirectory" # Replace <UserEmail> with the user email to use for Git $UserEmail = "<UserEmail>" # Replace <UserName> with the user name to use for Git $UserName = "<UserName>" git config --global user.email "$UserEmail" git config --global user.name "$UserName" git checkout -b scan-$Env:ScanId } Add a task that runs a shell command to generate and download the remediated source code when at least one vulnerability with a priority score of 2 or higher was found. if ($Env.ResultCount -ne 0) { cd "$Env:ToolsDirectory/clear-cli" ./SkyAnalyzer.Interface.Cli --Key "$Env:ApiKey" --Interface Scan --Method Remediate --ScanId "$Env:ScanId" --RemediatedSourceCodePath "$Env:Temp/ScanResults/RemediatedSource.zip" --RemediationOption 0 } Add a task that runs a shell command to extract the remediated source code over the original source code when at least one vulnerability with a priority score of 2 or higher was found. if ($Env.ResultCount -ne 0) { Expand-Archive -Path "$Env:Temp/ScanResults/RemediatedSource.zip" -DestinationPath "$Env:SourcesDirectory" } Add a task that runs a shell command to commit the remediated source code to a branch when at least one vulnerability with a priority score of 2 or higher was found. if ($Env.ResultCount -ne 0) { cd "$Env:SourcesDirectory" # Replace <AplPath> with Application Protection Library files suitable for the framework of the project AplPath="<AplPath>" git add **/$AplPath git commit -m "Instant Fixes from scan $Env:ScanId" git push -u origin scan-$Env:ScanId } Add a task that runs a shell command to , which fails the pipeline when at least one vulnerability with a priority score of 2 or higher was found. if ($Env.ResultCount -ne 0) { [Console]::Error.WriteLine('This build did not pass the scan criteria.') exit -1 } You may need to configure this task to fail with either the presence of stderr or a negative exit code. Create a pull request from the branch containing the remediated source code. ", "keywords": "avm, integration, cli, devops, continuousintegration, ci" } , "/en/avm/compliance/cyber-resilience-act": { "id": "258860", "url": "/en/avm/compliance/cyber-resilience-act", "title": "Lucent Sky AVM for Cyber Resilience Act", "description": "", "date": "2026/02/05", "content" : "Application security is vital to the design, development, and production of products that conform to the EU Cyber Resilience Act (EU CRA), as it protects against vulnerabilities that could compromise data and affect functionality. Lucent Sky AVM enhances this process by automating vulnerability identification and remediation, making it more efficient for organizations to achieve and maintain compliance.Lucent Sky AVM EU CRA mappingThe following section maps the Essential Requirements, as presented in Annex I of the EU CRA, to the capabilities covered by Lucent Sky AVM, as well as the remaining steps a customer needs to take in addition to implementing Lucent Sky AVM.EU Cyber Resilience Act Essential Requirements EU CRA requirement Lucent Sky AVM Customer gaps Part I (1) — Designed, developed, and produced securely (C) Lucent Sky AVM can be used to identify and remediate insecure designs and implementations throughout the software development lifecycle, helping ensure that products are designed and developed in accordance with defined security requirements. Customers must assess and identify the appropriate security requirements for their products and should conduct additional assessments beyond those performed by Lucent Sky AVM if necessary. Part I (2)(a) — Without known exploitable vulnerabilities (S) Lucent Sky AVM analyzes the source code, binary files, and dependencies of products to identify and remediate both known and unknown vulnerabilities. Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM. Part I (2)(b) — Secure by default configuration (C) Lucent Sky AVM analyzes the source code, binary files, and configuration files used by products and their dependencies to identify insecure practices, such as the use of hard-coded credentials or insecure generation of randomized passwords. Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM and should use Lucent Sky AVM in addition to automated and/or manual reviews. Part I (2)(d) — Access control (C) Lucent Sky AVM analyzes the source code and binary files of products to identify potential locations where access control is missing or implemented insecurely, such as improper credential validation, insecure session management, or other issues that may lead to insecure access control, such as injection flaws. Lucent Sky AVM also analyzes the dependencies of the products to identify components with similar vulnerabilities. Customers should use Lucent Sky AVM in addition to automated and/or manual reviews. Part I (2)(e) — Data confidentiality (C) Lucent Sky AVM analyzes the source code and binary files of products to identify potential locations where sensitive information is stored or transmitted insecurely, such as without encryption or with obsolete cryptographic technologies. Customers should use Lucent Sky AVM in addition to automated and/or manual reviews. Part I (2)(f) — Data integrity (C) Lucent Sky AVM analyzes the source code and binary files of products to identify potential locations where data integrity verification is missing or inadequately implemented, such as the use of obsolete hashing algorithms. Customers should use Lucent Sky AVM in addition to automated and/or manual reviews. Part I (2)(h) — Availability of essential functions (C) Lucent Sky AVM analyzes the source code and binary files of products to identify and remediate vulnerabilities that may cause the reduction or loss of the products' availability, such as race conditions or improper exception handling. Lucent Sky AVM also analyzes the dependencies of the products to identify components with such vulnerabilities. Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM and should use Lucent Sky AVM in addition to automated and/or manual reviews. Part I (2)(j) — Attack surface reduction (C) Lucent Sky AVM analyzes the source code and binary files of products to identify publicly or externally exposed functionality and insecure endpoints. Customers should evaluate whether the identified public and/or external functionality is necessary and should use Lucent Sky AVM in addition to automated and/or manual reviews. Part I (2)(k) — Incident mitigation (C) Lucent Sky AVM analyzes the source code, binary files, and dependencies of products to identify missing exploitation mitigation mechanisms, such as disabled security mechanisms, and to identify locations where sensitive information is stored insecurely, such as without encryption or with obsolete cryptographic technologies. Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM and should use Lucent Sky AVM in addition to automated and/or manual reviews. Part I (2)(l) — Security monitoring (C) Lucent Sky AVM analyzes the source code and binary files of products to identify locations where logging is implemented insecurely, such as when using untrusted input in log entries. Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM and should use Lucent Sky AVM in addition to automated and/or manual reviews. Part II (1) — Software bill of materials (S) Lucent Sky AVM analyzes the source code, binary files, and dependencies of products to identify software components and dependencies. These components are checked for known vulnerabilities and can be used to generate a software bill of materials. Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM. Part II (2) — Vulnerability remediation (S) Lucent Sky AVM analyzes the source code, binary files, and dependencies of products to identify both known and unknown vulnerabilities. Lucent Sky AVM can automatically remediate vulnerabilities by generating Instant Fixes—production-ready code segments that replace vulnerable code—and can assist developers remediating vulnerabilities with remediation guidance or update guidance. Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM. Part II (3) — Security testing (S) Lucent Sky AVM can be used throughout the software development lifecycle and within continuous integration processes to automatically analyze the source code, binary files, and dependencies of products to identify both known and unknown vulnerabilities. Customers must ensure that applicable parts of the products are properly analyzed by Lucent Sky AVM. Part II (4) — Vulnerability disclosure (C) Lucent Sky AVM generates reports containing the information required for public disclosure of fixed vulnerabilities, including descriptions, impacts, and severity. Customers must obtain any additional information required for public disclosure. (S) Lucent Sky AVM contributes significantly to conformity with the requirement, with minimal prerequisites or additional work.(C) Lucent Sky AVM contributes to conformity with the requirement, but some prerequisites or additional work are required.About Lucent Sky AVMLucent Sky AVM accelerates the application security process by automatically identifies and remediates vulnerabilities in source code, binary files, and dependencies. Automatic remediation supports more than 800 vulnerability categories, including those in OWASP Top 10 and PCI DSS. Lucent Sky AVM supports a broad range of languages and frameworks, from C++, C#, and Java to Python, JavaScript, and beyond. Lucent Sky AVM is accessible via a web UI, CLI, and APIs, and integrates with IDEs and common ALM and CI tools.", "keywords": "avm, compliance, cyberresilienceact, eucra" } , "/en/avm/admin-guides/eclipse-ide": { "id": "399258", "url": "/en/avm/admin-guides/eclipse-ide", "title": "Administration guide to Lucent Sky AVM for Eclipse IDE", "description": "", "date": "2026/02/10", "content" : "This article covers the installation, configuration, and removal of Lucent Sky AVM for Eclipse IDE.In this article, you will learn how to: Install Lucent Sky AVM for Eclipse IDE Uninstall Lucent Sky AVM for Eclipse IDEAt the end, you will be able to install and uninstall Lucent Sky AVM for Eclipse IDE.System RequirementsProcessor, memory, and hard disk space requirements: Processor: 1.6 GHz processor Memory: 2 GB Hard disk space: 200 MBLucent Sky AVM for Eclipse IDE can be installed with the following versions of Eclipse IDE: Eclipse IDE 4.6 (Neon) - 4.38 (2025-12)Lucent Sky AVM for Eclipse IDE can be installed on the following operating systems: Windows (x64) macOS (Apple silicon and Intel) Ubuntu (x64)Lucent Sky AVM for Eclipse IDE requires Java 8 or later.Lucent Sky AVM for Eclipse IDE might also work with Eclipse IDE running on other architectures or other operating systems, or other IDEs based on Eclipse IDE.Install Lucent Sky AVM for Eclipse IDE Lucent Sky AVM for Eclipse IDE requires the cross-platform Lucent Sky AVM CLI. Before installing Lucent Sky AVM for Eclipse IDE, install Lucent Sky AVM CLI. Lucent Sky AVM for Eclipse IDE will attempt to locate Lucent Sky AVM CLI in the following locations: on Windows %LOCALAPPDATA%ProgramsCLEAR CLI %LOCALAPPDATA%Programsclear-cli C:Program FilesLucent SkyCLEAR CLI on macOS $HOME/Applications/CLEAR CLI $HOME/Applications/clear-cli /Applications/CLEAR CLI on Ubuntu $HOME/clear-cli /opt/clear-cli To learn more about how to install Lucent Sky AVM CLI, view the following article in the Lucent Sky Knowledge Base:Administration guide to Lucent Sky AVM CLI Close all Eclipse IDE instances. Extract the .jar file from the Lucent Sky AVM for Eclipse IDE setup package. Navigate to the installed directory of the Eclipse instance you want to install Lucent Sky AVM for Eclipse IDE. On macOS, select and hold (or right-click) the Eclipse app, select Show Package Contents, and then navigate to Contents > Eclipse. On Linux, if Eclipse IDE was installed through Snap, navigate to ~/snap/eclipse/current. Placed the .jar file in the dropins directory.Uninstall Lucent Sky AVM for Eclipse IDE Close all Eclipse IDE instances. Navigate to the installed directory of the Eclipse instance you want to uninstall Lucent Sky AVM for Eclipse IDE. On macOS, select and hold (or right-click) the Eclipse app, select Show Package Contents, and then navigate to Contents > Eclipse. On Linux, if Eclipse IDE was installed through Snap, navigate to ~/snap/eclipse/current. Delete the .jar file of Lucent Sky AVM for Eclipse IDE from the dropins directory.", "keywords": "avm, guide, administration, eclipse, eclipseide" } , "/en/avm/get-started/eclipse-ide": { "id": "581435", "url": "/en/avm/get-started/eclipse-ide", "title": "Get started with Lucent Sky AVM for Eclipse IDE", "description": "", "date": "2024/9/5", "content" : "Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.In this article, you will learn how to: Install Lucent Sky AVM for Eclipse IDE Scan an application Review the identified result and their Instant FixAt the end, you will be able to use the Lucent Sky AVM for Eclipse IDE to scan projects, review scan results, and apply Instant Fixes to remediate vulnerabilities automatically.Prerequisites Eclipse IDE - This article uses Eclipse IDE 2024-06, but the Lucent Sky AVM for Eclipse IDE can also be used in other supported version of Eclipse IDE.Install Lucent Sky AVM for Eclipse IDETo learn more about the installation and configuration of Lucent Sky AVM for Eclipse IDE, as well as system requirements, view the following article in the Lucent Sky Knowledge Base:Administration guide to Lucent Sky AVM for Eclipse IDECreate an API key Go to the Web UI in your browser, and then sign in with your credentials. Go to Settings > Account, and select Create a new key. In the dialog, enter CLI as the description of the key, then select Create Key. Select and copy the generated API key.Scan a project In Eclipse IDE, open the workspace containing the project, and open the project. Under Package Explorer, select and hold (or right-click) the project to scan, and then select Scan with Lucent Sky AVM. The New Scan - Lucent Sky AVM dialog will appear. Select Sign In, and sign in with your Lucent Sky AVM API key. To create a new application for the scan, select New Application. In the New Application - Lucent Sky AVM window, enter the name of the application, select its framework, and review and change its vectors, rule package, runtime, and scan arguments as needed. Then, select OK to create the application. Alternatively, select an existing application in the New Scan - Lucent Sky AVM window to use for the scan. Review and change the weakness policies, vectors, and scan arguments as needed. Select Scan to start the scan. The Lucent Sky AVM window will appear. When the scan is in progress, the Console window will display information about its progress.Review scan results Once the scan is completed, the scan results will appear in the Lucent Sky AVM window. Expanding a vulnerability category will show all results under that category. Expanding a result will show its Statements, Instant Fix, and Suggestion. Double-click on one of the Statements or Instant Fixes to open the file in the editor and go to the relevant line of code. To apply Instant Fix to a result, select and hold (or right-click) the Instant Fix of the result then select Remediate. To apply Instant Fixes to all results of the same vulnerability category, select and hold (or right-click) the category then select Remediate Vulnerabilities. To apply Instant Fixes to all results, select and hold (or right-click) the top node in the Lucent Sky AVM window, then select Remediate All Vulnerabilities.", "keywords": "avm, getstarted, interface, eclipse" } , "/en/avm/how-to/enable-active-directory-authentication": { "id": "221868", "url": "/en/avm/how-to/enable-active-directory-authentication", "title": "Enable Active Directory authentication", "description": "", "date": "2025/5/22", "content" : "This article describes how to enable Active Directory authentication on CLEAR Engine.In this article, you will learn how to: Enable Active Directory authentication on CLEAR Engine.At the end, you will be able to enable Active Directory authentication on CLEAR Engine.Prerequisites of Active Directory authenticationThe following prerequisites must be met to support Active Directory authentication. CLEAR Engine is installed on a member server of the Active Directory domain. The installed Lucent Sky AVM license supports Active Directory authentication. The domain controller(s) of the domain has the same number or more CAL for organizational users on CLEAR Engine.If the CLEAR Engine instance is part of a cluster, every node in the cluster must meet the prerequisites.Enable Active Directory authentication on CLEAR Engine Open PowerShell as administrator. Enter the following command to open the CLEAR Engine configuration file with the default text editor: "C:Program FilesLucent SkyCLEAR EngineSkyAnalyzer.Engine.exe.config" | Invoke-Item In the configurationconnectionStrings section, locate the ActiveDirectoryMembership connection string. Change its value according to the Active Directory to authenticate against. In the configurationsystem.webmembershipproviders section, add the following before the SqlMembership` provider: <add name="ActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ActiveDirectoryMembership" /> In PowerShell, enter the following command to restart CLEAR Engine: Stop-Service "CLEAR Engine"; Start-Service "CLEAR Engine" Repeat the steps above on every node in the cluster.", "keywords": "avm, howto, administration, activedirectory" } , "/en/avm/how-to/enable-long-path-support": { "id": "215474", "url": "/en/avm/how-to/enable-long-path-support", "title": "Enable long path support", "description": "", "date": "2024/1/21", "content" : "This article describes how to enable long path support on CLEAR Engine.In this article, you will learn how to: Enable long path support on CLEAR Engine.At the end, you will be able to enable long path support on CLEAR Engine.Enable long path supportLong path support is only available on Windows Server 2016 (OS Build 14393) and later. To enable it, follow these steps: Open PowerShell as administrator. Enter the following command to enable long path support in the registry: New-ItemProperty -Path 'HKLM:SYSTEMCurrentControlSetControlFileSystem' -Name 'LongPathsEnabled' -Value '1' -PropertyType 'DWORD' -Force The registry key can also be controlled via Group Policy at Computer Configuration > Administrative Templates > System > Filesystem > Enable Win32 long paths. In PowerShell, enter the following command to open the Web UI configuration file with the default text editor: "C:Program FilesLucent SkyCLEAR Webweb.config" | Invoke-Item Locate the <ClientFileValidationEnabled> node in the <configuration/appSettings> section, and change its value to false. In PowerShell, enter the following command to restart CLEAR Engine: Stop-Service "CLEAR Engine"; Start-Service "CLEAR Engine" For Lucent Sky AVM cluster, repeat the steps above on each node in the cluster.Even with Win32 long paths enabled, some tools used by CLEAR Engine might still not support long path.", "keywords": "avm, howto, administration" } , "/en/avm/troubleshoot/encoding-problems": { "id": "561238", "url": "/en/avm/troubleshoot/encoding-problems", "title": "Troubleshoot encoding problems", "description": "", "date": "2023/6/12", "content" : "Lucent Sky AVM relies on correct encoding information to analyze the source code of an application. Additionally, incorrect encoding settings might cause build errors for .NET and Java applications.This article describes how Lucent Sky AVM handles character encoding, as well as ways to troubleshoot encoding errors.How Lucent Sky AVM handles character encoding.NET applicationsEncodings in .NET applications are handled as described in the All applications section below, except for the Build phase, which is managed by .NET Framework and/or Microsoft Build Tools. MSBuild and ASP.NET Compilation Tool use the system locale (also known as Language for non-Unicode programs) setting on the operating system as the native encoding.Java applicationsLucent Sky AVM will search for a file named org.eclipse.core.resources.prefs, which is the document Eclipse uses to keep track of file encoding formats for a project. If org.eclipse.core.resources.prefs exists, Lucent Sky AVM will make use of the character encoding settings contained therein. For files not included in org.eclipse.core.resources.prefs, their encodings are determined similar to those listed under "All applications" below. If org.eclipse.core.resources.prefs does not exist, then Lucent Sky AVM will make use of character encoding detection techniques similar to those described in All application below.All applications Lucent Sky AVM will detect if a file's character encoding format is an Unicode (such as UTF-8) encoding or a native encoding (such as Big5, Shift JIS or Windows 1252). For files with a native encoding, the native encoding is determined in the following order: Encoding set in scan arguments (such as Encoding,Big5) Encoding set in the custom runtime (if the application uses one) Encoding defined in the storage configurations file (storage.config, also known as the cluster configuration file) The native encoding most frequently used in the application's files with a native encoding TroubleshootingFollow the steps below to resolve encoding problems:.NET applicationsAs MSBuild and ASP.NET Compilation Tools use the system locale setting on the operating system as the native encoding, if the native encoding of the application differs from the system locale of the Lucent Sky AVM instance, encoding issues might occur.To specify the native encoding used by MSBuild, you can set the value of the <CodePage> property in the project file to the codepage of the native encoding (such as <CodePage>932</CodePage>). You can alternatively set the CodePage property by using the BuildProperties scan argument (for example, BuildProperties,CodePage=932).To specify the native encoding used by ASP.NET Compilation Tools, you can set the fileEncoding attribute in the <configuration/system.web/globalization> element (such as <globalization fileEncoding="Big5" />) in the application's top-level web.config file.Java applications If org.eclipse.core.resources.prefs exists, check that its structure is correct, and that the files associated with the error have their encoding format properly specified. If you are not certain that org.eclipse.core.resources.prefs is accurately specifying the encoding format of the file, try removing it from that document in order to make Lucent Sky AVM detect the encoding format of the file. If org.eclipse.core.resources.prefs does not exist, take the steps listed under All applications section below.All applications If a native encoding has been set as a scan argument, check that the argument is correctly specified. If a native encoding has been set in the runtime, check that the argument is correctly specified. If a native encoding has been set in the system configurations, check that it is correctly specified. Check that the application only includes one type of native character encoding. If there are two or more, then Lucent Sky AVM will use that which is detected in the greatest number of source files. When an application contains multiple native encoding formats, consider reformatting some of the files such that they all follow a single character encoding scheme, then run the scan again.", "keywords": "avm, troubleshoot, dotnet, android, asp, cpp, ios, go, java, php, python, ruby, visualbasic" } , "/en/avm/how-to/exclude-clear-engine-files-from-antivirus-scanning": { "id": "229313", "url": "/en/avm/how-to/exclude-clear-engine-files-from-antivirus-scanning", "title": "Exclude CLEAR Engine files from antivirus scanning", "description": "", "date": "2021/5/18", "content" : "If antivirus software is running on the CLEAR Engine server, antivirus exclusions should be set.This article describes how to exclude CLEAR Engine files from antivirus scanning.In this article, you will learn how to: Exclude CLEAR Engine files from antivirus scanning.At the end, you will be able to exclude CLEAR Engine files from antivirus scanning.Exclude CLEAR Engine files from antivirus scanningIn the antivirus software, exclude the following files and directories from antivirus scanning: The file system storage of CLEAR Engine, typically C:ProgramDataLucent SkyCLEAR Engine SQL Server data files, typically .mdf, .ldf, and .ndfTo learn more about virus scanning on computers that are running SQL Server, view the following article on the Microsoft Learn website:Choosing antivirus software for computers that run SQL Server", "keywords": "avm, howto, antivirus, administration" } , "/en/avm/licensing/genuine": { "id": "658764", "url": "/en/avm/licensing/genuine", "title": "About Genuine Lucent Sky Software", "description": "", "date": "2022/4/9", "content" : "Genuine Lucent Sky software is published by Lucent Sky, properly licensed, and supported by Lucent Sky or its partners.By using genuine Lucent Sky software, customers have access to the software and services designed to help you secure your applications efficiently.Frequently Asked QuestionsHere are answers to some common questions about genuine Lucent Sky software. How do I know if I am running genuine Lucent Sky software? The best way to make sure is to purchase Lucent Sky products and services directly from Lucent Sky or from an authorized Lucent Sky channel partner. Once your Lucent Sky software is up and running, make sure the serial number and the type of license on your license documents match those shown within the software. I see messages that my software is not genuine or my license is invalid. How do I fix this? If you are seeing messages that the copy of Lucent Sky software is not genuine, or that your license is invalid, it is likely that your copy of Lucent Sky software was not properly activated, its license has expired, or is otherwise not genuine. Until you correct the issue, your copy of Lucent Sky software will enter a reduced functionality mode. Contact Lucent Sky or your Lucent Sky channel partner to resolve this issue. Can I install Lucent Sky software on more than one system? You cannot install Lucent Sky software on more systems than your license and the Lucent Sky Software License Terms allow. For example, your license contains five Lucent Sky AVM instances and you will be able to install Lucent Sky AVM on five systems. How are license activation and genuine Lucent Sky software related? License activation pairs your product key with your hardware configuration and helps verify that your copy of Lucent Sky software is being used in the scope of your license. Usually, you only need to activate Lucent Sky software once, unless you make a significant hardware change. Genuine Lucent Sky software is a recurring process that checks your product key to make sure it is being used on hardware that is different from what you were using when you activated Lucent Sky software. The genuine check is performed when the hardware configuration changes, when the software is updated, and periodically by the software itself. Do I need to connect my system to the Internet for license activation and genuine check? License activation can be done either online or offline. An online activation takes only a few seconds, while an offline activation can take up to 24 hours. Genuine check is done locally on the system that has Lucent Sky software installed. Whether an Internet connection is available does not impact the genuine check. What are the common reasons why genuine check might fail? Major hardware changes - You might start to see messages that your copy of Lucent Sky software is not genuine or the license is invalid after making major hardware changes to the systems, such as changing components or migrating to a different VM host. It is recommended to deactivate the license before making major hardware changes, and reactivate the license after the changes. If you have already made the changes, contact Lucent Sky support to bind your license to the new system configuration. 1 product key = 1 system - Another common cause is that you used the same product key on a new system before deactivating the key on the previous system. Contact Lucent Sky support to unbind the product key from the previous system and activate the product key on the new system. Expired license - If you obtained your copy of Lucent Sky software through a subscription or a program, the license came with it expires with the subscription or the program. Contact the place where you obtained the subscription or the program manager for renewal. Revoked product key - A product key can be revoked for various reasons, such as when the product key was compromised or there is an issue of the associated license. For additional help regarding a revoked product key, contact Lucent Sky support. How do I get additional help regarding genuine Lucent Sky software? For support regarding genuine Lucent Sky software, contact Lucent Sky support. It will be helpful if you have the license documents ready, or contact support from the email address associated with your license. If you obtained Lucent Sky software through a Lucent Sky partner, you are encouraged to contact them first for faster service. ", "keywords": "avm, licensing" } , "/en/avm/integrations/github-actions": { "id": "219357", "url": "/en/avm/integrations/github-actions", "title": "Use Lucent Sky AVM with GitHub Actions", "description": "", "date": "2026/02/10", "content" : "This article describes how to integrate Lucent Sky AVM with GitHub Actions. By integrating Lucent Sky AVM with an application's continuous integration pipelines, developers can ensure that only code changes meeting the security standards are committed or deployed.The Lucent Sky AVM CLI commands used in this article favor simplicity over scalability. For example, asynchronous methods such as BeginAnalyze might be more suitable than their synchronous counterparts when working with a large application. To learn about more advanced functionalities of the CLI, view the following article in the Lucent Sky Knowledge Base:Lucent Sky AVM CLI referenceIn this article, you will learn how to: Prepare Lucent Sky AVM CLI for use in GitHub Actions. Start a scan in GitHub Actions. Download and evaluate a scan report in GitHub Actions. Download the remediated source code and create a pull request in GitHub Actions.At the end, you will be use Lucent Sky AVM in GitHub Actions to start a scan, download and evaluate reports, and work with remediated source code in GitHub Actions.Prepare Lucent Sky AVM CLI for use in GitHub ActionsLucent Sky AVM CLI needs to be downloaded to the GitHub Actions runner before it can be used. How the CLI is downloaded varies and depends on each organization's needs and requirements, and the CLI might already be present if using a self-hosted runner.To learn more about how to install Lucent Sky AVM CLI on different operating systems, view the following article in the Lucent Sky Knowledge Base:Administration guide to Lucent Sky AVM CLI Navigate to the Settings > Secret section of the GitHub project. Create a repository secret named ApiKey with the value of an API key to the Lucent Sky AVM server. Navigate to the Actions section of the GibHub project and edit the .yml file of the workflow. In the .yml file, locate the env section and add the following variables: env: # Replace <InstanceFqdn> with the FQDN or IP address of the Lucent Sky AVM instance InstanceFqdn: <InstanceFqdn> # Replace <ApplicationId> with the value of the project's application ID on the Lucent Sky AVM instance ApplicationId: <ApplicationId> In the .yml file, locate an appropriate location to download the CLI, such as after the application build is completed. Insert the following code to the .yml file, which downloads the CLI setup file to $Env:RUNNER_TOOL_CACHE/tools/clear-cli.zip and extracts its content to $Env:RUNNER_TOOL_CACHE/tools/clear-cli. - name: Download CLI run: | $platform = switch -Regex ($PSVersionTable.OS) { "Darwin" { "osx-x64" } "Linux" { "linux-x64" } default { "win-x64" } } Invoke-WebRequest -Uri "https://lsky.co/clearcli-$platform" -OutFile "$Env:RUNNER_TOOL_CACHE/clear-cli.zip" Expand-Archive -Path "$Env:RUNNER_TOOL_CACHE/clear-cli.zip" -DestinationPath "$Env:RUNNER_TOOL_CACHE/clear-cli" Remove-Item -Path "$Env:RUNNER_TOOL_CACHE/clear-cli.zip" shell: powershell The URL https://lsky.co/clearcli-win-x64 points to the latest Lucent Sky AVM CLI for Windows. To pin the CLI to a specific version, append -version after the URL. For example, https://lsky.co/clearcli-win-x64-2512. Insert the following code to the .yml file, which configures the CLI to use a remote Lucent Sky AVM instance. - name: Configure CLI run: | cd "$Env:RUNNER_TOOL_CACHE/clear-cli" ./SkyAnalyzer.Interface.Cli --Interface config --Method set --Value "endpoint = $:5759" shell: powershell Start a scan in GitHub Actions Open the .yml file of the workflow, and locate an appropriate location to start the scan, such as after the build artifacts are available. Insert the following code to the .yml file, which generates a random scan ID. - name: Generate scan ID run: | # Replace <> with the Write-Output "ApplicationId=<ApplicationId>" | Out-File -FilePath $Env:GITHUB_ENV -Append Write-Output "ScanId=$(New-Guid)" | Out-File -FilePath $Env:GITHUB_ENV -Append shell: powershell Insert the following code to the .yml file, which creates a scan under the application on Lucent Sky AVM server, and uploads the build artifact for analysis. - name: Create and start scan run: | cd "$Env:RUNNER_TOOL_CACHE/clear-cli" ./SkyAnalyzer.Interface.Cli --Key $ --Interface Scan --Method Create --ApplicationId $ --ScanId $ ./SkyAnalyzer.Interface.Cli --Key $ --Interface Scan --Method Analyze --ScanId $ --SourceCodePath "$Env:GITHUB_WORKSPACE/target/ContosoWeb.war" shell: powershell Insert the following code to the .yml file, which checks the scan result code to determine if the scan was completed successfully. - name: Get scan result run: | cd "$Env:RUNNER_TOOL_CACHE/clear-cli" $scanResult = ./SkyAnalyzer.Interface.Cli --Key $ --Interface Scan --Method GetResult --ScanId $ if ($scanResult -lt 0) { [Console]::Error.WriteLine("Scan failed ($scanResult)"); exit $scanResult } shell: powershell Download and evaluate a scan report in GitHub Actions Open the .yml file of the workflow, and locate an appropriate location to evaluate the scan report, such as after the scan is completed. Insert the following code to the .yml file, which generates and downloads the XML report of the scan. - name: Download XML report run: | cd "$Env:RUNNER_TOOL_CACHE/clear-cli" ./SkyAnalyzer.Interface.Cli --Key $ --Interface Scan --Method Report --ScanId $ --ReportPath "$Env:RUNNER_TEMP/ScanResults/Xml-Report.zip" --ReportFormat xml shell: powershell Insert the following code to the .yml file, which extracts the XML report. - name: Extract XML report run: | Expand-Archive -Path "$Env:RUNNER_TEMP/ScanResults/Xml-Report.zip" -DestinationPath "$Env:RUNNER_TEMP/ScanResults" shell: powershell Insert the following code to the .yml file, which queries the XML report to evaluate if the scan has found any vulnerability with a priority score of 2 or higher. - name: Query XML report run: | cd "$Env:RUNNER_TOOL_CACHE/clear-cli" $resultCount = ./SkyAnalyzer.Interface.Cli --Interface Query --Method Execute --QueryDataSource "$Env:RUNNER_TEMP/ScanResults/Report.xml" --QueryStatement "SELECT COUNT(ID) FROM Results WHERE PRIORITY <= 2" Write-Output "ResultCount=$resultCount" | Out-File -FilePath $Env:GITHUB_ENV -Append shell: powershell Insert the following code to the .yml file, which publishes the build artifact as a pipeline artifact named war if no vulnerability with a priority score of 2 or higher was found. - uses: actions/upload-artifact@v2 if: ${{ env.ResultCount == 0 }} with: name: 'war' path: $/target/ContosoWeb.war Insert the following code to the .yml file, which generates and downloads the HTML report when at least one vulnerability with a priority score of 2 or higher was found. - name: Download HTML report if: ${{ env.ResultCount > 0 }} run: | cd "$Env:RUNNER_TOOL_CACHE/clear-cli" ./SkyAnalyzer.Interface.Cli --Key $ --Interface Scan --Method Report --ScanId $ --ReportPath "$Env:RUNNER_TEMP/ScanResults/Html-Report.zip" --ReportFormat html shell: powershell Insert the following code to the .yml file, which extracts the HTML report when at least one vulnerability with a priority score of 2 or higher was found. - name: Extract HTML report if: ${{ env.ResultCount > 0 }} run: | Expand-Archive -Path "$Env:RUNNER_TEMP/ScanResults/Xml-Report.zip" -DestinationPath "$Env:RUNNER_TEMP/ScanResults" shell: powershell Insert the following code to the .yml file, which publishes the HTML report as a pipeline artifact named report when at least one vulnerability with a priority score of 2 or higher was found. - uses: actions/upload-artifact@v2 if: ${{ env.ResultCount > 0 }} with: name: 'report' path: $/ScanResults/Report.html Download the remediated source code and create a pull request in GitHub Actions Open the .yml file of the workflow, and locate an appropriate location to work with the remediated source code, such as after the pipeline failed security policy evaluation. Insert the following code to the .yml file, which configures Git on the GitHub Actions runner and creates a branch for the remediated source code when at least one vulnerability with a priority score of 2 or higher was found. - name: Configure Git if: ${{ env.ResultCount > 0 }} run: | # Replace <UserEmail> with the user email to use for Git $UserEmail = "<UserEmail>" # Replace <UserName> with the user name to use for Git $UserName = "<UserName>" git config --global user.email "$UserEmail" git config --global user.name "$UserName" git checkout -b scan-$ shell: powershell working-directory: $ Insert the following code to the .yml file, which generates and downloads the remediated source code when at least one vulnerability with a priority score of 2 or higher was found. - name: Download remediated source code if: ${{ env.ResultCount > 0 }} run: | cd "$Env:RUNNER_TOOL_CACHE/clear-cli" ./SkyAnalyzer.Interface.Cli --Key $ --Interface Scan --Method Remediate --ScanId $ --RemediatedSourceCodePath "$Env:RUNNER_TEMP/ScanResults/RemediatedSource.zip" --RemediationOption 0 shell: powershell Insert the following code to the .yml file, which extracts the remediated source code over the original source code when at least one vulnerability with a priority score of 2 or higher was found. - name: Extract remediated source code if: ${{ env.ResultCount > 0 }} run: | Expand-Archive -Path "$Env:RUNNER_TEMP/ScanResults/RemediatedSource.zip" -DestinationPath "$Env:GITHUB_WORKSPACE" shell: powershell Insert the following code to the .yml file, which commits the remediated source code to a branch when at least one vulnerability with a priority score of 2 or higher was found. - name: Commit and push remediated source code if: ${{ env.ResultCount > 0 }} run: | # Replace <AplPath> with Application Protection Library files suitable for the framework of the project AplPath="<AplPath>" git add **/$AplPath; git commit -m "Instant Fixes from scan $" git push -u origin scan-$ shell: powershell working-directory: $ Insert the following code to the .yml file, which fails the pipeline when at least one vulnerability with a priority score of 2 or higher was found. - name: Fail pipeline if: ${{ env.ResultCount > 0 }} run: | [Console]::Error.WriteLine('This build did not pass the scan criteria.') exit -1 shell: powershell Navigate to the Pull requests section of the GitHub project, and create a pull request from the branch containing the remediated source code. ", "keywords": "avm, integration, github, devops, continuousintegration, ci" } , "/en/avm/integrations/gitlab-pipelines": { "id": "240896", "url": "/en/avm/integrations/gitlab-pipelines", "title": "Use Lucent Sky AVM with GitLab Pipelines", "description": "", "date": "2026/02/10", "content" : "This article describes how to integrate Lucent Sky AVM with GitLab Pipelines. By integrating Lucent Sky AVM with an application's continuous integration pipelines, developers can ensure that only code changes meeting the security standards are committed or deployed.The Lucent Sky AVM CLI commands used in this article favor simplicity over scalability. For example, asynchronous methods such as BeginAnalyze might be more suitable than their synchronous counterparts when working with a large application. To learn about more advanced functionalities of the CLI, view the following article in the Lucent Sky Knowledge Base:Lucent Sky AVM CLI referenceIn this article, you will learn how to: Prepare a GitLab runner with Lucent Sky AVM CLI. Prepare Lucent Sky AVM CLI for use in GitLab Pipelines. Start a scan in GitLab Pipelines. Download and evaluate a scan report in GitLab Pipelines. Download the remediated source code and create a pull request in GitLab Pipelines.At the end, you will be use Lucent Sky AVM in GitLab Pipelines to start a scan, download and evaluate reports, and work with remediated source code in GitLab Pipelines.Prepare a GitLab runner with Lucent Sky AVM CLIThis article assumes that a GitLab instance and a GitLab runner are available. To learn more about how to install GitLab, view the following article on the GitLab website:Install GitLabAlternatively, the following Docker Compose template can be used to quickly prepare a GitLab instance and a GitLab runner for testing purposes.version: '3'services: gitlab: image: 'gitlab/gitlab-ce:latest' container_name: gitlab restart: always # Replace <GitLabInstanceUrl> with the URL of the GitLab instance hostname: '<GitLabInstanceUrl>' environment: # Replace <GitLabInstanceUrl> with the URL of the GitLab instance GITLAB_OMNIBUS_CONFIG: | external_url '<GitLabInstanceUrl>' ports: - '80:80' - '443:443' - '22:22' volumes: - './config:/etc/gitlab' - './logs:/var/log/gitlab' - './data:/var/opt/gitlab' gitlab-runner: image: 'gitlab/gitlab-runner:latest' container_name: gitlab-runner restart: always depends_on: - gitlab volumes: - './runner/config:/etc/gitlab-runner' - '/var/run/docker.sock:/var/run/docker.sock' environment: # Replace <GitLabInstanceUrl> with the URL of the GitLab instance - 'CI_SERVER_URL=<GitLabInstanceUrl>' # Replace <RegistrationToken> with the registration token generated by GitLab - 'REGISTRATION_TOKEN=<RegistrationToken>' - 'RUNNER_EXECUTOR=shell' - 'DOCKER_IMAGE=alpine:latest'If the GitLab runner is not a container, run the following commands in the GitLab runner to install and configure Lucent Sky AVM CLI and its dependencies:case "$(uname)" in "Darwin") platform="osx-x64" ;; "Linux") platform="linux-x64" ;; *) platform="win-x64" ;; esacwget -O ~/clear-cli.zip "https://lsky.co/clearcli-$platform"sudo unzip ~/clear-cli.zip -d /opt/clear-clirm ~/clear-cli.zipsudo chown gitlab-runner:gitlab-runner -R /opt/clear-cli/SkyAnalyzer.Interface.Clisudo chmod u+x -R /opt/clear-cli/SkyAnalyzer.Interface.CliIf the GitLab runner is a container, run the following commands in the Docker host to install and configure Lucent Sky AVM CLI and its dependencies:sudo docker exec -it gitlab-runner case "$(uname)" in "Darwin") platform="osx-x64" ;; "Linux") platform="linux-x64" ;; *) platform="win-x64" ;; esacsudo docker exec -it gitlab-runner wget -O ~/clear-cli.zip "https://lsky.co/clearcli-$platform"sudo docker exec -it gitlab-runner sudo unzip ~/clear-cli.zip -d /opt/clear-clisudo docker exec -it gitlab-runner rm ~/clear-cli.zipsudo docker exec -it gitlab-runner sudo chown gitlab-runner:gitlab-runner -R /opt/clear-cli/SkyAnalyzer.Interface.Clisudo docker exec -it gitlab-runner sudo chmod u+x -R /opt/clear-cli/SkyAnalyzer.Interface.CliThe URL https://lsky.co/clearcli-linux-x64 points to the latest Lucent Sky AVM CLI for Linux. To pin the CLI to a specific version, append -version after the URL. For example, https://lsky.co/clearcli-linux-x64-2512.Register the GitLab runnerBefore the GitLab runner can be used by a pipeline. It needs to be registered with the GitLab instance. To learn more about how to register a runner, view the following article on the GitLab website:Registering runnersNotate the tag value when registering the runner, as it is needed when creating the pipeline.Start a scan in GitLab Pipelines Navigate to the Settings > CI/CD section of the GitLab project. Select Add Variable to create a new variable named ApiKey with the value of an API key to the Lucent Sky AVM server, and visibility set to Masked. GitLab provides various ways to store secrets. To learn more about how to store and use secrets in a GitLab pipeline, view the following article on the GitLab website:Pipeline security Open the .yml file of the pipeline, and add a scan stage in stages section: stages: - build - scan - test - deploy In the variables section of the .yml file, insert the following code to add the necessary variables: variables: # Replace <InstanceFqdn> with the FQDN or IP address of the CLEAR Engine instance InstanceFqdn: "<InstanceFqdn>" # Replace <ApplicationId> with the value of the project's application ID on the Lucent Sky AVM instance. ApplicationId: "<ApplicationId>" # Replace <ToolsDirectory> with the directory where Lucent Sky AVM CLI will be installed to, for example, /opt ToolsDirectory: "<ToolsDirectory>" In the .yml file, locate an appropriate location to add a scan job, such as after the application build is completed. Insert the following code to the .yml file, which creates a scan under the application on Lucent Sky AVM server, and uploads the build artifact for analysis. scan-job: stage: scan tags: # Replace <Tag> with the tag set when registering the runner - <Tag> script: - | # Set the sources directory to the working directory when the runner starts SourcesDirectory=`pwd` # Generate scan ID ScanId=`uuid` # Configure CLI to connect to a remote Lucent Sky AVM instance $ToolsDirectory/clear-cli/SkyAnalyzer.Interface.Cli --Interface Config --Method Set --Value "endpoint = ${InstanceFqdn}:5759" # Create scan $ToolsDirectory/clear-cli/SkyAnalyzer.Interface.Cli --Key $ApiKey --Interface Scan --Method Create --ApplicationId $ApplicationId --ScanId $ScanId # Start scan $ToolsDirectory/clear-cli/SkyAnalyzer.Interface.Cli --Key $ApiKey --Interface Scan --Method Analyze --ScanId $ScanId --SourceCodePath $SourcesDirectory Download and evaluate a scan report in GitLab Pipelines Open the .yml file of the GitLab Pipeline, and locate an appropriate location to evaluate the scan report, such as after the scan is completed. Insert the following code to the .yml file, which generates and downloads the XML report of the scan. download-xml-report: stage: scan tags: # Replace <Tag> with the tag set when registering the runner - <Tag> script: - | # Download XML report $ToolsDirectory/clear-cli/SkyAnalyzer.Interface.Cli --Key $ApiKey --Interface Scan --Method Report --ScanId $ScanId --ReportFormat "xml" --ReportPath "$TMPDIR/Xml-Report.zip" Insert the following code to the .yml file, which extracts the XML report. extract-xml-report: stage: scan tags: # Replace <Tag> with the tag set when registering the runner - <Tag> script: - | # Extract XML report mkdir "$TMPDIR/ScanResults" unzip "$TMPDIR/ScanResults/Xml-Report.zip" -d "$TMPDIR/ScanResults" Insert the following code to the .yml file, which queries the XML report to evaluate if the scan has found any vulnerability with a priority score of 2 or higher. query-xml-report: stage: scan tags: # Replace <Tag> with the tag set when registering the runner - <Tag> script: - | # Query XML report resultCount=`$ToolsDirectory/clear-cli/SkyAnalyzer.Interface.Cli --Interface Query --Method Execute --QueryDataSource "$TMPDIR/ScanResults/Report.xml" --QueryStatement "SELECT COUNT(ID) FROM Results WHERE PRIORITY <= 2"` Insert the following code to the .yml file, which publishes the build artifact as a pipeline artifact named war if no vulnerability with a priority score of 2 or higher was found. publish-build-artifact-pipeline-artifact: stage: scan tags: # Replace <Tag> with the tag set when registering the runner - <Tag> script: - | if [ "$resultCount" == "0" ]; then # Publish artifact # Insert artifact publication code fi Insert the following code to the .yml file, which generates and downloads the HTML report when at least one vulnerability with a priority score of 2 or higher was found. download-HTML-report: stage: scan tags: # Replace <Tag> with the tag set when registering the runner - <Tag> script: - | if [ "$resultCount" != "0" ]; then # Download HTML report $ToolsDirectory/clear-cli/SkyAnalyzer.Interface.Cli --Key $ApiKey --Interface Scan --Method Report --ScanId $ScanId --ReportFormat "html" --ReportPath "$TMPDIR/Html-Report.zip" fi Insert the following code to the .yml file, which extracts the HTML report when at least one vulnerability with a priority score of 2 or higher was found. extract-HTML-report: stage: scan tags: # Replace <Tag> with the tag set when registering the runner - <Tag> script: - | if [ "$resultCount" != "0" ]; then # Extract HTML report unzip "$TMPDIR/ScanResults/Html-Report.zip" -d "$TMPDIR/ScanResults" fi Download the remediated source code and create a pull request in GitLab Pipelines Open the .yml file of the GitLab Pipeline, and locate an appropriate location to work with the remediated source code, such as after the pipeline failed security policy evaluation. Insert the following code to the .yml file, which configures Git on the GitLab Pipelines agent and creates a branch for the remediated source code when at least one vulnerability with a priority score of 2 or higher was found. configure-git: stage: scan tags: # Replace <Tag> with the tag set when registering the runner - <Tag> script: - | if [ "$resultCount" != "0" ]; then cd $SourcesDirectory # Replace <UserEmail> with the user email to use for Git UserEmail="<UserEmail>" # Replace <UserName> with the user name to use for Git UserName="<UserName>" git config --global user.email "$UserEmail" git config --global user.name "$UserName" git checkout -b scan-$ScanId fi Insert the following code to the .yml file, which generates and downloads the remediated source code when at least one vulnerability with a priority score of 2 or higher was found. download-remediated-source-code: stage: scan tags: # Replace <Tag> with the tag set when registering the runner - <Tag> script: - | if [ "$resultCount" != "0" ]; then # Download the remediated source code $ToolsDirectory/clear-cli/SkyAnalyzer.Interface.Cli --Key $ApiKey --Interface Scan --Method Remediate --ScanId $ScanId --RemediatedSourceCodePath "$TMPDIR/ScanResults/RemediatedSource.zip" --RemediationOption 0 fi Insert the following code to the .yml file, which extracts the remediated source code over the original source code when at least one vulnerability with a priority score of 2 or higher was found. extract-remediated-source-code: stage: scan tags: # Replace <Tag> with the tag set when registering the runner - <Tag> script: - | if [ "$resultCount" != "0" ]; then # Extract the remediated source code unzip -o $TMPDIR/ScanResults/RemediatedSource.zip -d $SourcesDirectory fi Insert the following code to the .yml file, which commits the remediated source code to a branch when at least one vulnerability with a priority score of 2 or higher was found. commit-and-push-remediated-source-code: stage: scan tags: # Replace <Tag> with the tag set when registering the runner - <Tag> script: - | if [ "$resultCount" != "0" ]; then # Replace <AplPath> with Application Protection Library files suitable for the framework of the project AplPath="<AplPath>" git add **/$AplPath git commit -m "Instant Fixes from scan $ScanId" git push -u origin scan-$ScanId fi Insert the following code to the .yml file, which fails the pipeline when at least one vulnerability with a priority score of 2 or higher was found. fail-pipeline: stage: scan tags: # Replace <Tag> with the tag set when registering the runner - <Tag> script: - | if [ "$resultCount" != "0" ]; then echo "This build did not pass the scan criteria." exit 1 fi Navigate to the Code > Merge requests section of the GitLab project, and create a merge request from the branch containing the remediated source code. ", "keywords": "avm, integration, gitlab, devops, continuousintegration, ci" } , "/en/avm/how-to/install-license": { "id": "217484", "url": "/en/avm/how-to/install-license", "title": "Install Lucent Sky AVM license", "description": "", "date": "2024/1/22", "content" : "This article describes how to install a Lucent Sky AVM license.In this article, you will learn how to: Install a Lucent Sky AVM license with online activation using the Web UI and the CLEAR Engine installer. Install a Lucent Sky AVM license with offline activation using the Web UI and the CLEAR Engine installer. Uninstall a Lucent Sky AVM license using the Web UI and the CLEAR Engine installer. Troubleshoot errors that might occur during license installation.At the end, you will be able to install and uninstall a Lucent Sky AVM license, and troubleshoot errors that might occur during license installation.Install Lucent Sky AVM license Online activation using the Web UI Open the Web UI and sign in with an administrator account. Open Settings, then select License and Usage. Select Change Product Key, enter your license key in Product Key, then select Change Product Key. If the activation was successful, you will receive a confirmation and be signed out. Some license changes require restarting CLEAR Engine. To restart CLEAR Engine, sign in again, open Settings > System, then select Restart Service. Offline activation using the Web UI Open the Web UI and sign in with an administrator account. Open Settings, then select License and Usage. Select Change Product Key, enter your license key in Product Key, select Offline Activation, then select Change Product Key. The browser will automatically download a Request.txt file. Provide this file to Lucent Sky support. Once you receive a license file from Lucent Sky support, continue with the following steps. Open Settings, then select License and Usage. Select Install a License File, select the license file you received from Lucent Sky support, then select Install License File. If the activation was successful, you will receive a confirmation and be signed out. Some license changes require restarting CLEAR Engine. To restart CLEAR Engine, sign in again, open Settings > System, then select Restart Service. Online activation using the CLEAR Engine installer Open PowerShell as administrator. Enter the following command: # Replace <ProductKey> with product key $productKey = "<ProductKey>" ."C:ProgramDataLucent SkyCLEAR EngineMaintenanceCurrentSkyAnalyzer.Engine.Installer.exe" -aon "$productKey" Select Yes if you accept the license terms. A message box will confirm if the activation was successful. If the activation was not successful or a message box did not appear, refer to the log files under the Logs directory for more information on the activation failure. Some license changes require restarting CLEAR Engine. To restart CLEAR Engine, enter the following command: Stop-Service "CLEAR Engine"; Start-Service "CLEAR Engine" Offline activation using the CLEAR Engine installer Open PowerShell as administrator. Enter the following command: # Replace <ProductKey> with product key $productKey = "<ProductKey>" ."C:ProgramDataLucent SkyCLEAR EngineMaintenanceCurrentSkyAnalyzer.Engine.Installer.exe" -acr "$productKey" A dialog box will appear indicating a Request.txt file was created. Provide this file to Lucent Sky support. Once you receive a license file from Lucent Sky support, continue with the following steps. Enter the following command: # Replace <LicenseFilePath> with path to license file $licenseFilePath = "<LicenseFilePath>" ."C:ProgramDataLucent SkyCLEAR EngineMaintenanceCurrentSkyAnalyzer.Engine.Installer.exe" -aco "$licenseFilePath" Select Yes if you accept the license terms. A message box will confirm if the activation was successful. If the activation was not successful or a message box did not appear, refer to the log files under the Logs directory for more information on the activation failure. Some license changes require restarting CLEAR Engine. To restart CLEAR Engine, enter the following command: Stop-Service "CLEAR Engine"; Start-Service "CLEAR Engine" Uninstall Lucent Sky AVM licenseDeactivating CLEAR Engine license allows moving the license to another server. Deactivation using the Web UI Open the Web UI and sign in with an administrator account. Open Settings, then select License and Usage. Select Change Product Key, enter 00000-00000-00000-00000-00000 in Product Key, then select Change Product Key. Refresh the page to confirm that the license type is Invalid. Deactivation using the CLEAR Engine installer Open PowerShell as administrator. Enter the following command: ."C:ProgramDataLucent SkyCLEAR EngineMaintenanceCurrentSkyAnalyzer.Engine.Installer.exe" -aon "00000-00000-00000-00000-00000" On the Web UI, open Settings and select License and Usage. Confirm that the license type is Invalid. Troubleshoot errors that might occur during license installationIf errors occurred during license installation, the error messages provided by the Web UI typically has a description accompanied by an error symbol (such as MALFORMED_PRODUCT_KEY), while the error messages provided by the CLI typically has a description accompanied by an error code (such as -11). As the descriptions might change, it is recommended to use the error symbol or the error code to look up the causes and solutions to error.To learn more about troubleshooting errors occurred during license installation, view the following article in the Lucent Sky Knowledge Base:Troubleshoot licensing errors", "keywords": "avm, howto, administration, licensing" } , "/en/avm/admin-guides/intellij-idea": { "id": "242805", "url": "/en/avm/admin-guides/intellij-idea", "title": "Administration guide to Lucent Sky AVM for IntelliJ IDEA", "description": "", "date": "2026/02/10", "content" : "This article covers the installation, configuration, and removal of Lucent Sky AVM for IntelliJ IDEA.In this article, you will learn how to: Install Lucent Sky AVM for IntelliJ IDEA Uninstall Lucent Sky AVM for IntelliJ IDEAAt the end, you will be able to install and uninstall Lucent Sky AVM for IntelliJ IDEA.System RequirementsProcessor, memory, and hard disk space requirements: Processor: 1.6 GHz processor Memory: 2 GB Hard disk space: 200 MBLucent Sky AVM for IntelliJ IDEA can be installed with the following versions of IntelliJ IDEA: IntelliJ IDEA 2022.2 - 2025.3Lucent Sky AVM for IntelliJ IDEA can be installed on the following operating systems: Windows (x64) macOS (Apple silicon and Intel) Ubuntu (x64)Lucent Sky AVM for IntelliJ IDEA requires Java 17 or later.Lucent Sky AVM for IntelliJ IDEA might also work with IntelliJ IDEA running on other architectures or other operating systems.Install Lucent Sky AVM for IntelliJ IDEA Lucent Sky AVM for IntelliJ IDEA requires the cross-platform Lucent Sky AVM CLI. Before installing Lucent Sky AVM for IntelliJ IDEA, install Lucent Sky AVM CLI. Lucent Sky AVM for IntelliJ IDEA will attempt to locate Lucent Sky AVM CLI in the following locations: on Windows %LOCALAPPDATA%ProgramsCLEAR CLI %LOCALAPPDATA%Programsclear-cli C:Program FilesLucent SkyCLEAR CLI on macOS $HOME/Applications/CLEAR CLI $HOME/Applications/clear-cli /Applications/CLEAR CLI on Ubuntu $HOME/clear-cli /opt/clear-cli To learn more about how to install Lucent Sky AVM CLI, view the following article in the Lucent Sky Knowledge Base:Administration guide to Lucent Sky AVM CLI Extract the .zip file from the Lucent Sky AVM for IntelliJ IDEA setup package. Open IntelliJ IDEA, open Settings > Plugins, select the gear icon, and select Install Plugin from Disk…. Select the .zip file to install.Uninstall Lucent Sky AVM for IntelliJ IDEA Open IntelliJ IDEA, open Settings > Plugins, and select the Installed tab. Select Lucent Sky AVM for IDEA in the list of installed plugins, and select Uninstall.", "keywords": "avm, guide, administration, intellij, intellijidea" } , "/en/avm/get-started/intellij-idea": { "id": "249039", "url": "/en/avm/get-started/intellij-idea", "title": "Get started with Lucent Sky AVM for IntelliJ IDEA", "description": "", "date": "2024/9/5", "content" : "Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.In this article, you will learn how to: Install Lucent Sky AVM for IntelliJ IDEA Scan an application Review the identified result and their Instant FixAt the end, you will be able to use Lucent Sky AVM for IntelliJ IDEA to scan projects, review scan results, and apply Instant Fixes to remediate vulnerabilities automatically.Prerequisites IntelliJ IDEA - This article uses IntelliJ IDEA 2024.1, but Lucent Sky AVM for IntelliJ IDEA can also be used in other supported version of IntelliJ IDEA.Install Lucent Sky AVM for IntelliJ IDEATo learn more about the installation and configuration of Lucent Sky AVM for IntelliJ IDEA, as well as system requirements, view the following article in the Lucent Sky Knowledge Base:Administration guide to Lucent Sky AVM for IntelliJ IDEACreate an API key Go to the Web UI in your browser, and then sign in with your credentials. Go to Settings > Account, and select Create a new key. In the dialog, enter CLI as the description of the key, then select Create Key. Select and copy the generated API key.Scan a project In IntelliJ IDEA, open the project. In the main menu, select Tools > Lucent Sky AVM > Sign In, and sign in with your Lucent Sky AVM API key. To create a new application for the scan, in the main menu, select Tools > Lucent Sky AVM > New Application. Enter the name of the application, select the framework of the application, and review and change its vectors as needed. Then, select OK to create the application. In the main menu, select Tools > Lucent Sky AVM > Scan, select the framework of the project, then select an application to start the scan. When the scan is in progress, notifications will display information about its progress.Review scan results Once the scan is completed, the scan results will appear in the Lucent Sky AVM window. Expanding a vulnerability category will show all results under that category. Expanding a result will show its Statements, Instant Fix, and Suggestion. Double-click on one of the Statements or Instant Fixes to open the file in the editor and go to the relevant line of code. To apply Instant Fix to a result, select and hold (or right-click) the Instant Fix of the result then select Remediate.", "keywords": "avm, getstarted, interface, intellij, intellijidea" } , "/en/avm/release-notes/known-issues": { "id": "872995", "url": "/en/avm/release-notes/known-issues", "title": "Known issues of Lucent Sky AVM", "description": "", "date": "2026/05/27", "content" : "This article describes the known issues of recent releases of Lucent Sky AVM.Known IssuesThis is a list of known issues of the current and previous releases of Lucent Sky AVM, including the symptoms, impacted versions, workarounds, and fixes.LicensingWhen a pending scan is deleted, the entire pending scan queue becomes stuckWhen a pending scan is deleted, sometimes the entire pending scan queue becomes stuck. The occurrence of this issue is extremely rare. This is due to a timing bug in queue management.This issue impacts 1903, and has been fixed in 1912 MR.Pre-analysisExtended pre-analysis time for certain applicationsWhen analyzing certain applications, especially those with large resource files, the pre-analysis time is greatly extended.This issue impacts 1909 MR and SU1, and has been fixed in 1912 MR.Scan appears to be stuck during pre-analysisWhen certain I/O errors occurred during pre-analysis, the scan appears to be stuck in the pre-analysis stage. Running the scan again resolves the issue.This issue impacts versions between 2006 SU1 and 2112 SU1, and has been fixed in 2203 MR.Misclassification of certain Python dependenciesWhen scanning Python applications, some dependencies are not properly classified as dependencies.This issue impacts 2212 MR and earlier, and has been fixed in 2212 SU1.Build.NET web site scan failed with result -49999990When scanning a .NET web site, the scan failed with the result code -49999990.Additionally, the compilation logs include the following error:An unexpected error has occurred. The correlation ID is c8ebd46a-f8dc-43b8-a94c-dd9c046c5b1c.`This is an issue related to the way .NET web sites are detected.This issue impacts 1810, and has been fixed in 1811 MR.Ant log entries were saved to the generic scan log file instead of Ant log fileWhen building a Java application with Ant, build log entries were saved to the generic log file (ScanId.log) instead of Ant log file (ScanId-Ant.log). Additionally, when a scan failed due to Ant build errors, Ant log is not available to download on the Web UI.This issue impacts 1811 SU3, and has been fixed in 1903 MR.The Configuration and OutputPath build properties cannot be set with scan argumentsWhen building a .NET applications, if the BuildProperties scan argument contains Configuration or OutputPath, the scan will either fail to start or ignore the build properties.This issue impacts versions between 1903 MR and 1906 MR, and has been fixed in 1909 MR.Ant build fails when a custom runtime is selectedWhen building a Java application with Ant and a custom runtime is selected, the build fails because JSP compilation issues. This issue is due to the built-in Tomcat runtime being unavailable when a custom runtime is selected.This issue impacts 1912 MR, and has been fixed in 1912 SU1.Maven build does not save build output to log filesWhen building a Java application with Maven, the build output might not be properly save to log files. This issue is due to an issue in the encoding conversion mechanism for log files.This issue impacts 1912 MR and SU1, and has been fixed in 2003 MR.Ant build fails after scanning Java applications with certain dependenciesAfter scanning a Java application with certain dependencies, Ant build fails on any subsequent scans. This issue is due a reconfiguration mechanism being triggered with incorrect parameters.This issue impacts 2003 MR and earlier, and has been fixed in 2006 MR.Ant build failed when scanning Java applications with no .java fileWhen scanning certain Java application with no .java file, Ant build fails.This issue impacts 2009 MR and earlier, and has been fixed in 2009 SU1.Unable to download Gradle logs when build failedWhen an application using Gradle failed to build, Gradle logs are not available on the Web UI.This issue impacts 2006 MR to 2009 MR, and has been fixed in 2112 MR.Unable to locate Build Tools for Visual Studio 2022When the instance only has certain versions of Build Tools for Visual Studio 2022 installed, scanning some .NET applications might fail due to MSBuild is not found.This issue impacts 2109 MR to 2112 SU1, and has been fixed in 2203 MR.The 'WebAppPath' scan argument has no effectWhen scanning Java applications with certain web application structures, specifying the WebAppPath scan argument has no effect.This issue impacts 2306 MR and earlier, and has been fixed in 2309 MR.AnalysisScan appears to be stuck when analyzing applications with certain minimized JavaScript codeWhen scanning applications that contain JavaScript code files that were minimized with a few combination of minimizer and parameters, the scan might appear to be stuck for an exceedingly long time.To workaround this issue, manually exclude the impacted files from the scan.This issue impacts versions between 1806 and 1906 MR, and has been fixed in 1909 MR.Suppressed results reappear in C# applications scanned with source code analysisWhen scanning a C# application with only source code analysis, previously suppressed results may reappear.This is an issue related to the suppression algorithm in C# source code analysis engine.This issue impacts versions between 1807 and 1811 MR, and has been fixed in 1811 SU1.Scanning .NET Core projects fails with result code -62300001 (BinaryAnalysis_Error_ValidILNotFound)When scanning some .NET Core projects with explicitly specified project file, the scan might fail with result code -62300001 (BinaryAnalysis_Error_ValidILNotFound). This is an issue related to the binary file detection mechanisms. When a project file was explicitly specified, Lucent Sky AVM uses the project file to locate the primary assembly file of the project. Some .NET Core project do not specify a primary assembly file in their project files.To workaround this issue, do not explicitly specify a project file and let Lucent Sky AVM automatically detect it.This issue impacts 1811 MR and SU1, and has been fixed in 1811 SU2.Files skipped during Python analysis marked as analyzedWhen syntax errors in a Python file caused it to be skipped during Python analysis, the file is still marked as being analyzed.This issue impacts versions between 1909 MR and 1912 SU1, and has been fixed in 2003 MR.Some scan log entries of C/C++ applications are missingWhen scanning a C/C++ application, some of all of the log entries might be missingThis issue impacts 2003 MR and SU1, and has been fixed in 2006 MR.Results with the 'WebService' vector cannot be suppressedWhen a result with the WebService vector is suppressed, it still appears in subsequent scans.This issue impacts version between 1909 MR and 2003 MR, and has been fixed in 2006 MR.Scan with custom rule package is stuck at Analysis S-3Scan with a custom rule package might become stuck at Analysis S-3 (41%) if the custom rule package contains certain custom identification rules.This issue impacts 2006 SU1, and has been fixed in 2009 MR.Some valid custom binary analysis rules are rejectedRule packages containing certain binary analysis rules are considered invalid.This issue impacts versions between 1903 MR and 2009 MR, and has been fixed in 2009 SU1.Known open source libraries included in source code analysis when 'SkipKnownSafeFiles' is enabledSome known open source libraries included in source code analysis when the scan argument 'SkipKnownSafeFiles' is not set or set to true.This issue impacts 2009 MR and SU1, and has been fixed in 2103 MR.Additional results are identified in backup files containing vulnerable source codeIf a backup file contains source code that is vulnerable to certain weaknesses, in addition to CWE-530, those weaknesses are also identified as if they exist in normal code files.This issue impacts 2009 SU1, and has been fixed in 2103 MR.Some ASP.NET files are scanned in an ASP scanWhen the source code archive of an ASP scan contains ASP.NET files with certain files names, these files are scanned as ASP files.This issue impacts versions between 2009 MR and 2103 MR, and has been fixed in 2106 MR.Some PHP and Python files might not be fully analyzed when the storage repository is set to certain custom locationsWhen the storage repository is set to certain custom locations, some PHP and Python files might not be fully analyzed.This issue impact versions between 2103 MR and 2106 MR, and has been fixed in 2109 MR.Some multiple class-scoped results in the same class appear as a single resultWhen a class contains multiple class-scoped results, some of these results might appear as a single result.This issue impacts versions between 2106 MR and 2109 MR, and has been fixed in 2112 MR.Some results in Java applications appear as multiple resultsSome results in Java applications identified by dataflow analysis might appear as multiple results with exact details.This issue impacts versions between 1804 and 2109 MR, and has been fixed in 2112 MR.Binary analysis completes with 'Warning_SymbolMissing (71200003)' even with symbol filesBinary analysis might complete with a 'Symbol files are missing or incompatible' warning even when symbol files were included in the source code archive.This is due to an issue with the symbol detection mechanism.This issue impacts 2112 SU1, and has been fixed in 2203 MR.ECMAScript files mistakenly characterized as minified filesSome ECMAScript code files might be mistakenly characterized as minified files, therefore skipping some analyses.This issue impacts versions between 2112 MR and 2206 MR, and has been fixed in 2206 SU1.Remediated vulnerabilities in Java applications reappear in subsequent scansCertain CWE-89 vulnerabilities in Java applications remediated using Application Protection Library reappear in subsequent scans.This issue impacts all recent versions up to 2206 SU1, and has been fixed in 2209 MR..NET files scanned by source code analysis not marked as scannedCertain .NET files are not marked as scanned by source code analysis even though they were successfully analyzed by source code analysis.This issue impacts versions between 2103 MR and 2212 MR, and has been fixed in 2212 SU1.False positive when certain security functions are used to remediate vulnerabilitiesWhen a security function is used to remediate vulnerabilities .NET, Java, or Python applications in a certain way, the security function is not recognized and the result is still reported.This issue impacts versions between 2106 MR and 2212 SU1, and has been fixed in 2303 MR.CWE-90 in PHP applications identified as CWE-91On rare circumstances, CWE-90 (LDAP injection) results in PHP applications are identified as CWE-91 (XML injection).This issue impacts all recent versions up to 2212 SU1, and has been fixed in 2303 MR.Certain exceptions in .NET and Java applications misclassifiedCertain exception classes that derived from the Exception base class are misclassfied as vectors other than Exception. As a result, some CWE-209 (Generation of Error Message Containing Sensitive Information) results in .NET and Java applications are not identified.This issue impacts version 2406 MR, and has been fixed in 2409 MR.Some result details might be missing when process concurrency is enabledOn rare circumstances, some result details might be missing when process concurrency is enabled (MaxDegreeOfParallelism is set to other than 1).This issue impacts version 2406 MR and earlier, and has been fixed in 2409 MR.Scan fails when the source code archive contains certain license filesWhen analyzing source code archives containing certain license files, the scan might fail with the error code -39999990.This issue impacts version 2506 MR, and has been fixed in 2509 MR.Scan fails when the source code archive contains code files with certain syntax errorsWhen analyzing source code archives containing code files with certain syntax errors, the scan might fail with the error code -39999990.This issue impacts version 2512 MR, and is expected to be fixed in 2603 MR. A hotfix is available.ReportingThe Priority attribute is set at an incorrect level in XML reportsWhen generating an XML report, the Priority attribute of a Result is sometime generated at the InstantFix node instead of the Result node.This issue impacts 1811 MR, SU1, and SU2, and has been fixed in 1811 SU3.JavaScript syntax highlighting is not available in HTML reportsStatements of JavaScript might not be properly highlighted in HTML reports. In addition, an error message 'Couldn't find brush for: jscript' might appear.This issue impacts 1903 MR, and has been fixed in 1903 SU1.The file list in the reports has incorrect analysis markingThe file list in the HTML, PDF, and XML reports might not have the correct marking to indicate the analyses conducted on files.This issue impacts 1903 MR, and has been fixed in 1903 SU1.TypeScript files were analyzed but missing from the analyzed file listTypeScript files, even when analyzed successfully, are missing from the analyzed file list.This issue impacts 2006 MR, and has been fixed in 2006 SU1.The 'Information' field is missing in the HTML reportThe 'Information' field, which includes anomaly that does not impact scan accuracy, is missing in the HTML report.This issue impacts versions between 2103 MR and 2109 MR, and has been fixed in 2112 MR.The 'Analysis Target' field shows 'Custom' when the analysis target was detected automatically in the HTML/PDF reportFor some Java applications, the 'Analysis Target' in HTML and PDF reports shows 'Custom' instead of 'Automatic' when the analysis target was not specified and was detected automatically.This issue impacts versions between 2106 MR and 2109 MR, and has been fixed in 2203 MR.Reports generated by on-prem instances with On-Demand licenses contain evaluation disclaimerHTML and PDF reports generated by on-prem instances with On-Demand licenses may contain the "for evaluation purposes" disclaimer.This issue impacts 2203 MR and SU1, and has been fixed in 2206 MR.Inconsistent SBOM information in XML reportsFor vulnerable dependencies from certain data sources, the SBOM information in XML reports might be inconsistent with their CPE IDs.This issue impacts 2212 MR and SU1, and has been fixed in 2303 MR.HTML reports containing results with complex ECMAScript statements cause browsers to become unresponsiveWhen viewing HTML reports containing complex ECMAScript statements, certain browsers might become unresponsive.This issue impacts versions prior to 2212 SU1, and has been fixed in 2303 MR.Ruby files not properly marked as scanned by source code analysisWhen using certain analysis configurations, Ruby files are not properly marked as scanned by source code analysis.This issue impacts versions prior to 2306 MR, and has been fixed in 2309 MR.2022 CWE Top 25 not displayed in HTML and PDF reportsLabel for CWE Top 25 2022 is missing for results belonging to the category.This issue impacts versions 2303 MR and 2306 MR, and has been fixed in 2309 MR.CWE Top 25 displayed incorrectly in HTML and PDF reportsLabels for CWE Top 25 categories might be displayed with incorrect years.This issue impacts versions 2503 MR, and has been fixed in 2506 MR.RemediationRemediation becomes stuck when paths in the application archive have more than 158 charactersThe remediation process appears to stuck when the paths in the application archive have more than 158 characters.This issue impacts all recent versions up to 1811 SU2, and has been fixed in 1811 SU3.Remediated vulnerabilities in remediation information are displayed in the wrong orderWhen remediating an application with the 'Include mitigation info' option enabled, remediated vulnerabilities in remediation information are displayed in the wrong order (such as CWE359, CWE79 mitigated instead of CWE79, CWE359 mitigated).This issue impacts 1906 MR, and has been fixed in 1906 SU1.Incomplete dependency update guidance not available for certain vulnerable dependenciesDependency update guidance might be incomplete, such as missing version information, for certain vulnerable dependencies.This issue impacts versions between 2212 MR and SU1, and has been fixed in 2303 MR.Certain remediated vulnerabilities in Java applications are identified as vulnerableCertain vulnerabilities in Java applications are still identified as vulnerable even after being remediated using a recognized security library.This issue impacts versions between 2403 MR and 2412 MR, and has been fixed in 2503 MR.Some remediation settings in custom rule packages are not applied to vulnerabilities in Groovy and Scala source filesWhen a custom rule package contains remediation settings for Java applications, some of these vulnerability settings are not applied to vulnerabilities in Groovy and Scala source files.This issue impacts versions up to 2412 MR, and has been fixed in 2503 MR.InterfaceEmpty argument in the CLI being treated as not presentWhen setting an argument in the CLI to an empty string, the argument is being treated as not present instead of empty.This is due to some shells parsing an empty string ("") as a null character.To workaround this issue, supply a space character to the argument. For example, to set the Value argument to empty, use --Value " " instead of --Value "".The Query method in the CLI is using the legacy priority calculation algorithmThe Query method in the CLI is using the legacy priority calculation algorithm. This results in inconsistency of the priority score between CLI queries and other interfaces and reports.This issue impacts versions between 1807 and 1811 SU2, and has been fixed in 1811 SU3.Project list does not load when the Web UI is opened in the backgroundWhen opening the project list or the scan list, if the browser tab is in the background, the list does not load. This is an issue related to the AJAX API calls.This issue impacts 1811 MR and most earlier versions, and has been fixed in 1811 SU1.System information shows version 1812 when the instance is running 1811 SU1The system information page shows the current version as 1812 (5.8.4100) when the instance is running 1811 SU1 (5.8.4100). Additionally, the generated reports also show version 1812 instead of 1811 SU1. This is an issue related to the new Minor Release/Servicing Update release rhythm.This issue impacts 1811 SU1, and has been fixed in 1811 SU2.Report and Remediate options appear in the Action Bar when they are not availableWhen viewing a completed scan on the Web UI, the Report and Remediate options appear in the Action Bar even though they are not available.This issues impacts 1903 MR, and has been fixed in 1903 SU1.Logs from scans conducted on versions before 1912 MR is unavailable on the CLI or the Web UIWhen downloading logs from scans that were conducted on versions before 1912 MR using the CLI or the Web UI, an error message indicates the log files are not available. This issue is due to the change of log naming schemes in 1912 MR.To workaround this issue, download the log files from the instance running CLEAR Engine.This issues impacts all versions earlier than 1912 MR when updated to 1912 MR or later versions.Multi-line remediation suggestion shows irrelevant line numberIf a remediation suggestion has multiple lines, irrelevant line numbers are shown for the second and higher lines. This is a cosmetic issue and does not impact remediated source code.This issue impacts all recent versions up to 1909 SU1, and has been fixed in 1912 MR.Error when navigating to a result hidden due to license limitationWhen navigating to a result hidden due to license limitation, the page shows the following message:An error has occurred.This issue impacts all recent versions up to 1909 SU1, and has been fixed in 1912 MR.Error 36001062 occurred when downloading logs using the CLI or the Web UIWhen downloading logs using the CLI or the Web UI, error 36001062 occurred. This issue is due to a bug in log4net, a logging library used by Lucent Sky AVM.This issues impacts 1912 MR and SU1, and has been fixed in 2003 MR.The batch delete function on the Web UI returns DATA_ERROR even when the operation completed successfullyWhen deleting applications in batch on the Web UI, the operation sometimes return a data error even when it has completed successfully. The error message can be ignored safely.This issue impacts all currently supported versions.Guest users are unable to sign in on the Web UIIf a user belongs to the Guests group and not any other group, they are unable to sign in to the Web UI.This issue impacts 2003 MR, and has been fixed in 2006 MR.The name of arguments of the CLI is case sensitiveThe name of arguments of the CLI is case sensitive, while it should be case-insensitive.This issue impacts 2003 MR, and has been fixed in 2006 MR.Web UI is stuck in a redirect loop after password is changedWhen the password is changed on the Web UI, either through Settings > Account or Settings > Users, the user is sometime stuck in a redirect loop. This issue is due to the authentication token cached by the Web UI not being updated properly.To workaround this issue, close the browser and sign in to the Web UI again.This issue impacts 2006 MR, and has been fixed in 2006 SU1.7-Zip files with long paths are not properly detected7-Zip files with entries exceeding the path length limit are not detected, causing the upload to fail.The issue impacts versions between 2006 MR and 2009 MR, and has been fixed in 2009 SU1.Incorrect 'No Data' and 'No Scan' information on the application list page'No Data' is shown on the application list page even with low data mode disabled, while 'No Scan' is shown on the application list page with low data mode enabled.This issue impacts 2009 MR, and has been fixed in 2009 SU1.The application list page fails to load project information on Internet ExplorerOn Internet Explorer, the application list page fails to load project information. The project boxes are stuck at 'Loading'.This issue impacts versions between 2006 MR and 2009 MR, and has been fixed in 2103 MR.Selecting the pie chart on the scan details page redirects to the homepage.When selecting a result category on the pie chart on the scan details page, you are redirected to the homepage.This issue impacts 2009 MR and SU1, and has been fixed in 2103 MR.Filtering applications by scan status on the application list page does not workNo application is shown on the application list page when filtering by scan status.This issue impacts 2009 MR and SU1, and has been fixed in 2103 MR.Build might fail when scanning Ant projects in the Eclipse plug-inWhen using the Eclipse plug-in the scan Ant projects, build might fail if the system running Eclipse and the system running CLER Engine are set to different time zones.This issue impacts versions between 2006 MR and 2009 MR, and has been fixed in 2103 MR.The Eclipse plug-in and Visual Studio extension do not support Instant Fixes with mixed newline charactersIf an Instant Fix contains multiple lines with mixed newline characters (for example, a mix of CRLF and LF), the Instant Fix cannot be applied in either the Eclipse plug-in or Visual Studio extension.This issue impacts all recent version up to 2103 MR, has been fixed in 2106 MR.Queued scans show as 'Checking' instead of 'Queuing'A scan in the pending scan queue might shows 'Checking' instead of 'Queuing' on the Web UI.This issue impacts 2106 MR, and has been fixed in 2109 MR.The ROI page on the Web UI returns an errorWhen visiting the ROI page, the Web UI might return an error.This issue impacts 2112 MR, and has been fixed in 2112 SU1.Unable to create scan or edit application in the application list pageAfter idling on the application list page for an extended period of time, the create scan and edit application icons may no longer be available. The options return after refresh the page.This issue impacts versions between 2006 MR and 2112 SU1, and has been fixed in 2203 MR.Unable to search for application names or tags using certain special charactersWhen searching for application names or tags, if the search term contains certain special characters, these characters are removed.This issue impacts versions between 2203 MR and 2206 MR, and has been fixed in 2206 SU1.Unable to use the Network vector when creating a scan in IDE extensionsWhen creating a scan using Visual Studio extension or Eclipse plug-in, if the scan vectors contain the Network vector, the scan cannot be created.This issue impacts versions between 2203 MR and 2209 MR, and has been fixed in 2212 MR.Unresponsive Web UI when viewing results with complex ECMAScript statementsWhen viewing results containing complex ECMAScript statements, the Web UI might become unresponsive on certain browsers.This issue impacts versions prior to 2212 SU1, and has been fixed in 2303 MR.The CLI is incompatible with macOS through MonoCertain methods of the CLI does not run on certain recent versions of macOS with Mono 6.12.0.This issue impacts version 2212 SU1, and has been fixed in 2303 MR.Syntax highlighting is always set to dark modeOn certain browsers or browser configurations, syntax highlighting always uses dark mode regardless of dark mode setting on the Web UI.This issue impacts version 2506, and has been fixed in 2509 MR.The CLI or Web UI returns an error when querying dependenciesOn rare circumstances, the dependency API model received by the CLI or Web UI might be corrupted.This issue impacts version 2603, and is expected to be fixed in 2606 MR. A hotfix is available.Unable to upload a directory when starting an Autopilot scanWhen starting an Autopilot scan, there is no option to upload a directory even when the source code type is set to directory.This issue impacts version prior to 2603, and is expected to be fixed in 2606 MR. A hotfix is available.AdministrationUnable to update from Lucent Sky AVM version 1807When updating an instance running Lucent Sky AVM version 1807, the update process failed with the error message:SkyAnalyzer.Engine.Installer has stopped working.This is an issue related to the data migration process. Although it prevents the direct update from Lucent Sky AVM version 1807 to version 1811, it will not cause any data loss.To workaround this issue, first uninstall Lucent Sky AVM version 1807, then install Lucent Sky AVM version 1811.This issue impacts 1811 MR, and has been fixed in 1811 SU1.Web UI update fails if storage root is set to a drive other than C:When updating an instance using the Web UI, the update fails if storage root is set to a drive other than C:.This issue impacts all recent versions up to 1811 SU1, and has been fixed in 1811 SU2.The source of CLEAR Engine events is shown as 'Service1' in Windows EventsThe source of events generated by CLEAR Engine is shown as 'Service1' instead of 'CLEAR Engine' in Windows Events.This issue impacts 1811 MR and SU1, and has been fixed in 1811 SU2.Rule package is not properly installed when CLEAR Engine setup was interrupted and resumedWhen installing CLEAR Engine for the first time, if the setup program was interrupted and resumed, the rule package might not be properly installed.To workaround this issue, do not resume the setup program if it was interrupted. Instead, uninstall the installed components, delete the installation directory (C:Program FilesLucent Sky), and start the setup program again.This issue impacts 1903 MR and SU1, and has been fixed in 1906 MR. Instances that were updated to 1903 MR or SU1 from an earlier version are not impacted.The 'DiagnosticSettings' and 'MaxDegreeOfParallelism' settings are not preserved during an updateIf the DiagnosticSettings setting is set in SkyAnalyzer.config, it is reset to the default value (empty) when updating to a new version. If the MaxDegreeOfParallelism setting is set in SkyAnalyzer.config, it is reset to the default value 1 when updating to a new version.This issue impacts all recent versions up to 1909 SU1, and has been fixed in 1912 MR.Licenses might expire up to 12 hours earlier than the expiration dateIf the instance has its system clock set to a time zone other than UTC, the installed license might show as expired up to 12 hours earlier than the expiration date shown on the license information page. This is caused by how the licensing mechanism converts system clock to UTC.This issue impacts versions between 1909 MR and 2003 MR, and has been fixed in 2006 MR.The 'Encoding' setting is not preserved during an updateIf the Encoding setting is set in SkyAnalyzer.config, it is reset to the default value (empty) when updating to a new version.This issue impacts all recent versions up to 2003 MR, and has been fixed in 2006 MR.Some log entries may not appear in scan logs when multiple scans are running concurrentlyIf multiple scans are running concurrently, some log entries might be missing in scan logs.This issue impacts 2003 MR, and has been fixed in 2006 MR.Long path support is inconsistent on Windows Server 2019Long path support is inconsistent on some instances running on Windows Server 2019 (build 17763).This issue impacts all recent versions up to 2003 MR, and has been fixed in 2006 MR.The 'CLEAR Engine' service failed to start after updating to 2006 MROn systems with certain regional settings, the 'CLEAR Engine' service failed to start after updating to 2006 MR, and Windows Event Viewer has the following message: Startup validation failed. (-31101)This issue impacts 2006 MR, and has been fixed in 2006 SU1.Timestamp of a rule package is not properly updatedWhen the rule files of a rule package is updated, its timestamp is not updated.This issue impacts all recent versions up to 2006 MR, and has been fixed in 2006 SU1.Unable to update to 2006 SU1 or 2009 MR on systems without a valid licenseOn systems without a valid license, updating to 2006 SU1 or 2009 MR failed with error -131000.To workaround this issue, restore the configuration files in C:Program FilesLucent SkyCLEAR Engine, then use SkyAnalyzer.Engine.Installer.exe in the update package to install a license before updating.This issue impacts all recent versions up to 2009 MR, and has been fixed in 2009 SU1. However, as it is not possible to update to 2009 SU1 without upgrading to 2009 MR first, it is required to apply the workaround above, or skip 2009 MR and upgrade to 2103 MR or later directly.Setup program does not request administrator privilegesWhen running the setup program without administrator privileges, it does not request administrator privileges on certain systems.To workaround this issue, select and hold (or right-click) Setup.bat and select Run as administrator.This issue impacts all recent versions up to 2009 MR, and has been fixed in 2009 SU1.Some ongoing scans not marked as failed after CLEAR Engine restartedOn certain circumstances, scans that are ongoing when the CLEAR Engine restarted are stuck in their then-status and not marked as failedThis issue impacts versions between 2006 MR and 2103 MR, and has been fixed in 2106 MR.Online activation returns unexpected error for communication issuesWhen online activation fails due to issues communicating with the activation servers, an unexpected error (-999) is returned instead of the correct error code.To workaround this issue, make sure there is Internet connectivity before attempting online activation or use offline activation.This issue impacts all recent versions up to 2209 MR, and has been fixed in 2212 MR.The 'MultiFactorAuthentication' and 'ProcessIsolation' settings is not preserved during an updateIf the MultiFactorAuthentication setting is set in SkyAnalyzer.config, it is reset to the default value (empty) when updating to a new version. If the ProcessIsolation setting is set in SkyAnalyzer.config, it is reset to the default value true when updating to a new version.This issue impacts all recent versions up to 2503 MR, and has been fixed in 2506 MR.The 'AnalysisMode' scan argument is not migrated when upgrading from version 2409 to version 2503 or 2506If an instance was upgraded from version 2409 to version 2503 or 2506 (without upgrading to version 2412), the 'AnalysisMode' scan argument is not migrated to new values compatible with version 2503 and later.This issue impacts version 2409 MR. A migration tool is available to remedy this issue.", "keywords": "avm, releasenotes" } , "/en/avm/troubleshoot/licensing": { "id": "227890", "url": "/en/avm/troubleshoot/licensing", "title": "Troubleshoot licensing errors", "description": "", "date": "2023/6/13", "content" : "SymptomsYou receive an error code or an error message when working on licensing, such as activating or deactivating a product key, or installing or uninstalling a license file.CauseThis article describes common causes and solutions to licensing errors.Licensing is usually performed using the Web UI or the CLEAR Engine installer (SkyAnalyzer.Engine.Installer.exe). If errors occurred during license installation, the error messages provided by the Web UI typically has a description accompanied by an error symbol (such as MALFORMED_PRODUCT_KEY), while the error messages provided by the CLI typically has a description accompanied by an error code (such as -11). As the descriptions might change, it is recommended to use the error symbol or the error code to look up the causes and solutions to error.Resolution You receive the error code -11 or the following error when activating a product key or creating an activation request: The product key is not well-formed. (MALFORMED_PRODUCT_KEY) You receive this error because the product key is not well-formed. Verify the product key you used is correct. If the problem persists, contact Lucent Sky support. You receive the error code -12, -993, -996, or the following error when installing a license file: The license file is invalid. (INVALID_LICENSE_FILE) You receive this error because the license file is invalid. Perform offline activation again. If the problem persists, contact Lucent Sky support. You receive the error code -21, -22, -29, -991, -992, or the following error when activating a product key: An error occurred while communicating with the activation server. Try again later or use offline activation. (ACTIVATION_SERVER_ERROR) You receive this error because the an error occurred when contacting the activation server or when processing the activation request. Try to activate the product key later, or use offline activation. If the problem persists, contact Lucent Sky support. To learn more about activating a product key using offline activation, view the following article in the Lucent Sky Knowledge Base:Install Lucent Sky AVM license You receive the error code -31 or the following error when activating a product key: The product key has expired or exceeded its activation limit. (EXPIRED_PRODUCT_KEY) You receive this error because the product key has expired or exceeded its activation limit. Most product keys can only be activated on a single instance. If the product key has been activated on an instance, deactivate the product key on that instance and try to activate it again on the current. If unable to deactivate the product key, contact Lucent Sky support. To learn more about deactivating a product key, view the following article in the Lucent Sky Knowledge Base:Install Lucent Sky AVM license You receive the error code -41 or the following error when activating a product key or installing a license file: The serial number in the license file does not match the serial number of this instance. (SERIAL_NUMBER_MISMATCH) You receive this error because the serial number in the license file does not match the serial number of the current instance. Check the license document for the serial number, then change the serial number of the instance. To learn more about changing the serial number, view the following article in the Lucent Sky Knowledge Base:Change the serial number of a Lucent Sky AVM instance You receive the error code -42, -43, or the following error when activating a product key or installing a license file: An error occurred while initializing supplementary license store. (SUPPLEMENT_LICENSE_STORE_ERROR) You receive this error because an error occurred while initializing supplementary license store. The supplementary license store needs to be initialized, but the product key cannot be used to initialize the supplementary license store. Contact Lucent Sky support to request the reissuance of the product key. You receive the error code -101, -109, or the following error when activating a product key or installing a license file: There is one or more scans in progress. (SCAN_IN_PROGRESS) You receive this error because product key activation or license installation can only be performed when no scan is in progress. Perform product key activation or license activation when there is no scan in progress. You receive the error code -9999980 or the following error when performing certain actions after making a major licensing change, such as an SKU change: A system error occurred. (SYSTEM_ERROR) You receive this error because CLEAR Engine service has not been restarted after the major licensing change. Restart CLEAR Engine service for the changes to take effect. You receive an error code or error message not listed above. If you received an error code or error message not listed above, contact Lucent Sky support and include the error code, error message, and log files (if available) in your service request. ", "keywords": "avm, troubleshoot, engine, clearengine, licensing" } , "/en/avm/how-to/locate-storage-location": { "id": "221229", "url": "/en/avm/how-to/locate-storage-location", "title": "Locate the storage locations used by Lucent Sky AVM", "description": "", "date": "2022/10/13", "content" : "This article describes how to locate the locations of database and file system storage used by a Lucent Sky AVM instance.In this article, you will learn how to: Locate the SQL Server of the database used by a Lucent Sky AVM instance. Locate the location of the file system storage used by a Lucent Sky AVM instance.At the end, you will be able to locate the locations of the database and file system storage used by a Lucent Sky AVM instance.Locate the SQL Server of the database used by a Lucent Sky AVM instanceLucent Sky AVM uses a SQL Server database to store its relational data, such as application settings and scan results. For cluster, this SQL Server instance is used by all nodes of the cluster. The default SQL Server instance is .SQLEXPRESS, which is the SQLEXPRESS instance on the local SQL Server. Open PowerShell as administrator and enter the following command to open the CLEAR Engine configuration file with the default text editor: ((Select-Xml -Path "C:Program FilesLucent SkyCLEAR EngineSkyAnalyzer.Engine.exe.config" -XPath "configuration/connectionStrings/add[@name='AnalysisContext']").Node.ConnectionString | Select-String 'Data Source=(.+?);').Matches[0].Groups[1].Value If the command returns an error or does not return anything, it indicates that the CLEAR Engine instance configuration file is corrupted. Contact Lucent Sky support. The output is the domain name or computer name of the SQL Server hosting the database. If the output contains a backward slash, the part after the backward slash is the instance name of the SQL Server. Locate the location of the file system storage used by a Lucent Sky AVM instanceLucent Sky AVM uses file system to store files, such as original and remediated source code, reports, and log files. This storage location is also known as storage root. For cluster, this location is used by all nodes of the cluster. The default location of the file system storage is C:ProgramDataLucent SkyCLEAR Engine. Open PowerShell as administrator and enter the following command to open the instance configuration file with the default text editor: (Select-Xml -Path "C:Program FilesLucent SkyCLEAR EngineSkyAnalyzer.config" -XPath "skyAnalyzer/add[@key='StorageRoot']").Node.value If the command returns an error or does not return anything, it indicates that the CLEAR Engine instance configuration file is corrupted. Contact Lucent Sky support. The output is the location of the file system storage. ", "keywords": "avm, howto, administration, storage" } , "/en/avm/troubleshoot/maintenance": { "id": "213082", "url": "/en/avm/troubleshoot/maintenance", "title": "Troubleshoot maintenance errors", "description": "", "date": "2024/1/22", "content" : "SymptomsYou receive an error message when updating CLEAR Engine and Web UI.CauseThis article describes common causes and solutions to errors during the update of CLEAR Engine and the Web UI.Resolution During update, an error message indicated that there are scans in progress: Unable to perform update because one or more scans are in progress. You receive this error there are scans in-progress either on the instance being updated or on another instance in the same cluster. This includes scan that has been created but not started yet. Follow these steps to identify the scans that are in progress: On the server hosting the SkyAnalyzer database, open PowerShell as administrator. Enter the following command to identify scans that are in progress: # Replace .SQLEXPRESS if using a custom SQL Server instance $sqlInstance = ".SQLEXPRESS" sqlcmd -S $sqlInstance -d SkyAnalyzer -Q "SELECT [ScanId], [ScanAgent] FROM [Scans] WHERE [IsCompleted] = 0" Scans with a ScanAgent are ongoing. Connect to the instance indicated by the ScanAgent. Wait for the scans to complete or forcibly stop the scans by stopping the CLEAR Engine service. Scans with an empty ScanAgent have been created but not started yet. Delete these scans by running the following commands in PowerShell: # Replace .SQLEXPRESS if using a custom SQL Server instance $sqlInstance = ".SQLEXPRESS" sqlcmd -S $sqlInstance -d SkyAnalyzer -Q "DELETE FROM [Scans] WHERE [ScanId] = '' AND [IsCompleted] = 0" If there are still scans that are in progress, they have to be manually stopped before update can continue: Open PowerShell as administrator. Enter the following command to stop the CLEAR Engine service: Stop-Service "CLEAR Engine" Repeat the previous steps on every instance in the cluster. On the server hosting the SkyAnalyzer database, open PowerShell as administrator. Enter the following command to manually stop unresponsive scans: # Replace .SQLEXPRESS if using a custom SQL Server instance $sqlInstance = ".SQLEXPRESS" sqlcmd -S $sqlInstance -d SkyAnalyzer -Q "UPDATE [Scans] SET [IsCompleted] = 1, [PreAnalysisResult] = -9999950 WHERE [IsCompleted] = 0" The update is ready to continue as there is no scan in progress. ", "keywords": "avm, troubleshoot, engine, clearengine" } , "/en/avm/troubleshoot/maven": { "id": "858798", "url": "/en/avm/troubleshoot/maven", "title": "Troubleshoot Maven errors", "description": "", "date": "2021/12/17", "content" : "SymptomsWhen you scan a Java application in Lucent Sky AVM and the JavaBuild scan argument is set to Maven, the scan fails with one of the following errors:One or more Maven build errors occurred when building the application. (-42210020)One or more Maven build errors occurred when building the application. (-42210021)In addition, Maven build log contains the following message:[INFO] BUILD FAILURECauseWhen scanning a Java application and the JavaBuild scan argument set to Maven, Apache Ant is used to build the application. If errors occurred during Maven build, the scan fails.ResolutionTo resolve this issue, use the following methods starting with the first method below. If that does not resolve the issue, try the next method.Method 1Resolve errors in Maven logs, then scan the application again.To learn more about common types of Maven errors, see the More Information section.Method 2Use direct binary analysis to scan Java applications without building them in Lucent Sky AVM. To learn more about how to use direct binary analysis, view the following article in the Lucent Sky Knowledge Base:Scan an application using direct binary analysisMethod 3To disable binary analysis and only use source code analysis to scan a Java application, include AnalysisEngines,20 in scan arguments.More InformationCommon types of Maven build errors include: Syntax and semantic errors - There are two common causes of syntax and sematic errors in JDK compilation, either that there are actual syntax and semantic errors in the source code, or the source code was compiled with an incorrect encoding. For more information on how to resolve encoding problems, view the following article in the Lucent Sky Knowledge Base:Troubleshoot encoding problems Repository errors - The most common reason for repository errors is that the Lucent Sky AVM instance is unable to access the specified repositories. For more information on how to configure Maven bundled with Lucent Sky AVM, view the following article in the Lucent Sky Knowledge Base:Configure package repositories ", "keywords": "avm, troubleshoot, build, java, maven" } , "/en/avm/troubleshoot/msbuild": { "id": "369428", "url": "/en/avm/troubleshoot/msbuild", "title": "Troubleshoot MSBuild errors", "description": "", "date": "2020/12/1", "content" : "SymptomsWhen you scan a .NET application in Lucent Sky AVM, the scan fails with one of the following errors:MSBuild failed. ASP.NET compilation was skipped. (-42110062)MSBuild failed. ASP.NET compilation failed. (-42110063)Alternatively, the scan might complete but with one of the following warnings:MSBuild failed. (41110021)MSBuild failed. Some ASP.NET files were skipped during ASP.NET compilation. (41110062)CauseWhen scanning a .NET application, MSBuild is used to build the application. If errors occurred during MSBuild, the scan fails or completes partially.ResolutionTo resolve this issue, use the following methods starting with the first method below. If that does not resolve the issue, try the next method.Method 1Resolve errors in MSBuild logs, then scan the application again. MSBuild logs contain one of the following error messages: Could not load file or assembly 'Microsoft.Build' Could not load type '...' from assembly 'Microsoft.Build.Framework' The MSBuild requested by the application is not available. If the application uses a version of MicrosofT Build Tools other than the ones bundled with .NET Framework, install the required or latest Microsoft Build Tools, such as Visual Studio Build Tools 2019, on the server running CLEAR Engine, and include MsBuild,latest in scan arguments. MSBuild logs contain the following error message: error MSB4019: The imported project "C:Program Files (x86)MSBuildMicrosoftVisualStudiov11.0WebApplicationsMicrosoft.WebApplication.targets" was not found. Confirm that the path in the <Import> declaration is correct, and that the file exists on disk. The application is developed with Visual Studio 2012 or an earlier version. Install the Visual Studio version used to develop the application on the server running CLEAR Engine. MSBuild logs contain the following error message: error MSB4041: The default XML namespace of the project must be the MSBuild XML namespace. The application targets .NET Core, or otherwise uses a standalone version of Microsoft Build Tools such as Visual Studio Build Tools 2019. If the application targets .NET Core, install the required or latest Microsoft Build Tools, such as Visual Studio Build Tools 2019, on the server running CLEAR Engine, and include MsBuild,latest in scan arguments. MSBuild logs contain the following error message: error CS0006: Metadata file 'C:Windowssystem32configsystemprofile.nugetpackages...' could not be found. The application uses NuGet, and the source code archive does not include the required packages. Make sure the server running CLEAR Engine can access the NuGet feeds required by the application. Additionally, an issue in NuGet might prevent MSBuild from downloading the required packages. For more information on how to avoid this issue by configuring packages directories, view the following article in the Lucent Sky Knowledge Base: Administration guide to CLEAR Engine and Web UI § Configure packages directories Alternatively, copy the packages located in C:WindowsSysWOW64configsystemprofile.nugetpackages to C:WindowsSystem32configsystemprofile.nugetpackages. MSBuild logs contain an error message indicating a syntax error, such as one of the following: error CS1002: ; expected. error CS1010: Newline in constant. error CS1525: Invalid expression term '}' There might be syntax or semantic errors in the source code, or the source code files might be using a different native (non-Unicode) encoding than the one used by the operating system. For more information on how to resolve encoding problems, view the following article in the Lucent Sky Knowledge Base: Troubleshoot encoding problems MSBuild logs indicate that a property, such as SolutionDir, is null or undefined The project file might expect certain build properties to be set in the build process. To manually specify build properties, use the scan argument BuildProperties. Each property should be seperated by a comma instead of a semicolon. For example, BuildProperties,SolutionDir=....Solutions,SkipPostBuildTask=1. To learn more about common types of MSBuild errors, see the More Information section.Method 2Use direct binary analysis to scan .NET applications without building them in Lucent Sky AVM. To learn more about how to use direct binary analysis, view the following article in the Lucent Sky Knowledge Base:Scan an application using direct binary analysisMethod 3To disable binary analysis and only use source code analysis to scan a .NET application, include AnalysisEngines,20 in scan arguments.More InformationOther common errors in MSBuild include: An assembly reference is missing - MSBuild could not find the assembly of the namespace or class listed in the error message. This kind of error can typically be solved by either placing the required .dll in the bin directory of the project, or by installing the required runtimes on the server running CLEAR Engine. A .targets file is not found - MSBuild could not find the .targets file listed in the error message. This can be solved by installing the necessary build tools or SDKs on the server running CLEAR Engine. Alternatively, locate the .targets file in the development environment, and place it in the same directory of the server running CLEAR Engine. An external task failed - Some project files or .targets files include external tasks (such as executing an executable). If such task could not be executed by MSBuild, an error might occur. Most external tasks can be safely skipped by removing it from the project files or .targets files. Syntax and semantic errors - There are two common causes of syntax and sematic errors in MSBuild, either that there are actual syntax and semantic errors in the source code, or the source code was compiled with an incorrect encoding. For more information on how to resolve encoding problems, view the following article in the Lucent Sky Knowledge Base:Troubleshoot encoding problemsIf MSBuild failed due to compiler errors (such as CS1234 or BC1234, instead of MSB1234), see the following information: For more information on C# compiler errors and resolutions view the following article on the Microsoft Learn website :C# Compiler Errors For more information on Visual Basic compiler errors and resolutions, view the following article on the Microsoft Learn website:Error messages in Visual Basic", "keywords": "avm, troubleshoot, build, dotnet, msbuild" } , "/en/avm/integrations/new-relic": { "id": "472221", "url": "/en/avm/integrations/new-relic", "title": "Link applications between Lucent Sky AVM and New Relic APM", "description": "", "date": "2024/1/24", "content" : "This article describes how to link applications in Lucent Sky AVM to their counterparts in New Relic APM. After the project is linked to an application, you can navigate to your New Relic dashboard for the project directly from Lucent Sky AVM Web UI.In this article, you will learn how to: Link an application in Lucent Sky AVM to its counterpart in New Relic APM.At the end, you will be able to link an application in Lucent Sky AVM to its counterpart in New Relic APM.Link an application on Lucent Sky AVM application to New Relic APMApplications in Lucent Sky AVM are linked to their counterparts in New Relic APM individually. Repeat these steps for each application that should be linked to New Relic APM. On https://rpm.newrelic.com, log into your New Relic account. Select the application you want to link with a Lucent Sky AVM project. The path of the URL (the part after https://rpm.newrelic.com) is the resource path. For example, if the New Relic URL to the application is https://rpm.newrelic.com/accounts/123456/applications/7654321, then the resource path is accounts/123456/applications/7654321. On Lucent Sky AVM Web UI, go to the application list. Hover over the application to link, and select the APM icon. In the edit application dialog, enter NewRelic in APM Provider and resource path in APM Resource Path, and the select Save.", "keywords": "avm, integration, newrelic" } , "/en/avm/compliance/ntia-sbom": { "id": "227971", "url": "/en/avm/compliance/ntia-sbom", "title": "Lucent Sky AVM for NTIA minimum elements for an SBOM", "description": "", "date": "2025/4/16", "content" : "The U.S. Presidential Executive Order on Improving the Nation's Cybersecurity (14028), released on May 12, 2021, calls for sweeping improvements to modernize Federal Government cybersecurity and enhance software supply chain security. One of the items that they are requiring is a Software Bill of Materials (SBOM). The National Telecommunications and Information Administration (NTIA), directed by the executive order, published a report The Minimum Elements For a Software Bill of Materials (SBOM) on July 12, 2021. The minimum required elements of a SBOM include seven specific data fields.XML reports generated by Lucent Sky AVM version 2203 MR and later include these seven fields and help organizations achieve compliance with the executive order.Mapping NTIA fields to Lucent Sky AVM XML reportsThe following table provides mapping between NTIA fields and Lucent Sky AVM XML reports. NTIA field NTIA description Lucent Sky AVM XML report Supplier Name The name of an entity that creates, defines, and identifies components /report/scan/files/file/dependencies/dependency/@Vendor Component Name Designation assigned to a unit of software defined by the original supplier /report/scan/files/file/dependencies/dependency/@Name Version of the Component Identifier used by the supplier to specify a change in software from a previously identified version /report/scan/files/file/dependencies/dependency/@Version Other Unique Identifiers Other identifiers that are used to identify a component, or serve as a look-up key for relevant databases /report/scan/files/file/@Hash Dependency Relationship Characterizing the relationship that an upstream component X is included in software Y /report/scan/@ProjectName Author of SBOM Data The name of the entity that creates the SBOM data for this component /report/scan/@ReportAgent Timestamp Record of the date and time of the SBOM data assembly /report/scan/@Time Lucent Sky AVM also digitally signs each XML report using the XMLDSIG standard to protect its integrity. Stakeholders and auditors can validate the authenticity of a Lucent Sky AVM report using Lucent Sky Report Validation.", "keywords": "avm, dependency, compliance, sbom, nita" } , "/en/avm/licensing/overview": { "id": "612746", "url": "/en/avm/licensing/overview", "title": "Lucent Sky AVM licensing overview", "description": "", "date": "2021/4/9", "content" : "This article describes how Lucent Sky AVM is licensed.Description of the Lucent Sky AVM licenseLucent Sky AVM is licensed with both User Client Access License (User CAL) and Core License. Client Access License determines the number of users can access a Lucent Sky AVM instance or cluster, while Core License determines the number of concurrent scans can be running on a Lucent Sky AVM instance.User CALA User CAL is required for every user who accesses a Lucent Sky AVM instance or cluster. One User CAL is required for every user, regardless of the number of devices they use for that access.As users are configured at cluster-level, instances in the same cluster must have the same number of User CALs.Core LicenseCore License determines the number of concurrent scans can be running on a Lucent Sky AVM instance. A scan utilizes one Core License when it is in the checking, preparing, building, or analyzing stage. Activities on a completed scan, such as generating report or remediated source code, do not utilize Core Licenses.The number of Core Licenses required on a Lucent Sky AVM instance is not determined by the number of processors on the instance.", "keywords": "avm, licensing" } , "/en/avm/compliance/pci-compliance": { "id": "792856", "url": "/en/avm/compliance/pci-compliance", "title": "Lucent Sky AVM for PCI DSS Compliance", "description": "", "date": "2025/7/17", "content" : "Application security is a critical yet often overlooked element for organizations seeking to be PCI-compliant. Application-layer attacks compromise the flow and processing of data from within the application, leading to unauthorized access to sensitive data and more. Identifying and remediating vulnerabilities as applications are being developed and tested, and mitigating (instead of wrapping around them) them for applications that are in production, is the most effective way to reduce these risks. Through its unique capability of automate and expedite the remediation of application vulnerabilities, Lucent Sky AVM can help organizations achieve PCI-compliance more efficiently.Lucent Sky AVM PCI DSS matrixThe following section has a matrix of all of the PCI DSS requirements that Lucent Sky AVM covers, as well as guidance for assessors who may be evaluating the use of it for compliance. In some cases, Lucent Sky AVM can be used to justify compliance (as in, to verify that accounts with blank passwords do not exist). The comments and guidance only apply to in-scope applications and systems. The descriptions have been edited for brevity; the PCI Security Standards Council publishes the full version of PCI DSS on their website. Assessors should review specific contracted services in conjunction with the in-scope applications to understand which elements may be used to justify compliance with PCI DSS or other security standards.PCI DSS version 4.0.1 requirements PCI requirement Lucent Sky AVM Assessor guidance 2.2.6 — System security parameters are configured to prevent misuse. (A) Lucent Sky AVM can scan its targets to find configurations that would be deemed insecure. For example, it can look for insecure handing of information or connections to other systems or applications that use insecure protocols. Lucent Sky AVM can be used in support of this requirement and should be deployed as part of the go-live process. 3.3 — Sensitive authentication data (SAD) is not stored after authorization (E) Lucent Sky AVM analyzes a model of the source code and identifies potential locations in the code where sensitive information is being stored. Issues that may result in sensitive authentication data storage are highlighted for the developer to address. Firms should use Lucent Sky AVM in addition to automated and/or manual reviews to ensure that there are no business process rules that may enable storage in certain situations after authorization. 3.4 — Access to displays of full PAN and ability to copy PAN is restricted. (E) Lucent Sky AVM analyzes a model of the source code and identifies potential locations in the code where sensitive information is stored in an insecure manner. Issues that may result in displays of full PAN are highlighted for the developer to address. Firms should use Lucent Sky AVM in addition to automated and/or manual reviews. 3.5 — Primary account number (PAN) is secured wherever it is stored. (E) Lucent Sky AVM analyzes a model of the source code and identifies potential locations in the code where sensitive information is stored in an insecure manner. Issues that may result in insecure PAN storage are highlighted for the developer to address. Firms should use Lucent Sky AVM in addition to automated and/or manual reviews. 3.6 — Cryptographic keys used to protect stored account data are secured. (E) Lucent Sky AVM analyzes situations whereby cryptographic keys are not stored securely. Insecure storage will be detected and highlighted for the developer to address. In the case that crypto key generation is required, Lucent Sky AVM will help ensure that the code generating those keys uses methods to generate strong keys. 4.2.1 — Strong cryptography and security protocols are implemented to safeguard PAN during transmission over open, public networks. (E) Lucent Sky AVM can detect usage of insecure cryptographic algorithms and protocols in the source code. It can be used for those applications that rely on software controls to enforce secure protocols and encryption. It will identify situations that could be considered risky and flag them for follow-up. Firms can use Lucent Sky AVM in conjunction with encryption tools to ensure applications are not relying on insecure protocols or algorithms. The absence of strong cryptography at the source-code or application layer does not conclude the absence of it for the system. For example, mitigation may be applied for the entire system through a hardware-based control, which encrypts/decrypts all data leaving/entering the system. 4.2.2 — PAN is secured with strong cryptography whenever it is sent via end-user messaging technologies. (E) Lucent Sky AVM maps how data flows throughout an application and looks for possible disclosure of sensitive information such as passwords, credit card numbers, and SSNs. This data can ultimately find its way to a file system for storage, system console, printers etc. where it can be compromised. As data flows through the various functions in an application, certain interactions could lead to data disclosure over these messaging systems. Lucent Sky AVM can help ensure that data is not transmitted over end-user messaging technologies as part of the logic flow within an application. 6.1 — Processes and mechanisms for developing and maintaining secure systems and software are defined and understood. (A) Lucent Sky AVM can be used to identify vulnerabilities in the source code, libraries, and configurations before applications enter production. Lucent Sky AVM should be used to examine application code in its entirety before it is pushed to production. Processes should be put in place to ensure application security tools are applied consistently. 6.2 — Bespoke and custom software are developed securely. (A) Lucent Sky AVM supports this requirement by reviewing the source code for vulnerabilities that would violate PCI DSS or other security frameworks. Lucent Sky AVM, when used in conjunction with other secure development practices, can be used to identify vulnerabilities as a developer writes code, thus preventing them from showing up in production environments. It demonstrates compliance with the requirement by checking code against various standards and security best practices. 6.3 — Security vulnerabilities are identified and addressed. (A) Lucent Sky AVM scans source code and binary files to identify unknown vulnerabilities, and scans dependencies to identify known vulnerabilities. All vulnerabilities will be flagged for follow-up and remediation advice provided. It helps developers not introduce vulnerabilities into their source code before it is committed back to the main repository. Finding and fixing vulnerabilities early reduced subsequent tracking, remediation, and re-testing. Lucent Sky AVM is used to scan pre-production source code, binary files, and dependencies to satisfy this requirement. Exceptions should be reviewed, patches deployed, and rescanned to verify the problems are fixed. Removing vulnerabilities early is far more efficient than later in the lifecycle. Vulnerabilities can be resolved directly in the application or externally through additional controls. Vulnerabilities may exist due to lack of access to third-party code, because the vulnerability has not yet been remediated, or because new attack methods have created a new vulnerability. 6.4 — Public-facing web applications are protected against attacks. (A) Outputs from Lucent Sky AVM include Instant Fixes, production-ready code segments that replace vulnerable code and remediate the underlying vulnerabilities. These Instant Fixes uses security mechanisms built in the application servers as well as industry-standard security libraries, or enterprise security libraries chosen by the firm. Lucent Sky AVM identifies vulnerable script loading practices such as loading scripts over insecure connections or missing integrity checks. Lucent Sky AVM can also invetory of scripts used by an application. Firms using these technologies need to be explicit in where and how they are deployed for security and compliance purposes. For example, while Instant Fixes are very effective to remediating vulnerabilities resulted from insecure implementation (such as XSS and SQL injection), only a small number of vulnerabilities resulted from insecure design (such as using a weak encryption algorithm) can be remediated through Instant Fixes. Additionally, firms using Instant Fixes to deploy enterprise security libraries should demonstrate the security and compliance for those enterprise security libraries used. 7.2.2 — Access is assigned to users, including privileged users, based on job classification and function and least privileges necessary to perform job responsibilities (E) Some programming APIs provide excessive privileges, which could lead to a failure to restrict certain functions to a user ID. Lucent Sky AVM can detect and alert on the usage of these APIs. Most software relies on third-party APIs for functionality. Lucent Sky AVM will help ensure that those APIs are properly restricted to programmatically enable compliance to this requirement. 7.3 — Access to system components and data is managed via an access control system(s). (E) Lucent Sky AVM identifies code that may override, weaken, or be vulnerable in ways that reduces the assumed level of access control in an application. Lucent Sky AVM should be used to help detect software vulnerabilities that could lead to weakened access control. 8.2.8 — If a user session has been idle for more than 15 minutes, the user is required to re-authenticate to re-activate the terminal or session. (E) Lucent Sky AVM will test session timeouts in applications to determine if this requirement is met. Leveraging these tools adds an extra layer of security to your environment by ensuring that the application times out even if the terminal does not. 8.3.2 — Strong cryptography is used to render all authentication factors unreadable during transmission and storage on all system components. (E) Lucent Sky AVM can detect the misuse of cryptographic APIs that detect poor key management and stored passwords. It can identify storing sensitive information in clear text and storing sensitive information in storage locations that do not have strong crypto. Weak cryptographic usage can spring from misconfiguration or outdated code. Lucent Sky AVM validates that the application uses cryptographic code properly. 10.3 — Audit logs are protected from destruction and unauthorized modifications. (E) Lucent Sky AVM can detect software issues that may allow log-forging attacks to be successful, which may allow unauthorized modification to occur. Log integrity is critical if you need to use those logs to find a breach or an insider. An attack that modifies the audit trail can cover the tracks of an attacker. 11.3 — External and internal vulnerabilities are regularly identified, prioritized, and addressed. (A) Lucent Sky AVM can be used to identify vulnerabilities in the source code, libraries, and configurations before applications enter production. Lucent Sky AVM should be used to examine application code in its entirety before it is pushed to production. Processes should be put in place to ensure application security tools are applied consistently. 11.4 — External and internal penetration testing is regularly performed, and exploitable vulnerabilities and security weaknesses are corrected. (A) As a potential compensating control, Lucent Sky AVM can be considered a valid method to meet this requirement as well, as long as all of the code the application relies on is included in the scan. External penetration testing firms may use Lucent Sky AVM to satisfy this requirement. Assessors should review how the tool is used in support of these efforts to ensure its completeness. 12.3 — Risks to the cardholder data environment are formally identified, evaluated, and managed. (E) While the products here are not risk-assessment tools, they can all be used in support of a risk-assessment methodology. Lucent Sky AVM have the ability to show risk levels of specific vulnerabilities and exploit events. The results should feed into your risk-assessment process. Outputs from Lucent Sky AVM should be incorporated into the risk-assessment process that the firm uses for this requirement. (A) Addresses the PCI DSS requirement.(E) Evidence from the product can be used to demonstrate PCI DSS compliance.Additional Guidance for Assessors The outputs from Lucent Sky AVM include the serial number and version number of the instance(s) used to generate the outputs, as well as the time the outputs were generated. The outputs from Lucent Sky AVM include the rule package and other settings used to generate the outputs. The rule packages and settings used should be in compliance with relevant regulations and standards. The outputs from Lucent Sky AVM, when in the form of HTML or XML reports, are cryptographically signed and can be validated for authenticity on the Lucent Sky Report Validation website. Lucent Sky AVM receives major updates semi-annually and minor updates monthly. You can verify the outputs were generated by a recent version of Lucent Sky AVM by matching the release information on the Lucent Sky Docs website.About Lucent Sky AVMLucent Sky AVM accelerates and scales the identification and remediation of common categories of application vulnerabilities, such as those in OWASP Top 10 and PCI DSS. It is compatible with .NET, ASP, Android, C/C++, Go, iOS, Java, PHP, Python, Ruby, Rust, Visual Studio applications, as well as static websites and many cross-framework languages and data interchange languages. Lucent Sky AVM is accessible through a web interface, IDE plugins, CLI, and API, and integrates with most common ALM and CI systems.", "keywords": "avm, compliance, pci, pcidss" } , "/en/avm/how-to/prepare-application-for-scan": { "id": "572813", "url": "/en/avm/how-to/prepare-application-for-scan", "title": "Prepare an application for scanning", "description": "", "date": "2024/10/2", "content" : "While Lucent Sky AVM has the flexibility to scan almost any code in a supported technology stack, properly configure and package an application can ensure the accuracy of the scan results.This article describes how to prepare an application of each technology stack for scanning..NET.NET applications include those developed for .NET, .NET Core, .NET Framework, and .NET Standard using C# and VB.NET. They may also include cross-framework languages such as CFML, Dart, ECMAScript (including ActionScript, JavaScript, and TypeScript), HTML, and SQL, and data interchange languages such as JSON, XML, and YAML.For mobile applications developed with Xamarin, scan them as either Android or iOS applications.To learn more about scanning a .NET application, view the following article in the Lucent Sky Knowledge Base:Scan a .NET applicationAndroidAndroid applications include those developed for Android devices using C#, Dart, ECMAScript (including ActionScript, JavaScript, and TypeScript), Java, and Kotlin. They may also include cross-framework languages such as HTML and SQL, and data interchange languages such as JSON, XML, and YAML.To learn more about scanning an Android application, view the following article in the Lucent Sky Knowledge Base:Scan an Android applicationASPASP applications include those developed for Active Server Pages using VBScript. They may also include cross-framework languages such as CFML, Dart, ECMAScript (including ActionScript, JavaScript, and TypeScript), HTML, and SQL, and data interchange languages such as JSON, XML, and YAML.For applications developed for ASP.NET, scan them as .NET applications.To learn more about scanning an ASP application, view the following article in the Lucent Sky Knowledge Base:Scan an ASP applicationC and C++C and C++ applications include those developed using C and C++. They may also include data interchange languages such as JSON, XML, and YAML.Fr iOS applications developed using Objective-C, scan them as iOS applications.To learn more about scanning a C or C++ application, view the following article in the Lucent Sky Knowledge Base:Scan a C or C++ applicationGoGo applications include those developed using Go. They may also include cross-framework languages such as Dart, ECMAScript (including ActionScript, JavaScript, and TypeScript), HTML, and SQL, and data interchange languages such as JSON, XML, and YAML.To learn more about scanning a Go application, view the following article in the Lucent Sky Knowledge Base:Scan a Go applicationiOSiOS applications include those developed for iOS, iPadOS, tvOS, and watchOS devices using C#, Dart, ECMAScript (including ActionScript, JavaScript, and TypeScript), Objective-C, and Swift are supported. They may also include cross-framework languages such as HTML and SQL, and data interchange languages such as JSON, XML, and YAML.To learn more about scanning an iOS application, view the following article in the Lucent Sky Knowledge Base:Scan an iOS applicationJavaJava applications include those developed for Java Runtime Environment using Groovy, Java, and Scala are supported. They may also include cross-framework languages such as CFML, Dart, ECMAScript (including ActionScript, JavaScript, and TypeScript), HTML, and SQL, and data interchange languages such as JSON, XML, and YAML.For Android applications developed using Java, scan them as Android applications.To learn more about scanning a Java application, view the following article in the Lucent Sky Knowledge Base:Scan a Java applicationLuaLua applications include those developed using Lua. They may also include cross-framework languages such as Dart, ECMAScript (including ActionScript, JavaScript, and TypeScript), HTML, and SQL, and data interchange languages such as JSON, XML, and YAML.To learn more about scanning a Lua application, view the following article in the Lucent Sky Knowledge Base:Scan a Lua applicationPHPPHP applications include those developed using PHP. They may also include cross-framework languages such as CFML, Dart, ECMAScript (including ActionScript, JavaScript, and TypeScript), HTML, and SQL, and data interchange languages such as JSON, XML, and YAML.To learn more about scanning a PHP application, view the following article in the Lucent Sky Knowledge Base:Scan a PHP applicationPythonPython applications include those developed using Python. They may also include cross-framework languages such as Dart, ECMAScript (including ActionScript, JavaScript, and TypeScript), HTML, and SQL, and data interchange languages such as JSON, XML, and YAML.To learn more about scanning a Python application, view the following article in the Lucent Sky Knowledge Base:Scan a Python applicationRubyRuby applications include those developed using Ruby. They may also include cross-framework languages such as CFML, Dart, ECMAScript (including ActionScript, JavaScript, and TypeScript), HTML, and SQL, and data interchange languages such as JSON, XML, and YAML.To learn more about scanning a Ruby application, view the following article in the Lucent Sky Knowledge Base:Scan an Ruby applicationRustRust applications include those developed using Rust. They may also include data interchange languages such as JSON, XML, and YAML.To learn more about scanning a Rust application, view the following article in the Lucent Sky Knowledge Base:Scan an Rust applicationVisual BasicVisual Basic applications include those developed using Visual Basic. They may also include data interchange languages such as JSON, XML, and YAML.For applications developed using Visual Basic .NET (VB.NET), scan them as .NET applications.To learn more about scanning a Visual Basic application, view the following article in the Lucent Sky Knowledge Base:Scan a Visual Basic applicationStatic websiteStatic websites include static websites developed using CFML, Dart, ECMAScript (including ActionScript, JavaScript, and TypeScript), and HTML, and ECMAScript modules developed using JavaScript and TypeScript. They may also include data interchange languages such as JSON, XML, and YAML.To learn more about scanning a Common JS or ECMAScript module, or a static website, view the following article in the Lucent Sky Knowledge Base:Scan a static website", "keywords": "avm, howto, dotnet, android, asp, cpp, go, ios, java, jdk, lua, php, python, ruby, rust, visualbasic, staticweb" } , "/en/avm/how-to/prepare-build-environment": { "id": "502581", "url": "/en/avm/how-to/prepare-build-environment", "title": "Prepare build environment on Lucent Sky AVM server", "description": "", "date": "2019/1/4", "content" : "Lucent Sky AVM uses hybrid analysis, a combination of binary and source code analysis, on .NET and Java applications to increase analysis coverage and accuracy. In order to successfully build .NET and Java applications on a Lucent Sky AVM instance, it might be necessary to prepare a build environment on the server. This document outlines the steps of common tasks of preparing a build environment..NET MSBuild Some .NET applications require a MSBuild (formally known as Visual Studio Build Tools) version that is newer than the one that is bundled with .NET Framework. Follow these steps to install Visual Studio Build Tools on the Lucent Sky AVM server: Consult your application stakeholders about the necessary MSBuild versions their applications require. In most cases, the latest version is compatible with previous versions. To download Visual Studio Build Tools, visit the following page on the Visual Studio website: Visual Studio Downloads. To learn about installing Visual Studio without Internet access, view the following article on the Microsoft Learn website: Create an offline installation of Visual Studio Run vs_buildtools.exe to install Visual Studio Build Tools. Select the Workloads and Individual components required by your applications. Common workloads include .NET desktop build tools, Web development build tools__ and .NET Core build tools. It might also be necessary to select specific individual compoents required by your applications, such as the .NET Framework targeting packs. ", "keywords": "avm, howto, dotnet, java" } , "/en/avm/how-to/reset-password-of-built-in-administrator": { "id": "224918", "url": "/en/avm/how-to/reset-password-of-built-in-administrator", "title": "Reset the password of the built-in administrator", "description": "", "date": "2024/2/20", "content" : "This article describes how to reset the password or disable multi-factor authentication for the built-in administrator.In this article, you will learn how to: Reset the password of the built-in administrator. Disable multi-factor authentication for the built-in administrator.At the end, you will be able to reset the password or disable multi-factor authentication for the built-in administrator.Reset the password of the built-in administrator Open PowerShell as an administrator, then enter the following commands: Stop-Service "CLEAR Engine" echo "reset admin credentials" > "C:Program FilesLucent SkyCLEAR EngineStartupRunOnce.txt" Start-Service "CLEAR Engine" The password of the built-in administrator alice@lucentskyavm.com is now reset to lucentsky. This does not disable multi-factor authentication for the built-in administrator.Disable multi-factor authentication for the built-in administrator Open PowerShell as administrator and enter the following command to open the CLEAR Engine storage configuration file with the default text editor: (Select-Xml -Path "C:Program FilesLucent SkyCLEAR EngineSkyAnalyzer.config" -XPath "skyAnalyzer").Node.File | Invoke-Item Make sure the value to the MultiFactorAuthentication key is empty or false. In PowerShell, enter the following commands: sqlcmd -S .SQLEXPRESS -d SkyAnalyzer -Q "UPDATE Users SET MultiFactorAuthenticationKey = NULL WHERE Username = 'alice@lucentskyavm.com'" Multi-factor authentication has been disabled for the built-in administrator alice@lucentskyavm.com.", "keywords": "avm, howto, administration" } , "/en/avm/compliance/result-hash-compatibility": { "id": "231400", "url": "/en/avm/compliance/result-hash-compatibility", "title": "Result hash compatibility between different versions of Lucent Sky AVM", "description": "", "date": "2026/02/10", "content" : "Different versions of Lucent Sky AVM might use different algorithms to calculate the hash of results. Hash value are used to identify results between different scans and applications, and to allow the suppression of results.Result hash backward compatibilityBackward compatibility for suppression signatures is enabled by default, so a newer version of Lucent Sky AVM can recognize the suppression signatures generated by an earlier version. To disable this behavior, set SuppressionCompatibilityMode to false in the CLEAR Engine storage configuration file (also known as the cluster configuration file).Result recurrence calculation does not support backward compatibility.Result hash compatibility matrix Lucent Sky AVM version Suppression signature compatibility Result recurrence compatibility 2003 and earlier 2003 and earlier 2003 and earlier 2006 to 2009 2009 and earlier1, or 2006 and 20092 2006 and 2009 2103 to 2306 2306 and earlier1, or 2103 and later2 2103 to 2306 2309 to 25093 2103 and later4, or 2309 and later2 2309 and later 2512 and later 2309 and later5 2309 and later5 1.With suppression compatibility mode enabled.2.With suppression compatibility mode disabled.3.Hashes of dependency analysis results generated by version 2403 and earlier are incompatible with later versions.4.With suppression compatibility mode enabled. Suppression compatibility mode is not applicable to some results.5.Hashes of some results generated by version 2512 and later might differ than the hashes of the same results generated by earlier versions, therefore causing incompatibility of suppression signatures and result recurrence calculation for these results with earlier versions.", "keywords": "avm, compliance, suppression" } , "/en/avm/how-to/scan-android-application": { "id": "226205", "url": "/en/avm/how-to/scan-android-application", "title": "Scan an Android application", "description": "", "date": "2022/10/10", "content" : "This article describes how to scan an Android application using Lucent Sky AVM.In this article, you will learn how to: Scan an Android application.At the end, you will be able to scan an Android application.Xamarin projectNavigate to the root of the website, and create an archive file that includes the source code files of the project, with the _.csproj_ file in the root of the archive file.Other Android projectNavigate to the root of the project directory, and create an archive file that includes the source code files of the project, with the _manifests_, _java_, and _res_ directories in the root of the archive file.Other considerations Performance If the application has a large number data files in JSON or XML format, or large number of backup files, it is recommended to either remove them prior to scan or set the ExcludeFileTypes scan argument to Backup, Config, or Backup,Config to exclude these files from analysis and improve analysis performance. If the application has a large number of media files, it is recommended to remove them prior to scan to reduce the amount of storage space required. ", "keywords": "avm, howto, android" } , "/en/avm/how-to/scan-asp-application": { "id": "226206", "url": "/en/avm/how-to/scan-asp-application", "title": "Scan an ASP application", "description": "", "date": "2022/10/10", "content" : "This article describes how to scan an ASP application using Lucent Sky AVM.For ASP.NET applications, view the following article in the Lucent Sky Knowledge Base:Scan an .NET applicationIn this article, you will learn how to: Scan an ASP application.At the end, you will be able to scan an ASP application.ASP projectNavigate to the root of the application, and create an archive file that includes the source code files of the application.Other considerations Performance If the application has a large number data files in JSON or XML format, or large number of backup files, it is recommended to either remove them prior to scan or set the ExcludeFileTypes scan argument to Backup, Config, or Backup,Config to exclude these files from analysis and improve analysis performance. If the application has a large number of media files, it is recommended to remove them prior to scan to reduce the amount of storage space required. ", "keywords": "avm, howto, asp" } , "/en/avm/how-to/scan-c-and-cpp-application": { "id": "226207", "url": "/en/avm/how-to/scan-c-and-cpp-application", "title": "Scan a C or C++ application", "description": "", "date": "2022/10/10", "content" : "This article describes how to scan a C or C++ application using Lucent Sky AVM.For iOS applications developed with Objective-C, view the following article in the Lucent Sky Knowledge Base:Scan an Android applicationIn this article, you will learn how to: Scan a C or C++ application.At the end, you will be able to scan a C or C++ application.C or C++ projectNavigate to the root of the project directory, and create an archive file that includes the source code and header files of the project.Other considerations Performance If the application has a large number data files in JSON or XML format, or large number of backup files, it is recommended to either remove them prior to scan or set the ExcludeFileTypes scan argument to Backup, Config, or Backup,Config to exclude these files from analysis and improve analysis performance. If the application has a large number of media files, it is recommended to remove them prior to scan to reduce the amount of storage space required. ", "keywords": "avm, howto, cpp" } , "/en/avm/how-to/scan-dependencies-for-known-vulnerabilities": { "id": "229426", "url": "/en/avm/how-to/scan-dependencies-for-known-vulnerabilities", "title": "Scan application dependencies for known vulnerabilities", "description": "", "date": "2022/05/05", "content" : "Lucent Sky AVM has three groups of analysis engines, binary analysis, source code analysis, and dependency analysis. Binary analysis and source code analysis scan applications for unknown vulnerabilities such as SQL injection, cross-site scripting, weak encryption, and such. These unknown vulnerabilities are categorized by a CWE ID. Dependency analysis, on the other hand, scans applications' dependencies for known vulnerabilities in both open source and proprietary software products and components. These known vulnerabilities usually have a CVE ID and have at least one underlying CWE ID.This article describes how to scan application dependencies for known vulnerabilities and configure the behaviors of dependency analysis.In this article, you will learn how to: Scan application dependencies for known vulnerabilities. Configure the behaviors of dependency analysis.At the end, you will be able to scan an application's dependency for known vulnerabilities and to configure the behaviors of dependency analysis.Scan application dependencies for known vulnerabilitiesTo scan an application's dependencies for known vulnerabilities, enable the Dependency vector in either application settings or scan settings.When a known vulnerability is found, it will be categorized as its primary CWE ID if that CWE ID is enabled in the scan's weakness policies. If not, it will be categorized as CWE-1104: Use of Unmaintained Third Party Components. For example, if a scan identifies a component with CVE-2021-44228, it will be categorized as CWE-502 if CWE-502 is enabled in the weakness policies. Otherwise, it will be categorized as CWE-1104.Configure the behaviors of dependency analysisIn addition to dependency analysis, the dependency analysis engines also power advanced dependency discovery. Dependency discovery helps binary and source code analysis engines identify well-known software components, so they can be analyzed more efficiently. Advanced dependency discovery uses over 60 signals to accurately identify an application's dependencies. However, advanced dependency discovery does not work with all types of applications and might not work on some misconfigured applications. If advanced dependency discovery is not available, dependency analysis cannot be performed.If Dependency vector is not enabled for a scan, advanced dependency discovery will be attempted. If it is not available, the scan will fallback to basic dependency discovery. If the Dependency vector is enabled for a scan, the scan will fail if advanced dependency discovery is not available.To explicitly use basic dependency analysis, set the DependencyDiscovery scan argument to basic.", "keywords": "avm, howto, dependency" } , "/en/avm/how-to/scan-dotnet-application": { "id": "226201", "url": "/en/avm/how-to/scan-dotnet-application", "title": "Scan a .NET application", "description": "", "date": "2024/3/11", "content" : "This article describes how to scan a .NET application using Lucent Sky AVM.In this article, you will learn how to: Scan a .NET application.At the end, you will be able to scan a .NET application.ASP.NET Web ApplicationASP.NET Web Application has a project file (.csproj or .vbproj) and may be part of a solution. If the web application is a single project, navigate to the root of the project directory, and create an archive file with the project file in the root of the archive file. If the web application is a project that is part of a solution, navigate to the root of the solution directory, and create an archive file with the solution file (.sln) in the root of the archive file. Specify the relative path to the project file within the archive in Analysis Target when creating a scan.ASP.NET Web Forms Site (previously known as Web Site)ASP.NET Web Forms Site does not have a project file.Navigate to the root of the web site, and create an archive file with the top-most web.config in the root of the archive file.Windows Desktop project and WCF projectWindows Desktop project includes WPF App, Windows Forms App, Console App, Class Library, Windows Service, and various kinds of Control Library. WCF project includes WCF Service Library and WCF Service Application. It has a project file (.csproj or .vbproj) and may be part of a solution. If the project is a single project, navigate to the root of the project directory, and create an archive file with the project file in the root of the archive file. If the web application is a project that is part of a solution, navigate to the root of the solution directory, and create an archive file with the solution file (.sln) in the root of the archive file. Specify the relative path to the project file within the archive in Analysis Target when creating a scan..NET, .NET Core project, and .NET Standard project.NET and .NET Core project includes .NET Console App, .NET Class Library, ASP.NET Core Web Application, and more. .NET Standard project includes .NET Standard Class Library. It has a project file (.csproj or .vbproj) and may be part of a solution. If the project is a single project, navigate to the root of the project directory, and create an archive file with the project file in the root of the archive file. If the web application is a project that is part of a solution, navigate to the root of the solution directory, and create an archive file with the solution file (.sln) in the root of the archive file. Specify the relative path to the project file within the archive in Analysis Target when creating a scan..NET, .NET Core, and .NET Standard projects are only compatible with .NET or .NET Core build tools, so make sure to select a compatible runtime. Select .NET Core 3.1 for .NET Core and .NET Standard projects, and .NET 6.0 for .NET projects. Using these runtimes ensure that the latest MSBuild available on the system will be used to build these projects.Other considerations Base directory Scan arguemnts such as BuildOutputPath are relative to the base directories of the application. When the analysis target is a project file, the base directory is the parent directory of the project file. For example, if the analysis target is the project file ContosoApiContoso.Api.csproj, the base directory is ContosoApi. When the analysis target is a solution, the base directories are the parent directories of its project files and/or web.config files. For example, if the analysis target is the solution file Contoso.sln and it contains two projects, Contoso.ApiContoso.Api.csproj and Contoso.Webweb.config, the base directories are Contoso.Api and Contoso.Web, respectively. MSBuild versions For projects targeting .NET Framework, Lucent Sky AVM uses the MSBuild bundled with their respective version of .NET Framework. For projects targeting .NET, .NET Core, and .NET Standard, Lucent Sky AVM uses the latest MSBuild availalbe on the system that is version 12 or later. To use the latest MSBuild avalable on the system for .NET Framework projects, Include MsBuild,latest in scan arguments. To use a specific version of MSBuild, specify the version number in the MsBuild scan argument, such as MSBuild,15. Build artifacts Lucent Sky AVM analyzes MSBuild output to locate build artifacts for binary analysis. If the analysis target is a solution, the build artifacts of all its projects will be used for binary analysis. To make Lucent Sky AVM look for build artifacts for binary analysis in specific locations, use the BuildOutputPath scan argument to specify the path to build output directories or the path to the build artifacts, relative to its base directories. For example, if the base directory is ContosoWeb and the build artifacts are located in the ContosoWebbin directory, include BuildOutputPath,bin in scan arguments; if the base directories are Contoso.Api and Contoso.Web, and the build artifacts are located in their respective Debugbin directories, include BuildOutputPath,Debugbin in scan arguments. For ASP.NET projects, Lucent Sky AVM uses the artifacts from ASP.NET compilation and ignores the BuildOutputPath scan argument. MSBuild properties Some projects use MSBuild properties defined outside of the project file, such as in environment properties, registry properties, or global properties. Use the BuildProperties scan argument to supply these properties. The value of the argument should be the value of MSBuild's -property switch, except that each property should be separated by a comma and not a semicolon. For example, PropA=Aye,PropB=Bee. Packages and dependencies NuGet If the project uses NuGet to manage its referenced packages, make sure the system can access the feeds used by the project. SDKs and runtimes If the project relies on SDKs and runtimes that are installed on the development and build environments, make sure those SDKs and runtimes are installed on the system, packaged along with the source code, or available in a custom runtime. Direct binary analysis Lucent Sky AVM can directly scan the binary files of .NET applications, with or without the accompanying source code. Using direct binary analysis speeds up scans, and also enable the complete analysis of applications that cannot be built due to various reasons such as missing source code or SDKs. To scan a .NET application using direct binary analysis, specify the relative path to the primary binary file within the archive in Analysis Target when creating a scan. To learn more about how to scan an application using direct binary analysis, view the following article in the Lucent Sky Knowledge Base: Scan an application using direct binary analysis Performance If the application has a large number data files in JSON or XML format, or large number of backup files, it is recommended to either remove them prior to scan or set the ExcludeFileTypes scan argument to Backup, Config, or Backup,Config to exclude these files from analysis and improve analysis performance. If the application has a large number of media files, it is recommended to remove them prior to scan to reduce the amount of storage space required. ", "keywords": "avm, howto, dotnet, csharp, vbnet, msbuild" } , "/en/avm/how-to/scan-from-version-control": { "id": "228145", "url": "/en/avm/how-to/scan-from-version-control", "title": "Scan an application from version control", "description": "", "date": "2024/10/27", "content" : "When integrating Lucent Sky AVM with software development lifecycle, it is common for scans to be initiated by a continuous integration pipeline, and pushing the source code to a Lucent Sky AVM instance. In scenarios that is not practical to push the source code, Lucent Sky AVM can also pull the source code from a version control system.To learn more about using Lucent Sky AVM with a continuous integration pipeline, view the following article in the Lucent Sky Knowledge Base:Use Lucent Sky AVM with a continuous integration pipelineTo configure a scan to pull source code from a version control system, set the Repository of the scan to the repository connection string corresponding to the version control system. You can also set the Repository of an application to the repository connection string, which will make every new scan of the application use that connection string by default. A repository connection string has four parts: protocol, URL, username, and password. This article includes connection string examples of common version control systems.Azure DevOpsTo scan an application by getting its source codes source code from Azure DevOps, use the following values to construct the connection string: Protocol URL Username Password Git https://dev.azure.com/{organization}/{project}/_git/{repo} orhttps://{organization}.visualstudio.com/{project}/_git/{repo} ` {PAT} TFVC https://dev.azure.com/{organization}/{path} orhttps://{organization}.visualstudio.com/{path} ` {PAT} For private Git repositories, the PAT must have the Code > Read scope. For public Git repositories, use ` for password.For TFVC repositories, the path part must begin with $/. The PAT must have the Code > Full scope.ExamplesThe following connection string connects to the Git repository Backend of the project Website under the organization Contoso, using the PAT personalaccesstoken:protocol,git;url,https://dev.azure.com/contoso/Website/_git/Backend;username,jane@contoso.com;password,personalaccesstokenThe following connection string connects to the TFVC repository Backend of the project Website under the organization Contoso, using the PAT personalaccesstoken:protocol,tfvc;url,https://dev.azure.com/contoso/$/Website;username,`;password,personalaccesstokenAzure DevOps ServerTo scan an application by getting its source code from Azure DevOps Server (previously known as Team Foundation Server), use the following values to construct the connection string: Protocol URL Username Password Git https://{username}:{pat}@{hostname}/{collection}/{project}/_git/{repo} ` ` TFVC https://{hostname}/{collection}/{path} {username} {password} For Git repositories, the PAT must have the Code > Read scope.For TFVC repositories, the path part must begin with $/.ExamplesThe following connection string connects to the Git repository Backend of the project Website on tfs.contoso.com, using the PAT personalaccesstoken:protocol,git;url,https://jane@contoso.com:personalaccesstoken@tfs.contoso.com/DefaultCollection/Website/_git/Backend;username,`;password,`The following connection string connects to $/Website/Backend path in the project collection DefaultCollection on tfs.contoso.com, using username jane@contoso.com and password tfspassword:protocol,tfvc;url,https://tfs.contoso.com/DefaultCollection/$/Website/Backend;username,jane@contoso.com;password,tfspasswordBitBucketTo scan an application by getting its source code from BitBucket, use the following values to construct the connection string: Protocol URL Username Password Git https://bitbucket.org/{workspace}/{repo}.git {username} {apppassword} For private repositories, the app password must have the Repositories > Read permission. For public repositories, use ` for both username and password.If you are having difficulty connecting to a private repository, consider using an alternative URL https://{username}:{apppassword}@bitbucket.org/{workspace}/{repo}.git and ` for both username and password.ExamplesThe following connection string connects to the Git repository WebsiteBackend under the workspace contoso, using username jane and app password apppassword:protocol,git;url,https://bitbucket.org/contoso/WebsiteBackend.git;username,jane;password,apppasswordGitHubTo scan an application by getting its source code from GitHub, use the following values to construct the connection string: Protocol URL Username Password Git https://github.com/{organization}/{repo}.git ` {PAT} For private repositories, the PAT must have the repo scope. For public repositories, use ` for password.ExamplesThe following connection string connects to the Git repository WebsiteBackend under the organization contoso, using PAT personalaccesstoken:protocol,git;url,https://github.com/contoso/WebsiteBackend.git;username,`;password,personalaccesstokenGitLabTo scan an application on by getting its source code from GitLab, either self-managed or SaaS, use the following values to construct the connection string: Protocol URL Username Password Git https://{hostname}/{group}/{repo}.git {username} {password} or {PAT} When using a PAT, use ` for username.For private repositories, the PAT must have the read_repository scope. For public repositories, use ` for password.ExamplesThe following connection string connects to the Git repository WebsiteBackend under the group contoso on gitlab.com, using PAT personalaccesstoken:protocol,git;url,https://gitlab.com/contoso/WebsiteBackend.git;username,`;password,personalaccesstokenThe following connection string connects to the Git repository WebsiteBackend under the group contoso on gitlab.contoso.com, using username jane and password gitpassword:protocol,git;url,https://gitlab.contoso.com/contoso/WebsiteBackend.git;username,jane;password,gitpasswordSubversionTo scan an application on by getting its source code from Apache Subversion, use the following values to construct the connection string: Protocol URL Username Password SVN https://{hostname}/{repo}/{project}/{branch} {username} {password} For public repositories, use ` for username and password.ExamplesThe following connection string connects to the trunk branch of the WebsiteBackend repository of the Website project on svn.example.com/repos, using using username jane and password svnpassword:protocol,svn;url,https://svn.example.com/repos/Website/WebsiteBackend/trunk;username,jane;password,svnpasswordCommon questionsHow do I pull source code from a specific branch of a Git repository?To pull source code from a specific branch of a Git repository, append /$/{branch} to the URL part. For example, to pull the dev branch, use the following connection string:protocol,git;url,https://dev.azure.com/contoso/Website/_git/Backend/$/dev;username,`;password,personalaccesstokenHow do I pull source code from a repository with non-ASCII repository name, path, or branch name?For Git repositories, if the repository name or part of the relative path contains non-ASCII characters, use the URL-encoded repository name or path. For example, to pull from a repository named ウェブ, use the following connection string:protocol,git;url,https://dev.azure.com/contoso/Website/_git/%E3%82%A6%E3%82%A7%E3%83%96;username,`;password,personalaccesstokenUTF-8 characters in the name of a Git branch or the relative path of a TFVC repository (the part after $/) are supported. However, if you are having problem connecting such a repository, consider URL-encoding the non-ASCII characters.For example, to pull the デベ branch of a Git repository, use the following connection string:protocol,git;url,https://dev.azure.com/contoso/Website/_git/Backend/$/%E3%83%87%E3%83%99;username,`;password,personalaccesstokenFor example, to pull from the $/デベ directory of a TFVC repository, use the following connection string:protocol,tfvc;url,https://dev.azure.com/contoso/$/%E3%83%87%E3%83%99;username,`;password,personalaccesstokenHow do I connect to a repository hosted on a server using a self-signed certificate?To connect to a repository hosted on a server using a self-signed certificate, add the certificate to the local machine Trusted Root Certification Authorities certificate store on the CLEAR Engine instance.How do I connect to a repository hosted on a server using SSH?Only HTTP and HTTPS are supported for connecting to Git and Subversion servers. Connecting using SSH is not supported.Can I use my username when connecting using a personal access token?In the example connection strings, a backtick (`) is used as a placeholder for username when using a personal access token (PAT). Most repository servers allow any non-empty character as username when authenticating using a PAT, however, some might require you to use your username when using a PAT or an app password. Check the instructions of your repository server to see what username to use when using a PAT.", "keywords": "avm, howto, bitbucket, ci, continuousintegration, devops, azuredevops, git, github, gitlab, revisioncontrol, sourcecontrol, subversion, svn, teamfoundationserver, tfs, tfvc, versioncontrol" } , "/en/avm/how-to/scan-go-application": { "id": "226211", "url": "/en/avm/how-to/scan-go-application", "title": "Scan a Go application", "description": "", "date": "2022/12/1", "content" : "This article describes how to scan a Go application using Lucent Sky AVM.In this article, you will learn how to: Scan a Go application.At the end, you will be able to scan a Go application.Go projectNavigate to the root of the project, and create an archive file that includes the source code files of the project.If the project uses packages that are platform-dependent, select the appropriate runtime when creating the application on Lucent Sky AVM.Other considerations Performance If the application has a large number data files in JSON or XML format, or large number of backup files, it is recommended to either remove them prior to scan or set the ExcludeFileTypes scan argument to Backup, Config, or Backup,Config to exclude these files from analysis and improve analysis performance. If the application has a large number of media files, it is recommended to remove them prior to scan to reduce the amount of storage space required. ", "keywords": "avm, howto, go" } , "/en/avm/how-to/scan-ios-application": { "id": "226204", "url": "/en/avm/how-to/scan-ios-application", "title": "Scan an iOS application", "description": "", "date": "2022/10/10", "content" : "This article describes how to scan an iOS application using Lucent Sky AVM.In this article, you will learn how to: Scan an iOS application.At the end, you will be able to scan an iOS application.iOS project**Navigate to the root of the project, and create an archive file that includes the source code of the project, with the project file (such as .csproj or .xcodeproj) in the root of the archive file.Other considerations Performance If the application has a large number data files in JSON or XML format, or large number of backup files, it is recommended to either remove them prior to scan or set the ExcludeFileTypes scan argument to Backup, Config, or Backup,Config to exclude these files from analysis and improve analysis performance. If the application has a large number of media files, it is recommended to remove them prior to scan to reduce the amount of storage space required. ", "keywords": "avm, howto, ios" } , "/en/avm/how-to/scan-java-application": { "id": "226202", "url": "/en/avm/how-to/scan-java-application", "title": "Scan a Java application", "description": "", "date": "2024/3/11", "content" : "This article describes how to scan Java applications using Lucent Sky AVM.For Java applications running on Android, view the following article in the Lucent Sky Knowledge Base:Scan an Android applicationIn this article, you will learn how to: Scan a Java application.At the end, you will be able to scan a Java application.Ant projectAnt project has a build file (build.xml).Navigate to the root of the project directory, and create an archive file with the build file in the root of the archive file.If a build file is not specified in Analysis Target, Lucent Sky AVM will attempt to find a build file in the source code. If a build file was found, it will be used as the build file in the build process. Otherwise, a default build file will be used. To use a specific file as the build file and as it is in the build process, specify the relative path to the build file in Analysis Target. If Lucent Sky AVM fails to recognize the application as an Ant project, Include JavaBuild,Ant in scan arguments.Lucent Sky AVM uses either WEB-INFclasses or src relative to the base directory. To use a different Java source path, set its path relative to the base directory in the JavaSourcePath scan argument. For example, if the base directory is ContosoWeb and the Java source path is ContosoWebsource, include JavaSourcePath,source in scan arguments. If the Java source path is the base directory, set the JavaSourcePath scan argument to empty (JavaSourcePath,).Lucent Sky AVM looks for build artifacts in Ant output that are EAR, JAR, or WAR files for binary analysis, with files under the buildjar and build directories having higher priority over those that are not. To use a specific build artifact for binary analysis, set the JavaBuild scan argument to ant, then use the BuildOutputPath scan argument to specify the path to the build artifact relative to the base directory. For example, if the base directory is ContosoWeb and the build artifact is ContosoWebbuildjarContoso.war, include buildOutputPath,buildjarContoso.war in scan arguments. The specified build artifact must have .ear, .jar, or .war as the file extension.Other Ant project considerations Base directory Scan arguments such as BuildOutputPath, JavaSourcePath, and WebAppPath are relative to the base directories of the application. The base directory of an Ant project is the parent directory of the analysis target. For example, if the analysis target is ContosoWebbuild.xml, the base directory is ContosoWeb. Web applications Lucent Sky AVM analyzes the application structure to locate the WEB-INF directory. If the WEB-INF directory could not be located correctly, specify the path of the parent directory of WEB-INF relative to the base directory in the WebAppPath scan argument. For example, if the base directory is ContosoWeb and the WEB-INF directory is located at ContosoWebwebappWEB-INF, include WebAppPath,webapp in scan arguments. If the project contains JSP files, including JSP compilation targets such as one that uses Jasper in the build file can increase scan coverage of JSP files. For example: <project name="Webapp Precompilation" default="all" basedir="."> ... <!-- ${tomcat.home} is supplied by Lucent Sky AVM during Ant build. --> <import file="${tomcat.home}/bin/catalina-tasks.xml"/> <target name="jspc"> <jasper validateXml="false" uriroot="${webapp.path}" webXmlInclude="${webapp.path}/WEB-INF/generated_web.xml" outputDir="${webapp.path}/WEB-INF/src" verbose="9" smapSuppressed="false" smapDumped="true"/> </target> <target name="compile"> <javac destdir="${webapp.path}/WEB-INF/classes" debug="on" optimize="off" failonerror="true" srcdir="${webapp.path}/WEB-INF/src" excludes="**/*.smap" target="1.6" source="1.6"> <classpath> <pathelement location="${webapp.path}/WEB-INF/classes"/> <fileset dir="${webapp.path}/WEB-INF/lib"> <include name="*.jar"/> </fileset> <pathelement location="${tomcat.home}/lib"/> <fileset dir="${tomcat.home}/lib"> <include name="*.jar"/> </fileset> <fileset dir="${tomcat.home}/bin"> <include name="*.jar"/> </fileset> </classpath> <include name="**"/> <exclude name="tags/**"/> </javac> </target> ... </project> If Lucent Sky AVM encounters compiled JSP bytecode during binary analysis, it will look for its original files in the build directory under the parent directory of the project file, or the WEB-INF directory under the the web app path. Gradle projectGradle project has one or more build scripts (build.gradle or build.gradle.kts).Navigate to the root of the project directory, and create an archive file with the top-most build script in the root of the archive file.When creating the scan, specify the relative path to the build script of the project in Analysis Target. If Lucent Sky AVM fails to recognize the application as a Gradle project, Include JavaBuild,Gradle in scan arguments.Lucent Sky AVM uses srcmainjava or srcmaingroovy relative to the base directory as Java source path. To use a different Java source path, set its path relative to the base directory in the JavaSourcePath scan argument. For example, if the base directory is ContosoWeb and the Java source path is ContosoWebsource, include JavaSourcePath,source in scan arguments. If the Java source path is the base directory, set the JavaSourcePath scan argument to empty (JavaSourcePath,).Lucent Sky AVM looks for build artifacts in the buildlibs directory that are JAR files for binary analysis. If the build script generate build artifacts other than JAR files or not in the buildlibs directory, set the JavaBuild scan argument to gradle, then use the BuildOutputPath scan argument to specify the path to the build artifact relative to the base directory. For example, if the base directory is ContosoWeb and the build artifact is ContosoWebbuildlibsContoso.jar, include buildOutputPath,buildlibsContoso.jar in scan arguments. The specified build artifact must have .ear, .jar, or .war as the file extension.Other Gradle project considerations Base directory Scan arguments such as BuildOutputPath and JavaSourcePath are relative to the base directories of the application. The base directory of a Gradle project is the parent directory of the analysis target. For example, if the analysis target is ContosoWebbuild.gradle, the base directory is ContosoWeb. Maven projectMaven project has one or more POM (Project Object Model) files (pom.xml). It may also contains modules, with modules having their own POM file.Navigate to the root of the project directory, and create an archive file with the top-most POM file in the root of the archive file.When creating the scan, specify the relative path to the pom.xml of the project or module in Analysis Target. The packaging attribute of the selected pom.xml should be ear, jar, or war. If Lucent Sky AVM fails to recognize the application as a Maven project, Include JavaBuild,Maven in scan arguments.Lucent Sky AVM uses srcmainjava or srcmaingroovy relative to the base directory as Java source path. To use a different Java source path, set its path relative to the base directory in the JavaSourcePath scan argument. For example, if the base directory is ContosoWeb and the Java source path is ContosoWebsource, include JavaSourcePath,source in scan arguments. If the Java source path is the base directory, set the JavaSourcePath scan argument to empty (JavaSourcePath,).Lucent Sky AVM looks for build artifacts in Maven output that are EAR, JAR, or WAR files for binary analysis. If multiple artifacts are generated during build, all of them will be used as analysis targets. To use one or more specific build artifacts for binary analysis, set the JavaBuild scan argument to maven, then use the BuildOutputPath scan argument to specify the path to the build artifacts. For Maven projects without module, the path should be relative to the base directory. For example, if the base directory is ContosoWeb and the build artifact is ContosoWebtargetjarContoso.war, include BuildOutputPath,targetContoso.war in scan arguments. For multi-modules Maven projects, the path should be relative to the each module's base directory. For example, if the base directories of the modules are api and web, and the build artifacts are apitargetapi.jar and webtargetweb.jar, include BuildOutputPath,target*.jar in scan arguments. The wildcard character (*) can be used to specify build artifacts in different modules. The specified build artifacts must have .ear, .jar, or .war as the file extension.Other Maven project considerations Base directory Scan arguments such as BuildOutputPath, JavaSourcePath, and WebAppPath are relative to the base directories of the application. The base directory of a Maven project is the parent directory of the analysis target. For example, if the analysis target is ContosoWebpom.xml, the base directory is ContosoWeb. The base directories of a multi-module Maven project are the module directories. For example, if the Maven project has the api and web modules, the base directories for the modules are api and web, respectively. Maven profiles Some projects use profiles to control the build process. Set the JavaBuild scan argument to maven, then use the BuildProperties scan argument to supply these profiles. The value of the argument should be the value of the Maven's -P switch. For example, !profile-1,!profile-2,!?profile-3. Web applications Lucent Sky AVM analyzes the application structure to locate the WEB-INF directory. If the WEB-INF directory could not be located correctly, specify the path of the parent directory of WEB-INF relative to the base directory in the WebAppPath scan argument. For example, if the base directory is ContosoWeb and the WEB-INF directory is located at ContosoWebsrcmainwebappWEB-INF, include WebAppPath,srcmainwebapp in scan arguments. If the project contains JSP files, including JSP compilation plugins such as jetty-jspc-maven-plugin or jspc-maven-plugin in the build section of the POM file can increase scan coverage of JSP files. For example: <build> ... <plugins> ... <plugin> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-jspc-maven-plugin</artifactId> <version>${jetty-version}</version> <executions> <execution> <id>jspc</id> <goals> <goal>jspc</goal> </goals> <configuration> <jspc> <smapSuppressed>false</smapSuppressed> <smapDumped>true</smapDumped> </jspc> <keepSources>true</keepSources> <useProvidedScope>true</useProvidedScope> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>${maven-compiler-version}</version> <configuration> <source>1.8</source> <target>1.8</target> </configuration> </plugin> ... </plugins> ... </build> If Lucent Sky AVM encounters compiled JSP bytecode during binary analysis, it will look for its original files in the target/classes directory under the parent directory of the project file. Sbt projectSbt project has one or more build definition files (build.sbt) or a meta-build directory (project).Navigate to the root of the project directory, and create an archive file with the top-most build definition file or the meta-build directory in the root of the archive file.When creating the scan, specify the relative path to the build definition file or meta-build directory of the project in Analysis Target. If Lucent Sky AVM fails to recognize the application as an sbt project, Include JavaBuild,Sbt in scan arguments.Lucent Sky AVM uses srcmainscala or srcmainjava relative to the base directory as Java source path. To use a different source path, set its path relative to the base directory in the JavaSourcePath scan argument. For example, if the base directory is ContosoWebbuild.sbt and the Java source path is ContosoWebsource, include JavaSourcePath,source in scan arguments.Lucent Sky AVM looks for build artifacts in the targetscala-2.13 (2.13 is the Scala version used by the sbt build) directory that are JAR files for binary analysis. If the build script generate build artifacts other than JAR files or not in the targetscala-* directory, set the JavaBuild scan argument to sbt, then use the BuildOutputPath scan argument to specify path to the build artifact relative to the base directory. For example, if the base directory is ContosoWeb and the build artifact is ContosoWebtargetscala-2.13Contoso.jar, include buildOutputPath,targetscala-2.13Contoso.jar in scan arguments. The specified build artifact must have .ear, .jar, or .war as the file extension.Other sbt project considerations Base directory Scan arguments such as BuildOutputPath and JavaSourcePath are relative to the base directories of the application. The base directory of sbt project is the parent directory of the analysis target. For example, if the analysis target is ContosoWebbuild.sbt, the base directory is ContosoWeb. Other project types Eclipse legacy project Eclipse legacy project should has a source code directory named java or src at its root directory. If it is a web application, it should also have a WEB-INF directory contaning web.xml. Navigate to the root of the project directory, and create an archive file with either the java or src directory in the root of the archive file. Web application If the web application can be opened in Eclipse, follow these steps to export a .war file containing .class and .java files: In the Project Explorer window, select and hold (or right-click) the project and select Export. Check Export source files, then select a name for the project and a destination to save the exported file. If the web application is a Maven project, follow these steps to generate a .war file containing .class and .java files: At the command prompt, navigate to the directory containing the top-level pom.xml file of the project. Use a text editor to open the top-level pom.xml file. Locate <build> element, and make sure it contains the following: <build> <resources> <resource> <directory>${basedir}/src/main/java</directory> </resource> </resources> </build> Enter the following command: mvn clean package For porjects using other build systems, follow the instructions of its build system to export a .war file. The exported .war file should contain a WEB-INF directory at its root. The WEB-INF directory should contain a classes directory with source files (.java) and class files (.class), and web.xml. Other considerations Dependencies If the project uses Maven to manage its dependencies, make sure the system can access the feeds used by the project. Direct binary analysis Lucent Sky AVM can directly scan the binary files Java applications, with or without the accompanying source code. Using direct binary analysis speeds up scans, and also enable the complete analysis of applications that cannot be built due to various reasons such as missing source code or SDKs. To scan a Java application using direct binary analysis, specify the relative path to the primary binary file within the archive in Analysis Target when creating a scan. To learn more about how to scan an application using direct binary analysis, view the following article in the Lucent Sky Knowledge Base: Scan an application using direct binary analysis Performance If the application has a large number data files in JSON or XML format, or large number of backup files, it is recommended to either remove them prior to scan or set the ExcludeFileTypes scan argument to Backup, Config, or Backup,Config to exclude these files from analysis and improve analysis performance. If the application has a large number of media files, it is recommended to remove them prior to scan to reduce the amount of storage space required. ", "keywords": "avm, howto, java, jdk, ant, gradle, maven, sbt, eclipse" } , "/en/avm/how-to/scan-lua-application": { "id": "241764", "url": "/en/avm/how-to/scan-lua-application", "title": "Scan a Lua application", "description": "", "date": "2024/10/2", "content" : "This article describes how to scan a Lua application using Lucent Sky AVM.In this article, you will learn how to: Scan a Lua application.At the end, you will be able to scan a Lua application.Lua projectNavigate to the root of the project, and create an archive file that includes the source code files of the project.Other considerations Performance If the application has a large number data files in JSON or XML format, or large number of backup files, it is recommended to either remove them prior to scan or set the ExcludeFileTypes scan argument to Backup, Config, or Backup,Config to exclude these files from analysis and improve analysis performance. If the application has a large number of media files, it is recommended to remove them prior to scan to reduce the amount of storage space required. ", "keywords": "avm, howto, lua" } , "/en/avm/how-to/scan-php-application": { "id": "226203", "url": "/en/avm/how-to/scan-php-application", "title": "Scan a PHP application", "description": "", "date": "2022/10/10", "content" : "This article describes how to scan a PHP application using Lucent Sky AVM.In this article, you will learn how to: Scan a PHP application.At the end, you will be able to scan a PHP application.PHP project**Navigate to the root of the website, and create an archive file that includes the source code files of the website.Other considerations Performance If the application has a large number data files in JSON or XML format, or large number of backup files, it is recommended to either remove them prior to scan or set the ExcludeFileTypes scan argument to Backup, Config, or Backup,Config to exclude these files from analysis and improve analysis performance. If the application has a large number of media files, it is recommended to remove them prior to scan to reduce the amount of storage space required. ", "keywords": "avm, howto, php" } , "/en/avm/how-to/scan-python-application": { "id": "226208", "url": "/en/avm/how-to/scan-python-application", "title": "Scan a Python application", "description": "", "date": "2022/10/10", "content" : "This article describes how to scan a Python application using Lucent Sky AVM.In this article, you will learn how to: Scan a Python application.At the end, you will be able to scan a Python application.Django projectNavigate to the root of the project directory, and create an archive file that include the source code files of the project, with manage.py in the root of the archive file.Other Python projectNavigate to the root of the project directory, and create an archive file that include the source code files of the project, with setup.py (if it has one) in the root of the archive file.Other considerations Performance If the application has a large number data files in JSON or XML format, or large number of backup files, it is recommended to either remove them prior to scan or set the ExcludeFileTypes scan argument to Backup, Config, or Backup,Config to exclude these files from analysis and improve analysis performance. If the application has a large number of media files, it is recommended to remove them prior to scan to reduce the amount of storage space required. ", "keywords": "avm, howto, python, django" } , "/en/avm/troubleshoot/scan-result-code": { "id": "849105", "url": "/en/avm/troubleshoot/scan-result-code", "title": "Lucent Sky AVM scan result code", "description": "", "date": "2025/09/27", "content" : "Lucent Sky AVM generates an eight-digit result code when a scan failed or completed with warnings. This result code will help you diagnose the cause of the errors or warnings. In this article, you can find information about the scan result code you receive and suggestions on resolving the errors and warnings.This article includes scan result codes used in Lucent Sky AVM version 1804 and later. For scan result codes used in an earlier version, contact Lucent Sky support.Scan result codes listA positive result code represents the scan has completed with warnings, and a negative result code represents the scan failed. Error code Description Solution -12100001 (Unzip_Error_InvalidForeignReport) The uploaded foreign report was invalid. Upload a foreign report supported by Lucent Sky AVM. -19999960 (Unzip_Error_IO_GenericError) An I/O error occurred. Try again later. If the problem persists, contact Lucent Sky support. -19999980 (Unzip_Error_System) A system error occurred. Contact Lucent Sky support. -19999990 (Unzip_Error_Unexpected) An unexpected error occurred. Contact Lucent Sky support. -22101001 (LicenseCheck_Error_InvalidLicense) The installed license is invalid. Contact Lucent Sky support. -22102001 (LicenseCheck_Error_Demo_InvalidApplication) The application is not a valid demo application. Scan a demo application instead. -22103001 (LicenseCheck_Error_Trial_CodeSizeLimit) The application exceeds the lines of code limit. Scan an application within the lines of code limit. -22103002 (LicenseCheck_Error_Trial_LibrarySizeLimit) The application exceeds the library size limit. Scan an application within the library size limit. -22104001 (LicenseCheck_Error_Test_CodeSizeLimit) The application exceeds the lines of code limit. Scan an application within the lines of code limit. -22104002 (LicenseCheck_Error_Test_LibrarySizeLimit) The application exceeds the library size limit. Scan an application within the library size limit. -22104011 (LicenseCheck_Error_Test_OpenSourceLicenseLimit) The application is not licensed with an open source license. Scan an application that is licensed with an open source license. -22105001 (LicenseCheck_Error_Standard_CodeSizeLimit) The application exceeds the lines of code limit. Scan an application within the lines of code limit. -22105002 (LicenseCheck_Error_Standard_LibrarySizeLimit) The application exceeds the library size limit. Scan an application within the library size limit. -22201001 (LicenseCheck_Error_ScanQueueFull) No core is available and the scan queue is full. Try again later. To increase the queue size, contact your system administrator. -22201003 (LicenseCheck_Error_ScanQuotaExhausted) Scan quota has been exhausted. Contact Lucent Sky support. -22202001 (LicenseCheck_Error_InvalidFramework) The framework is invalid or not included in the license. Contact Lucent Sky support to obtain a compatible license. -22203001 (LicenseCheck_Error_Restricted) Restrictions of the license have not been met. Contact Lucent Sky support. -29999970 (LicenseCheck_Error_Data) A data error occurred. Contact Lucent Sky support. -29999990 (LicenseCheck_Error_Unexpected) An unexpected error occurred. Contact Lucent Sky support. 31000001 (PreAnalysis_Warning_Generic_FrameworkMismatch) The selected application framework does not match the detected framework of the source code archive. Make sure the selected application framework is correct. 31000101 (PreAnalysis_Warning_DependencyDiscoveryNotAvailable) Advanced dependency discovery was not available. Contact Lucent Sky support. 31000111 (PreAnalysis_Warning_DependencyDiscoveryErrorRecovered) An error occurred in dependency analysis but was recovered.   -32000001 (PreAnalysis_Error_Generic_FrameworkMismatch) The selected application framework does not match the detected framework of the source code archive. Make sure the selected application framework is correct. -32000002 (PreAnalysis_Error_InvalidBinaryAnalysisTarget) Specified binary analysis target was invalid. Make sure the specified binary analysis target is one or more binary files or a directory containing binary files. -32000003 (PreAnalysis_Error_InvalidAnalysisTarget) Specified analysis target was invalid or could not be found. Make sure the specified analysis target exists and is a project file, one or more binary files, or a directory containing binary files. -32000101 (PreAnalysis_Error_UnsupportedArchitecture) The architecture of the system is not supported. Contact Lucent Sky support. -32000103 (PreAnalysis_Error_ProcessUnavailable) The requested pre-analysis process is currently unavailable. Scan the application again. If the problem persists, contact Lucent Sky support. -32000104 (PreAnalysis_Error_NoCompatibleAnalysisEngine) No analysis engine compatible with the specified build process is available. Do not explicitly disable analysis engines in scan arguments. -32000201 (PreAnalysis_Error_ProcessCrashed) Pre-analysis process was terminated unexpectedly. Contact Lucent Sky support. -32000202 (PreAnalysis_Error_ProcessTerminated) Pre-analysis process was terminated due to inactivity. Scan the application again. If the problem persists, contact Lucent Sky support. -32100002 (PreAnalysis_Error_InvalidArguments) The arguments for pre-analysis were invalid. Contact Lucent Sky support. -32990001 (PreAnalysis_Error_Import_ReportSourceNotFound) The report format was not specified and could not be detected. Check if the report is in a supported format, or specify the report format in scan arguments. -39999940 (PreAnalysis_Error_DataMigration) An unexpected error occurred during scan result data migration. Contact Lucent Sky support. -39999950 (PreAnalysis_Error_EngineStop) CLEAR Engine was stopped before the scan was completed. Scan the application again. -39999960 (PreAnalysis_Error_IO_GenericError) An I/O error occurred. Try again later. If the problem persists, contact Lucent Sky support. -39999970 (PreAnalysis_Error_Data) A data error occurred. Contact Lucent Sky support. -39999980 (PreAnalysis_Error_System) A system error occurred. Contact Lucent Sky support. -39999990 (PreAnalysis_Error_Unexpected) An unexpected error occurred. Contact Lucent Sky support. 41110021 (Build_Warning_DotNet_MSB_Failed) MSBuild failed. Check MSBuild logs to resolve build errors. 41110022 (Build_Warning_DotNet_MSB_OutputNotFound) MSBuild did not generate the expected output. If the output path of the specified project is set and cannot be changed, set its output path in the 'BuildOutputPath' scan argument. 41110041 (Build_Warning_DotNet_ASP_PartiallyFailed) Some ASP.NET files were skipped during ASP.NET compilation. Check ASP.NET compilation logs to resolve compilation errors in the skipped files. 41110042 (Build_Warning_DotNet_ASP_Failed) ASP.NET compilation failed. Output from MSBuild will be used instead. Check ASP.NET compilation logs to resolve compilation errors. 41110061 (Build_Warning_DotNet_MSB_Skipped_ASP_PartiallyFailed) MSBuild was skipped. Some ASP.NET files were skipped during ASP.NET compilation. Check ASP.NET compilation logs to resolve compilation errors in the skipped files. 41110062 (Build_Warning_DotNet_MSB_Failed_ASP_PartiallyFailed) MSBuild failed. Some ASP.NET files were skipped during ASP.NET compilation. Check MSBuild logs to resolve build errors. Check ASP.NET compilation logs to resolve compilation errors in the skipped files. 41110063 (Build_Warning_DotNet_MSB_OutputNotFound_ASP_PartiallyFailed) MSBuild did not generate the expected output. Some ASP.NET files were skipped during ASP.NET compilation. If the output path of the specified project is set and cannot be changed, set its output path in the 'BuildOutputPath' scan argument. Check ASP.NET compilation logs to resolve compilation errors in the skipped files. 41200161 (Build_Warning_Java_ILG_CircularDependencies) One or more circular dependencies were detected. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search. If the problem persists, contact Lucent Sky support. 41200162 (Build_Warning_Java_ILG_DuplicatedJars) Duplicated .jar files in class path were detected. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search. If the problem persists, contact Lucent Sky support. 41200321 (Build_Warning_Java_JRZ_PAR) Some third-party libraries were skipped during binary analysis.   41210161 (Build_Warning_Java_Maven_ILG_CircularDependencies) One or more circular dependencies were detected. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search. If the problem persists, contact Lucent Sky support. 41210162 (Build_Warning_Java_Maven_ILG_DuplicatedJars) Duplicated .jar files in class path were detected. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search. If the problem persists, contact Lucent Sky support. 41210321 (Build_Warning_Java_Maven_JRZ_PAR) Some third-party libraries were skipped during binary analysis.   41220041 (Build_Warning_Java_Ant_JspSkipped) All JSP files were skipped during compilation. Check the Jasper section in Ant logs to resolve compilation errors. 41220042 (Build_Warning_Java_Ant_JspPartiallySkipped) Some JSP files were skipped during compilation. Check the Jasper section in Ant logs to resolve compilation errors. 41220321 (Build_Warning_Java_Ant_ILG_CircularDependencies) One or more circular dependencies were detected. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search. If the problem persists, contact Lucent Sky support. 41220322 (Build_Warning_Java_Ant_ILG_DuplicatedJars) Duplicated .jar files in class path were detected. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search. If the problem persists, contact Lucent Sky support. 41220361 (Build_Warning_Java_Ant_JspSkipped_ILG_CircularDependencies) All JSP files were skipped during compilation. One or more circular dependencies were detected. Check the Jasper section in Ant logs to resolve compilation errors. 41220362 (Build_Warning_Java_Ant_JspPartiallySkipped_ILG_CircularDependencies) Some JSP files were skipped during compilation. One or more circular dependencies were detected. Check the Jasper section in Ant logs to resolve compilation errors. 41220363 (Build_Warning_Java_Ant_JspSkipped_ILG_DuplicatedJars) All JSP files were skipped during compilation. Duplicated .jar files in class path were detected. Check the Jasper section in Ant logs to resolve compilation errors. 41220364 (Build_Warning_Java_Ant_JspPartiallySkipped_ILG_DuplicatedJars) Some JSP files were skipped during compilation. Duplicated .jar files in class path were detected. Check the Jasper section in Ant logs to resolve compilation errors. 41220641 (Build_Warning_Java_Ant_JRZ_PAR) Some third-party libraries were skipped during binary analysis.   41220681 (Build_Warning_Java_Ant_JspSkipped_JRZ_PAR) All JSP files were skipped during compilation. Some third-party libraries were skipped during binary analysis. Check the Jasper section in Ant logs to resolve compilation errors. 41220682 (Build_Warning_Java_Ant_JspPartiallySkipped_JRZ_PAR) Some JSP files were skipped during compilation. Some third-party libraries were skipped during binary analysis. Check the Jasper section in Ant logs to resolve compilation errors. 41230161 (Build_Warning_Java_Gradle_ILG_CircularDependencies) One or more circular dependencies were detected. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search. If the problem persists, contact Lucent Sky support. 41230162 (Build_Warning_Java_Gradle_ILG_DuplicatedJars) Duplicated .jar files in class path were detected. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search. If the problem persists, contact Lucent Sky support. 41230321 (Build_Warning_Java_Gradle_JRZ_PAR) Some third-party libraries were skipped during binary analysis.   -42000001 (Build_Error_BuildUnavailable) Build engines are disabled on the cluster and no source code analysis engine is available.   -42000002 (Build_Error_ValidBinaryNotFound) No valid binary file was found. If the web application only contains front-end files (such as '.aspx' or '.jsp'), Set the scan argument 'AnalysisEngines' to '20' to disable binary analysis. -42110011 (Build_Error_DotNet_MSB_ProjectNotFound_ASP_WebConfigNotFound) MSBuild was skipped because a project file was not found. ASP.NET compilation was skipped because 'web.config' was not found. If the application is a web application, specify its project file when creating the scan; if the application is a web site, make sure its web.config is included. -42110012 (Build_Error_DotNet_SCK_BinaryAnalysisTargetNotFound) The specified binary analysis target does not exist. Specify the relative path to the binary analysis target in the source code archive in 'Analysis Target'. -42110061 (Build_Error_DotNet_MSB_Skipped_ASP_Failed) MSBuild was skipped. ASP.NET compilation failed. Check ASP.NET compilation logs to resolve compilation errors. -42110062 (Build_Error_DotNet_MSB_Failed_ASP_Skipped) MSBuild failed. ASP.NET compilation was skipped. Check MSBuild logs to resolve build errors -42110063 (Build_Error_DotNet_MSB_Failed_ASP_Failed) MSBuild failed. ASP.NET compilation failed. Check MSBuild logs and ASP.NET compilation logs to resolve build and compilation errors. -42110064 (Build_Error_DotNet_MSB_OutputNotFound_ASP_Failed) MSBuild did not generate the expected output. ASP.NET compilation failed. Check MSBuild logs and ASP.NET compilation logs to resolve build and compilation errors. -42110065 (Build_Error_DotNet_MSB_OutputNotFound_ASP_Skipped) MSBuild did not generate the expected output. ASP.NET compilation skipped. If the output of the specified project cannot be changed, set its output path in the 'BuildOutputPath' scan argument. -42200041 (Build_Error_Java_IPR_LibraryNotFound) The runtime library or Tomcat library was not found. Check if the specified runtime is corrupted. -42200080 (Build_Error_Java_ILG_CDRGenericError) A generic error occurred during IL generation. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search, or set the 'JavaCompilation' scan argument to 'alt' to use the alternative compilation algorithm. If the problem persists, contact Lucent Sky support. -42200160 (Build_Error_Java_ILG_JDLGenericError) A generic error occurred during IL generation. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search, or set the 'JavaCompilation' scan argument to 'alt' to use the alternative compilation algorithm. If the problem persists, contact Lucent Sky support. -42210011 (Build_Error_Java_Maven_SCK_PomNotFound) A POM file was not specified and could not be located automatically. Specify the path to the POM file, such as 'pom.xml', when creating the scan. -42210013 (Build_Error_Java_Maven_SCK_BinaryAnalysisTargetNotFound) The specified binary analysis target does not exist. Specify the relative path to the binary analysis target in the source code archive in 'Analysis Target'. -42210020 (Build_Error_Java_Maven_MVN_GenericError) One or more Maven build errors occurred when building the application. Check Maven logs to resolve build and compilation errors. -42210021 (Build_Error_Java_Maven_MVN_BuildFailed) One or more Maven build errors occurred when building the application. Check Maven logs to resolve build and compilation errors. -42210022 (Build_Error_Java_Maven_MVN_OutputNotFound) Maven build artifact was not found. Make sure Maven is set to generate a '.ear', '.jar' or '.war' file as output. -42210041 (Build_Error_Java_Maven_IPR_LibraryNotFound) The runtime library or Tomcat library was not found. Check if the specified runtime is corrupted. -42210080 (Build_Error_Java_Maven_ILG_CDRGenericError) A generic error occurred during IL generation. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search, or set the 'JavaCompilation' scan argument to 'alt' to use the alternative compilation algorithm. If the problem persists, contact Lucent Sky support. -42210160 (Build_Error_Java_Maven_ILG_JDLGenericError) A generic error occurred during IL generation. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search, or set the 'JavaCompilation' scan argument to 'alt' to use the alternative compilation algorithm. If the problem persists, contact Lucent Sky support. -42220012 (Build_Error_Java_Ant_SCK_SourcePathNotFound) A valid Java source path could not be located, or the path specified in the 'JavaSourcePath' scan argument does not exist. Specify the relative path to Java source root in the 'JavaSourcePath' scan argument. If the application does not contain '.java' files, set the scan argument 'AnalysisEngines' to '20' to disable binary analysis. -42220013 (Build_Error_Java_Ant_SCK_ProjectFileNotFound) The specified 'build.xml' was not found. Check if the specified 'build.xml' exists. -42220014 (Build_Error_Java_Ant_SCK_BinaryAnalysisTargetNotFound) The specified binary analysis target does not exist. Specify the relative path to the binary analysis target in the source code archive in 'Analysis Target'. -42220040 (Build_Error_Java_Ant_GenericError) One or more Ant build errors occurred when building the application. Check Ant logs to resolve build and compilation errors. -42220041 (Build_Error_Java_Ant_BuildFailed) One or more Ant build errors occurred when building the application. Check Ant logs to resolve build and compilation errors. -42220042 (Build_Error_Java_Ant_OutputNotFound) Ant build artifact was not found. Contact Lucent Sky support. -42220043 (Build_Error_Java_Ant_BuildFailed_WhenRunningJavaCompilation) One or more Ant errors occurred during Java compilation. Check the Ant logs to resolve the build errors. -42220044 (Build_Error_Java_Ant_BuildFailed_WhenGeneratingJar) One or more Ant errors occurred during JAR generation. Check the Ant logs to resolve the build errors. -42220081 (Build_Error_Java_Ant_IPR_LibraryNotFound) The runtime library or Tomcat library was not found. Check if the specified runtime is corrupted. -42220160 (Build_Error_Java_Ant_ILG_CDRGenericError) A generic error occurred during IL generation. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search, or set the 'JavaCompilation' scan argument to 'alt' to use the alternative compilation algorithm. If the problem persists, contact Lucent Sky support. -42220320 (Build_Error_Java_Ant_ILG_JDLGenericError) A generic error occurred during IL generation. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search, or set the 'JavaCompilation' scan argument to 'alt' to use the alternative compilation algorithm. If the problem persists, contact Lucent Sky support. -42230011 (Build_Error_Java_Gradle_SCK_BuildScriptNotFound) A build script file was not specified and could not be located automatically. Specify the path to the build script file, such as 'build.gradle', when creating the scan. -42230013 (Build_Error_Java_Gradle_SCK_BinaryAnalysisTargetNotFound) The specified binary analysis target does not exist. Specify the relative path to the binary analysis target in the source code archive in 'Analysis Target'. -42230020 (Build_Error_Java_Gradle_GDL_GenericError) One or more Gradle build errors occurred when building the application. Check Gradle logs to resolve build and compilation errors. -42230021 (Build_Error_Java_Gradle_GDL_BuildFailed) One or more Gradle build errors occurred when building the application. Check Gradle logs to resolve build and compilation errors. -42230022 (Build_Error_Java_Gradle_GDL_OutputNotFound) Gradle build artifact was not found. Make sure Gradle is set to generate a '.ear', '.jar' or '.war' file as output. -42230041 (Build_Error_Java_Gradle_IPR_LibraryNotFound) The runtime library or Tomcat library was not found. Check if the specified runtime is corrupted. -42230080 (Build_Error_Java_Gradle_ILG_CDRGenericError) A generic error occurred during IL generation. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search, or set the 'JavaCompilation' scan argument to 'alt' to use the alternative compilation algorithm. If the problem persists, contact Lucent Sky support. -42230160 (Build_Error_Java_Gradle_ILG_JDLGenericError) A generic error occurred during IL generation. Set the 'LibrarySearchMode' scan argument to '0' to use passive reference search, or set the 'JavaCompilation' scan argument to 'alt' to use the alternative compilation algorithm. If the problem persists, contact Lucent Sky support. -42240011 (Build_Error_Java_Sbt_SCK_BuildScriptNotFound) A build script file was not specified and could not be located automatically. Specify the path to the build script file, such as 'build.sbt', when creating the scan. -42240013 (Build_Error_Java_Sbt_SCK_BinaryAnalysisTargetNotFound) The specified binary analysis target does not exist. Specify the relative path to the binary analysis target in the source code archive in 'Analysis Target'. -42240020 (Build_Error_Java_Sbt_SBT_GenericError) One or more sbt build errors occurred when building the application. Check sbt logs to resolve build and compilation errors. -42240021 (Build_Error_Java_Sbt_SBT_BuildFailed) One or more sbt build errors occurred when building the application. Check sbt logs to resolve build and compilation errors. -42240022 (Build_Error_Java_Sbt_SBT_OutputNotFound) Sbt build artifact was not found. Make sure sbt is set to generate a '.ear', '.jar' or '.war' file as output. -42240023 (Build_Error_Java_Sbt_SBT_BuildWarning) One or more warnings occurred during sbt build. Check sbt logs to resolve these warnings and try again. 43000001 (Build_Warning_OpportunisticAnalysisFallback) Build failed. Binary analysis was skipped and additional source code analysis was included. To prevent additional source code analysis from being included when build failed, set 'OpportunisticAnalysis' to 'false' in the storage configuration file. 43000002 (Build_Warning_OpportunisticBinaryAnalysisFallback) Build failed. Existing build artifacts were used for binary analysis. To prevent the use of existing build artifacts for binary analysis when build failed, set 'OpportunisticAnalysis' to 'false' in the storage configuration file. 43200320 (Build_Warning_Java_ILG_JRZ_GenericError) A generic error occurred during IL generation. The scan used secondary binary analysis engine.   43210320 (Build_Warning_Java_Maven_ILG_JRZ_GenericError) A generic error occurred during IL generation. The scan used secondary binary analysis engine.   43220640 (Build_Warning_Java_Ant_ILG_JRZ_GenericError) A generic error occurred during IL generation. The scan used secondary binary analysis engine.   43230320 (Build_Warning_Java_Gradle_ILG_JRZ_GenericError) A generic error occurred during IL generation. The scan used secondary binary analysis engine.   -49999960 (Build_Error_IO_GenericError) An I/O error occurred. Try again later. If the problem persists, contact Lucent Sky support. -49999970 (Build_Error_Data) A data error occurred. Contact Lucent Sky support. -49999980 (Build_Error_System) A system error occurred. Contact Lucent Sky support. -49999990 (Build_Error_Unexpected) An unexpected error occurred. Contact Lucent Sky support. -52000001 (Importation_Error_Import_InvalidReportSource) The report source is invalid. Use a report from a supported tool. -52000002 (Importation_Error_Import_InvalidReportFormat) Report importation failed because the format of the report is invalid. Verify the report is not corrupted, or generate a new report and try again. If the problem persists, contact Lucent Sky support. -59999970 (Importation_Error_Data) A data error occurred. Contact Lucent Sky support. -59999990 (Importation_Error_Unexpected) An unexpected error occurred. Contact Lucent Sky support. 61000111 (DependencyAnalysis_Warning_ErrorRecovered) An error occurred in dependency analysis but was recovered.   61200002 (DependencyAnalysis_Warning_IntelligenceOffline) Real-time intelligence operation mode is set to offline. Some dependency analysis was skipped. To enable real-time intelligence, make sure CLEAR Engine has Internet connectivity. -62100001 (DependencyAnalysis_Error_UnsupportedArchitecture) The architecture of the system is not supported. Contact Lucent Sky support. -62100002 (DependencyAnalysis_Error_InvalidArguments) The arguments for dependency analysis were invalid. Contact Lucent Sky support. -62100003 (DependencyAnalysis_Error_ProcessUnavailable) The requested dependency analysis process is currently unavailable. Scan the application again. If the problem persists, contact Lucent Sky support. -62200000 (DependencyAnalysis_Error_Generic) An unexpected error occurred in dependency analysis. Contact Lucent Sky support. -62200001 (DependencyAnalysis_Error_ProcessCrashed) Dependency analysis process was terminated unexpectedly. Contact Lucent Sky support. -62200002 (DependencyAnalysis_Error_ProcessTerminated) Dependency analysis process was terminated due to inactivity. Scan the application again. If the problem persists, contact Lucent Sky support. -69999970 (DependencyAnalysis_Error_Data) A data error occurred. Contact Lucent Sky support. -69999980 (DependencyAnalysis_Error_System) A system error occurred. Contact Lucent Sky support. -69999990 (DependencyAnalysis_Error_Unexpected) An unexpected error occurred. Contact Lucent Sky support. 71200001 (BinaryAnalysis_Warning_PartiallySucceeded) One or more errors occurred when analyzing some binary analysis targets, but the scan continued because opportunistic analysis was enabled. Review scan logs to see the details of the errors. To make the scan fail when errors occurred when analyzing any binary analysis file, set 'OpportunisticAnalysis' to 'false'. 71200002 (BinaryAnalysis_Warning_MismatchingBinary) One or more binary analysis targets are missing symbols or accompanying source files. Check scan logs to review the binary analysis targets that are missing symbols or accompanying source files, and make sure that they were built from the accompany source files with debug symbols. If all binary analysis targets have symbols and accompanying source files, ignore this warning. 71200003 (BinaryAnalysis_Warning_SymbolMissing) Symbol files are missing or incompatible. Check if the specified binary targets include symbols or have accompanying symbol files. 71200004 (BinaryAnalysis_Warning_NoJavaSourcePath) One or more source files do not have a valid Java source path. Specify the Java source path relative to the analysis target or project file in the 'JavaSourcePath' scan argument. 71200005 (BinaryAnalysis_Warning_InvalidJavaSourcePath) The specified Java source path is invalid for one or more source files. Specify the Java source path relative to the analysis target or project file in the 'JavaSourcePath' scan argument. 71200006 (BinaryAnalysis_Warning_MismatchingBinary_NoJavaSourcePath) One or more binary analysis targets are missing symbols or accompanying source files, or one or more source files do not have a valid Java source path. Check scan logs to review the binary analysis targets that are missing symbols or accompanying source files, and make sure that they were built from the accompany source files with debug symbols. If the problem persists, specify the Java source path relative to the analysis target or project file in the 'JavaSourcePath' scan argument. If all binary analysis targets have symbols and accompanying source files, ignore this warning. 71200007 (BinaryAnalysis_Warning_MismatchingBinary_InvalidJavaSourcePath) One or more binary analysis targets are missing symbols or accompanying source files, or the specified Java source path is invalid for one or more source files. Check scan logs to review the binary analysis targets that are missing symbols or accompanying source files, and make sure that they were built from the accompany source files with debug symbols. If the problem persists, specify the Java source path relative to the analysis target or project file in the 'JavaSourcePath' scan argument. If all binary analysis targets have symbols and accompanying source files, ignore this warning. -72100001 (BinaryAnalysis_Error_UnsupportedArchitecture) The architecture of the system is not supported. Contact Lucent Sky support. -72100002 (BinaryAnalysis_Error_InvalidArguments) The arguments for binary analysis were invalid. Contact Lucent Sky support. -72100003 (BinaryAnalysis_Error_ProcessUnavailable) The requested binary analysis process is currently unavailable. Scan the application again. If the problem persists, contact Lucent Sky support. -72200000 (BinaryAnalysis_Error_Generic) An unexpected error occurred in binary analysis. Contact Lucent Sky support. -72200001 (BinaryAnalysis_Error_ProcessCrashed) Binary analysis process was terminated unexpectedly. Contact Lucent Sky support. -72200002 (BinaryAnalysis_Error_ProcessTerminated) Binary analysis process was terminated due to inactivity. Scan the application again. If the problem persists, contact Lucent Sky support. -72200011 (BinaryAnalysis_Error_ProcessOutOfMemory) Binary analysis process was terminated because there is not enough memory to continue. Set the 'MemoryStrategy' scan argument to '2' or '4' to increase the memory available for binary analysis. -72200012 (BinaryAnalysis_Error_StackOverflow) Binary analysis process was terminated because the allocated memory is not enough. Set the 'MemoryStrategy' scan argument to '16' or '32' to increase the memory allocated for binary analysis. If the problem persists, set the 'SplitScan' scan argument to 'File', 'Rule', or 'All' to disable parallel binary analysis. -72300001 (BinaryAnalysis_Error_ValidBinaryNotFound) No valid binary file was found. If the web application only contains front-end files (such as '.aspx' or '.jsp'), Set the scan argument 'AnalysisEngines' to '20' to disable binary analysis. -72300002 (BinaryAnalysis_Error_ConflictingBinary) The specified binary analysis targets are in conflict. Check if the specified binary targets were created in the same build. -79999970 (BinaryAnalysis_Error_Data) A data error occurred. Contact Lucent Sky support. -79999980 (BinaryAnalysis_Error_System) A system error occurred. Contact Lucent Sky support. -79999990 (BinaryAnalysis_Error_Unexpected) An unexpected error occurred. Contact Lucent Sky support. 81200001 (SourceCodeAnalysis_Warning_PartiallySucceeded) Some files were skipped in source code analysis. Contact Lucent Sky support. 81200011 (SourceCodeAnalysis_Warning_SupplementaryProcessCrashed) Supplementary source code analysis process was terminated unexpectedly. Set the 'MemoryStrategy' scan argument to '2' or '4' to increase the memory available for supplementary source code analysis. If the problem persists, contact Lucent Sky support. 81200012 (SourceCodeAnalysis_Warning_SupplementaryProcessTerminated) Supplementary source code analysis process was terminated due to inactivity. Scan the application again. If the problem persists, contact Lucent Sky support. -82100001 (SourceCodeAnalysis_Error_UnsupportedArchitecture) The architecture of the system is not supported. Contact Lucent Sky support. -82100002 (SourceCodeAnalysis_Error_InvalidArguments) The arguments for source code analysis were invalid. Contact Lucent Sky support. -82100003 (SourceCodeAnalysis_Error_ProcessUnavailable) The requested source code analysis process is currently unavailable. Scan the application again. If the problem persists, contact Lucent Sky support. -82200000 (SourceCodeAnalysis_Error_Generic) An unexpected error occurred in Source code analysis. Contact Lucent Sky support. -82200001 (SourceCodeAnalysis_Error_ProcessCrashed) Source code analysis process was terminated unexpectedly. Separate the application into smaller parts and scan them individually. If the problem persists, contact Lucent Sky support. -82200002 (SourceCodeAnalysis_Error_ProcessTerminated) Source code analysis process was terminated due to inactivity. Scan the application again. If the problem persists, contact Lucent Sky support. -82200011 (SourceCodeAnalysis_Error_ApplicationNotFound) A valid application was not found. Specify the relative path to the application root in the source code archive in 'Analysis Target'. -82200012 (SourceCodeAnalysis_Error_InvalidApplication) The application contains invalid source code. Check the application for compilation errors and make sure that the correct runtime is selected. -89999960 (SourceCodeAnalysis_Error_IO_GenericError) An I/O error occurred. Try again later. If the problem persists, contact Lucent Sky support. -89999970 (SourceCodeAnalysis_Error_Data) A data error occurred. Contact Lucent Sky support. -89999980 (SourceCodeAnalysis_Error_System) A system error occurred. Contact Lucent Sky support. -89999990 (SourceCodeAnalysis_Error_Unexpected) An unexpected error occurred. Contact Lucent Sky support. -99999970 (HybridAnalysis_Error_Data) A data error occurred. Contact Lucent Sky support. -99999990 (HybridAnalysis_Error_Unexpected) An unexpected error occurred. Contact Lucent Sky support. -109999970 (Mitigation_Error_Data) A data error occurred. Contact Lucent Sky support. -109999990 (Mitigation_Error_Unexpected) An unexpected error occurred. Contact Lucent Sky support. -119999970 (Validation_Error_Data) A data error occurred. Contact Lucent Sky support. -119999990 (Validation_Error_Unexpected) An unexpected error occurred. Contact Lucent Sky support. ", "keywords": "avm, troubleshoot, dotnet, android, asp, cpp, ios, go, java, php, python, ruby, visualbasic" } , "/en/avm/how-to/scan-ruby-application": { "id": "226212", "url": "/en/avm/how-to/scan-ruby-application", "title": "Scan a Ruby application", "description": "", "date": "2022/10/10", "content" : "This article describes how to scan a Ruby application using Lucent Sky AVM.In this article, you will learn how to: Scan a Ruby application.At the end, you will be able to scan a Ruby application.Ruby projectNavigate to the root of the project, and create an archive file that includes the source code files of the project.Other considerations Performance If the application has a large number data files in JSON or XML format, or large number of backup files, it is recommended to either remove them prior to scan or set the ExcludeFileTypes scan argument to Backup, Config, or Backup,Config to exclude these files from analysis and improve analysis performance. If the application has a large number of media files, it is recommended to remove them prior to scan to reduce the amount of storage space required. ", "keywords": "avm, howto, ruby, rails" } , "/en/avm/how-to/scan-rust-application": { "id": "249026", "url": "/en/avm/how-to/scan-rust-application", "title": "Scan a Rust application", "description": "", "date": "2024/10/2", "content" : "This article describes how to scan a Rust application using Lucent Sky AVM.In this article, you will learn how to: Scan a Rust application.At the end, you will be able to scan a Rust application.Rust projectNavigate to the root of the project, and create an archive file that includes the source code files of the project.Other considerations Performance If the application has a large number data files in JSON or XML format, or large number of backup files, it is recommended to either remove them prior to scan or set the ExcludeFileTypes scan argument to Backup, Config, or Backup,Config to exclude these files from analysis and improve analysis performance. If the application has a large number of media files, it is recommended to remove them prior to scan to reduce the amount of storage space required. ", "keywords": "avm, howto, rust" } , "/en/avm/how-to/scan-static-website": { "id": "226209", "url": "/en/avm/how-to/scan-static-website", "title": "Scan a static website", "description": "", "date": "2022/10/10", "content" : "This article describes how to scan a static website using Lucent Sky AVM.In this article, you will learn how to: Scan a module developed with ECMAScript. Scan a static website.At the end, you will be able to scan a module developed with ECMAScript and scan a static website.ModuleModules developed with an ECMAScript-compliant language, such as JavaScript or TypeScript, can be scanned using the static website technology stack.CommonJS moduleNavigate to the root of the application, and create an archive file that includes the source code files of the website.When creating the scan, Include EcmaScriptType,Module in scan arguments.ECMAScript moduleNavigate to the root of the application, and create an archive file that includes the source code files of the website.When creating the scan, Include EcmaScriptType,Module in scan arguments.Static websiteNavigate to the root of the website, and create an archive file that includes the source code files of the website.Other considerations Performance If the application has a large number data files in JSON or XML format, or large number of backup files, it is recommended to either remove them prior to scan or set the ExcludeFileTypes scan argument to Backup, Config, or Backup,Config to exclude these files from analysis and improve analysis performance. If the application has a large number of media files, it is recommended to remove them prior to scan to reduce the amount of storage space required. ", "keywords": "avm, howto, staticweb, commonjs, ecmascript" } , "/en/avm/how-to/scan-visual-basic-application": { "id": "226210", "url": "/en/avm/how-to/scan-visual-basic-application", "title": "Scan a Visual Basic application", "description": "", "date": "2022/10/10", "content" : "This article describes how to scan a Visual Basic application using Lucent Sky AVM.For Visual Basic .NET applications, view the following article in the Lucent Sky Knowledge Base:Scan an .NET applicationVisual Basic 6 projectNavigate to the root of the project, and create an archive file that include the source code files of the project,.Other considerations Performance If the application has a large number data files in JSON or XML format, or large number of backup files, it is recommended to either remove them prior to scan or set the ExcludeFileTypes scan argument to Backup, Config, or Backup,Config to exclude these files from analysis and improve analysis performance. If the application has a large number of media files, it is recommended to remove them prior to scan to reduce the amount of storage space required. ", "keywords": "avm, howto, visualbasic" } , "/en/avm/how-to/scan-with-advanced-options": { "id": "813534", "url": "/en/avm/how-to/scan-with-advanced-options", "title": "Scan an application with advanced options", "description": "", "date": "2023/6/12", "content" : "While the default scanning options will work for scanning most applications, Lucent Sky AVM provides advanced scan options to fine-tune the analysis and remediation behaviors. This article describes the scan options available and when to use them.In this article, you will learn how to: Scan a specific project inside the source code archive or directory. Scan with a custom set of weakness policies. Scan with a custom set of vectors.At the end, you will be able to scan a specific project, and scan with a custom set of weakness policies or vectors.Scan a specific project inside the source code archive or directoryLucent Sky AVM has the capability of automatically detecting the project inside a source code archive or directory. However, if the source code archive or directory contains multiple potential project files (such as multiple .*proj, build.xml, or pom.xml files), Lucent Sky AVM might not be able to select the correct project. By specifying the relative path of the project file inside the source code archive or directory, Lucent Sky AVM will be able to correctly identify the project and use the project as the entry point of the scan. To learn more about how to choose the correct project file, view the following article in the Lucent Sky Knowledge Base:Prepare an application for scanningScan with a custom set of weakness policiesThe built-in rule package includes a set of policies setting which weaknesses should be identified and remediated. This behavior can be changed by specifying a custom set of weakness policies. There are two types of policies: security standard (such as OWASP Top 10) and CWE (such as CWE-79). Combining different types of weakness policies is not supported.Security standard weakness policyUse security standard weakness policies to identify and remediate weaknesses included in these security standards. Each security standard weakness policy has two parts, the security standard and the corresponding behavior. Available security standards are CWE Top 25 (CWETop25), OWASP ASVS (OWASPASVS), OWASP Top 10 combined list (OWASPTop10), OWASP Top 10 individual lists (OWASPTop102004, OWASPTop102007, OWASPTop102010, OWASPTop102013, OWASPTop102017, OWASPTop102021, OWASPMobileTop102014, and OWASPMobileTop102016), PCI DSS (PCIDSS3 for v3.2.1 and PCIDSS4 for v4.0), and SANS Top 25 (SANSTop25). Available behaviors are identify and remediate (2) and only identify (1). To enable multiple security standards, separate them by semicolons.If a weakness is included in multiple enabled security standard weakness policies with different behaviors, identify and remediate (2) prevails. Weaknesses not included in any of the enabled security standard weakness policies are set to ignore. For example, OWASPTop10,1;PCIDSS4,2 sets the weaknesses in OWASP Top 10 to identify, the weaknesses in PCI DSS v4.0 to identify and remediate, and all other weaknesses to ignore.CWE weakness policyUse CWE weakness policies to explicitly set the behavior of certain weaknesses. Each CWE weakness policy has two parts, the CWE ID and the corresponding behavior. Available behaviors are identify and remediate (2), only identify (1), and ignore (0). To specify multiple CWE weakness policies, separate them by semicolons. Weaknesses not specified retain their default behaviors.For example, CWE79,0;CWE501,2 sets CWE-79 to ignore, CWE-501 to identify and remediate, and lets all other CWE weaknesses retain their default behaviors.Scan with a custom set of vectorsVectors are data that Lucent Sky AVM considers to be in a different trust sphere than the one the application operates in, such as user input of a web form or the content of an external file. Lucent Sky AVM has a set of vectors enabled by default, but each organization and each application might have its own definition of what data should be considered untrusted. For example, if the database of an application is considered within the same trust sphere as the application itself, the database vector can be disabled when scanning the application to reduce false positives.The following vectors are available: Client - user input through client-side logic, such as JavaScript, that does not interact with server-side logic. Database - data from a database or a data source commonly classified as a database, such as XML files. Dependency - dependencies used by the application, such as packages from public package repositories and other common open source libraries. Exception - information of an exception message or stack trace. File System - file name, metadata, or content from a file on the local file system or a network share. MVC Entry Point - user input through a MVC controller or a MVVM view model. None - data without a vector, such as a hard-coded password in the source code. Public Method - the parameters of a public method. Parameters of public methods are not directly externally-influenced in most circumstances. Private Method - the parameters of a private or protected method. Parameters of private and protected methods are not directly externally-influenced in most circumstances. Untrusted - data from a source marked as untrusted in a custom rule. This vector is reserved for use by custom rule packages. User Input - user input from a non-web source, such as command line arguments or text inputs on a GUI. Web Request - content of a web request. Web Service - data from an external web service.Vectors in italic are disabled by default.Scan with scan argumentsScan arguments provide precise control over the scan process, and are powerful tools to fine-tune how an application is built, analyzed, and remediated. While they are powerful, misusing scan arguments can cause serious problems. Scan arguments should only be used when suggested as a solution to a scan error or when advised to use one by Lucent Sky support.Scan arguments are name-value-pairs separated by semicolons. For example, FirstArgument,foo;SecondArgument,bar. The name of scan arguments are not case-sensitive, but the value of scan arguments might be.", "keywords": "avm, howto, interface, weakness-policies, vectors, scan-arguments" } , "/en/avm/how-to/scan-with-autopilot": { "id": "234824", "url": "/en/avm/how-to/scan-with-autopilot", "title": "Scan an application using autopilot", "description": "", "date": "2023/7/6", "content" : "Autopilot is an interface feature that automatically identifies technical information of an application, such as its framework(s), and creates the corresponding scans. Autopilot enables stakeholders to scan applications without technical knowledge of them. This article describes how to use autopilot to scan an application that might contain code from multiple frameworks.In this article, you will learn how to: Create a new autopilot scan for an application. Create subsequent autopilot scan for an application. Change autopilot scan settings for an application.At the end, you will be able to create a new autopilot scan for an application.Create a new autopilot scan for an application Create a zip file containing all source code and dependencies of the application. Open the Web UI using a browser and sign in with your credentials. Select New Application on the Action Bar, then select Autopilot. Enter the name of the application, and optionally enter one or more tags (separated by commas) to categorize the application. Under source code, choose the zip file you created previously. You can also change the scan arguments, rule package, weakness policies, and vectors. These options will be used by this and subsequent autopilot scans of this application. Once you are finished, select Start to start the autopilot scan. The Web UI will create a new application and a new scan for each framework identified in the source code archive. You will be redirected to the home page so you can review the created applications and scans.Create subsequent autopilot scans for an application Create a zip file containing all source code and dependencies of the application. Open the Web UI using a browser and sign in with your credentials. Select the application that was created by the first autopilot scan, then select Create. If multiple applications were created by the first autopilot scan, you can select any of them. Under source code, choose the zip file you created previously. Then select Start to start the autopilot scan. The Web UI will create new applications if additional frameworks are identified. It will then create a scan for each framework using the settings from the first autopilot scan. You will be redirected to the home page so you can review the created applications and scans.Change autopilot scan settings for an application Open the Web UI using a browser and sign in with your credentials. Select the application that was created by the first autopilot scan, then select Settings. Change the options as necessary, then select Save. If you made change to Application name, Application tags, Member users, Member group, Scan arguments, Rule package, Weakness policies, or Vectors, repeat these changes on all applications created by the first autopilot scan. Repository has no effect for autopilot scans.", "keywords": "avm, howto, interface, webui, cli, autopilot" } , "/en/avm/how-to/scan-with-configuration-file": { "id": "211343", "url": "/en/avm/how-to/scan-with-configuration-file", "title": "Scan an application with a configuration file", "description": "", "date": "2022/9/29", "content" : "While Lucent Sky AVM offers a wide variety of scan options, setting up a scan with these advanced options can be laborious. With configuration as code, scan settings can be stored in a configuration file along with the code base. When a scan starts, settings in the configuration file will be used to configure the scan.This article describes how to use configuration as code to scan an application with advanced options.In this article, you will learn how to: Create a YAML configuration file Scan an application using settings in the configuration fileAt the end, you will be able to create a YAML configuration file and scan an application with settings in the configuration file.Create a YAML configuration fileThe configuration file supports the following scan settings, AnalysisTarget, Arguments, WeaknessPolicies, and Vectors.Each of the scan setting is represented as a string tag. If a tag does not exist in the configuration file or has null as its value, existing settings will be used. To explicitly set an empty string as the value of a setting, use a pair of single quotes.The valid values for each of the scan settings are identical as those accepted by the CLI. To learn more about scan settings, view the following article in the Lucent Sky Knowledge Base:Lucent Sky AVM CLI Reference Create an empty text file in the root of the application with the name lucent-sky-avm-config.yaml. Insert the following content to the file: AnalysisTarget: 'ContosoWebContosoWeb.csproj' Arguments: '' WeaknessPolicies: 'CWE330,0' Vectors: The above example sets the analysis target to ContosoWebContosoWeb.csproj, clears existing scan arguments, sets the weakness policies to CWE330,0, and uses existing setting for vectors. Create a .zip file containing the application, with the configuration file in the root of the archive file.Scan an application using settings in the configuration file Use the Web UI to create a new scan. In the scan settings, make sure Analysis Target and Weakness Policies are empty, insert MsBuild,12 to Scan Arguments, and uncheck Client from Vectors. Upload the source code archive with the configuration file to start the scan. Once the scan is completed, go to the scan details page and confirm the following: Analysis Target shows ContosoWebContosoWeb.csproj as set in the configuration file Scan Arguments shows Default as set in the configuration file Weakness Policies shows CWE330,0 as set in the configuration file Vectors does not include Client as the configuration file did not set Vectors and the settings when creating the scan were used To prevent a scan from using settings in the configuration file, set the IgnoreConfigFile scan argument to True.", "keywords": "avm, howto, ci" } , "/en/avm/how-to/scan-with-custom-rule-package": { "id": "521700", "url": "/en/avm/how-to/scan-with-custom-rule-package", "title": "Scan an application using a custom rule package", "description": "", "date": "2020/11/12", "content" : "Lucent Sky AVM has a built-in rule package that will dictate how vulnerabilities are identified and remediated. To alter these behaviors, such as enabling the recognition and utilization of an enterprise security library, a custom rule package must be used. This article describes how to use a custom rule package to scan an application. To learn about creating the content of a custom rule package, contact Lucent Sky support.In this article, you will learn how to: Create the archive file of a rule package. Create a rule package using the Web UI. Edit a rule package using the Web UI. Delete a rule package using the Web UI. Choose a rule package for a new application. Change the rule package for an existing application.At the end, you will be able to create, edit, and delete a rule package using the Web UI, and choose a rule package for an application.Create the archive file of a rule packageThe root directory of a rule package should contain one or more of these directories: BinaryRules, Configurations, Mitigations, SourceCodeRules, and Suppressions. To learn more about creating the content of a custom rule package, contact Lucent Sky support. In File Explorer, navigate to the root directory of the custom rule package you want to upload. Select all directory of the rule package. Right-click the selected directory, choose Send to > Compressed (zipped) folder. Or use your preferred archive program (such as 7-Zip) to create an archive in zip format.Create a rule package using the Web UI Open the Web UI using a browser and sign in with your credentials. Select Settings in the upper-right corner, then select Rule packages on the left. Select Create and upload a new rule package, enter the name of the rule package and choose its framework. Finally, upload the rule package archive file you created previously, then select Create rule package.Edit a rule package using the Web UI Open the Web UI using a browser and sign in with your credentials. Select Settings in the upper-right corner, then select Rule package on the left. On the rule package you want to edit, select Edit. To change the content of the rule package, select Edit with new file under Edit type, then choose the new rule package archive and (optionally) enter the new name of the rule package. To only rename the rule package, select Edit without new file under Edit type, then enter the new name of the rule package. Finally, select Save. Delete a rule package using the Web UI Open the Web UI using a browser and sign in with your credentials. Select Settings in the upper-right corner, then select Rule package on the left. On the rule package you want to edit, select Delete. To delete the rule package, enter yes in the confirmation textbox, then select Delete. Once a rule package has been deleted, all applications using that rule package will use the system's default runtime instead.Choose a rule package for a new application Open the Web UI using a browser and sign in with your credentials. Select New application, enter the name of application and choose its framework, then select More options. In the expanded options, choose the appropriate rule package in the Rule package drop-down list, then select Create to create the application.Change the rule package for an existing application Open the Web UI using a browser and sign in with your credentials. On the application you want to modify, select Edit, then select More options. In the expanded options, choose the appropriate rule package in the Rule package drop-down list, then select Save to create the application. Note that this modification only affect future scans of this application and does not impact previous scans.", "keywords": "avm, howto, interface, webui" } , "/en/avm/how-to/scan-with-direct-binary-analysis": { "id": "937519", "url": "/en/avm/how-to/scan-with-direct-binary-analysis", "title": "Scan an application using direct binary analysis", "description": "", "date": "2024/2/29", "content" : "Lucent Sky AVM can directly scan the binary files of .NET and Java applications, with or without the accompanying source code. Using direct binary analysis speeds up scans, and also enable the complete analysis of applications that cannot be built due to various reasons such as missing source code or SDKs.This article describes how to use direct binary analysis to scan .NET and Java applications.In this article, you will learn how to: Build an application in the development environment and package it. Scan an application using direct binary analysis.At the end, you will be able to build, package, and scan an application using direct binary analysis..NETBuild and package the application in the development environment In the development environment, build the application using either MSBuild or Visual Studio. While binary analysis does not require debug symbols, they help the analysis engines generate more meaningful results. To generate debug symbols when using MSBuild, include DebugSymbols=true and DebugType=pdbonly in the build properties. To generate debug symbols when using Visual Studio 2019 or earlier, set Project Properties > Build > Advanced > Debugging information to Pdb-only. To generate debug symbols when using Visual Studio 2022, for .NET or .NET Core projects, set Project Properties > Build > General > Debug symbols to PDB files, current platform; for other projects (such as .NET Framework projects), set Project Properties > Build > Advanced > Debugging information to Pdb-only. If the application uses an ASP.NET web application or web site template, consider publishing the application instead of building it to increase the coverage of binary analysis. To publish an application using Visual Studio 2019 or later, select and hold (or right-click) the application node in Solution Explorer, choose Publish, and then choose to publish to a folder. In publish settings, click Show all settings, expand File Publish Options, select Precompile during publishing, and then click Configure. In the Advanced Precompile Settings dialog, unselect Allow precompiled site to be updatable select Emit debug information, and then select Save. Finally, select Publish to publish the application to a folder. To publish an application using Visual Studio 2017 or earlier, select and hold (or right-click) the application node in Solution Explorer, and then choose Publish. In publish settings, select the Settings tab, expand File Publish Options, select Precompile during publishing, and then click Configure. In the Advanced Precompile Settings dialog, unselect Allow precompiled site to be updatable select Emit debug information, and then select Save. Finally, select Publish to publish the application to a folder. To publish an application using the ASP.NET Compilation Tool, open Developer PowerShell for Visual Studio, and enter aspnet_compiler.exe -p "C:sourcewebsite" -v / -f "C:published", where C:sourcewebsite is the root directory of the application, and C:published is an arbitrary location to store the published application. To learn more about publishing an ASP.NET web app, view the following article on the Microsoft Learn website: Quickstart: Publish an ASP.NET web app After the build is completed, note the path to the primary build artifact (a .dll or .exe file) relative to the root of the project. If the build artifact is outside of the project root, copy the artifact to a directory under the project root. For web site projects, any of the App_*.dll file (such as App_Code.dll) can be used as the primary build artifact. Create a .zip archive file at the root of the project, without the base directory. The archive should include the project file (a .*proj file), the source code used to build the project, and all build artifacts. Scan an application using direct binary analysis Use the Web UI or CLI to create a scan. Specify the relative path to the primary build artifact in the source code archive in the Analysis Target field. For example, if the primary build artifact is binContoso.Web.dll, set Analysis Target to binContoso.Web.dll. Multiple DLL and EXE files can be set as analysis targets by specifying their relative paths in the Analysis Target field, separated by commas. For example, ApibinDebugApi.dll,WebbinWeb.dll.JavaBuild and package the application in the development environment In the development environment, build the application using its build tool such as Ant, Gradle, Maven, or sbt. While binary analysis does not require debug symbols, they help the analysis engines generate more meaningful results. To generate debug symbols when using Ant, set the <javac> tag's debug attribute to true and the debuglevel attribute to source,lines,vars in build.xml. To generate debug symbols when using Maven, set the value of <debug> to true the value of <debuglevel> tag to source,lines,vars` in pom.xml, or do not include these two tags in pom.xml. To generate debug symbols using another build tool, make sure the -g argument for javac is not set, or set to source,lines,vars. If the application is a web application and can be opened in Eclipse, follow these steps to export a .war file containing .class and .java files: In the Project Explorer window, select and hold (or right-click) the project and select Export. Check Export source files, then select a name for the project and a destination to save the exported file. If the application is a web application and uses Ant, follow these steps to generate a .war file containing .class and .java files: At the command prompt, navigate to the directory containing the top-level build.xml file of the project. Use a text editor to open the top-level build.xml file. Make sure it contains a <target> element that has a war task that resembles the following: <target name="war"> <war destfile="${dist.path}/webapp.war" webxml="${webapp.path}/WEB-INF/generated_web.xml"> <fileset dir="${webapp.path}"> <exclude name="*.jsp"/> <exclude name="WEB-INF/generated_web.xml"/> <exclude name="WEB-INF/web.xml"/> </fileset> </war> </target> If the project contains JSP files, including JSP compilation during build can increase scan coverage of JSP files. If Lucent Sky AVM encountered compiled JSP bytecode during binary analysis, it will look for its original files in the classes or build directories under the parent directory of the analysis target, or the WEB-INF directory under the the web app path. To learn more about including JSP compilation for Ant projects, view the following article in the Lucent Sky Knowledge Base: Scan a Java application Enter the following command to export the project as a .war file: ant <WarTaskName> Use the exported .war file as the source code archive when creating a scan. If the application is a web application and uses Maven, follow these steps to generate a .war file containing .class and .java files: At the command prompt, navigate to the directory containing the top-level pom.xml file of the project. Use a text editor to open the top-level pom.xml file. Locate the <packaging> element, and make sure its value is set to war. Locate the <build> element, and make sure it contains a <resources/resource> element that resembles the following: <build> ... <resources> <resource> <directory>${basedir}/src/main/java</directory> </resource> </resources> ... </build> If the project contains JSP files, including JSP compilation during build can increase scan coverage of JSP files. If JSP code are encountered during binary analysis, Lucent Sky AVM will look for their original files in the classes or build directories under the parent directory of the analysis target, or the WEB-INF directory under the the web app path. To learn more about including JSP compilation for Maven projects, view the following article in the Lucent Sky Knowledge Base: Scan a Java application Enter the following command to export the project as a .war file: mvn clean package Use the exported .war file as the source code archive when creating a scan. After the build is completed, note the path to the primary build artifact (such as a .jar file, a .war file, or a classes directory containing one or more .class files) relative to the root of the project. If the build artifact is outside of the project root, copy the artifact to a directory (such as build) under the project root. Create a .zip archive file at the root of the project, without the base directory. The archive should include the project file (such as build.xml or pom.xml), the source code used to build the project, and all build artifacts. If a .war file is used as the source code archive, skip this step. Scan an application using direct binary analysis Use the Web UI or CLI to create a scan. Specify the relative path to the primary build artifact in the source code archive in the Analysis Target field. For example, if the primary build artifact is targetcontoso-web-1.0.0.jar, set Analysis Target to targetcontoso-web-1.0.0.jar; if the primary build artifact is the directory WEB-INFclasses, set Analysis Target to WEB-INFclasses. If the analysis target is a directory, it must contain at least one .class file. Multiple JAR files can be set as analysis targets by specifying their relative paths in the Analysis Target field, separated by commas. For example, apitargetapi-1.0.jar,webtargetweb-1.0.jar. (Optional) Specify the Java source path relative to the base directory (the parent directories of the analysis targets when using direct binary analysis) in the JavaSourcePath scan argument. For example, if the analysis target is maintargetcontoso-web-1.0.0.jar and the Java source path is mainsrcjava, include JavaSourcePath,..srcjava in scan arguments. (Optionally for web applications) Specify the path to the parent directory of the WEB-INF directory relative to the base directory in the WebAppPath scan argument. For example, if the analysis target is maintargetcontoso-web-1.0.0.jar and the WEB-INF directory is mainwebappWEB-INF, include WebAppPath,..webapp in scan arguments.", "keywords": "avm, howto, dotnet, java, jdk" } , "/en/avm/how-to/scan-with-specific-runtime": { "id": "596374", "url": "/en/avm/how-to/scan-with-specific-runtime", "title": "Scan an application with a specific runtime", "description": "", "date": "2024/1/18", "content" : "Lucent Sky AVM supports multiple runtimes (also called application servers), and use the appropriate runtime to scan different applications.Choosing an appropriate runtime allows Lucent Sky AVM to scan an application effectively. Lucent Sky has several common runtimes built-in, such as different versions of .NET and JDK. Users can use these built-in runtimes, or upload a custom runtime (for example, JDK with a specific version of Jboss). Runtime is set at the application level, and new scans will inherit the application's runtime setting.This article describes how to scan an application using a specific runtime.In this article, you will learn how to: Create the archive file of a runtime. Create a runtime using the Web UI. Edit a runtime using the Web UI. Delete a runtime using the Web UI. Choose a runtime for a new application. Change the runtime for an existing application.At the end, you will be able to create, edit, and delete a runtime using the Web UI, and choose a runtime for an application.Create the archive file of a runtime In File Explorer, navigate to the directory containing the libraries of the runtime you want to upload. Custom runtimes are supported on .NET and Java applications. Custom runtimes for JDK may also contain an application server that will be used in the build process. If the runtime only contains library files and not an application server, then all library files to be used (such as .dll, or .jar files) should to be in the root directory. Library files not in the root directory will not be used in the later steps. If the runtime contains an application server that will be used in the build process, the root directory must contains a lib directory with at least one file. Select all library files (such as .dll or .jar files) and directories (such as lib) to include in the custom runtime. Create an archive file with the library files at its root directory.Create a runtime using the Web UI Open the Web UI using a browser and sign in with your credentials. Select Settings in the upper-right corner, then select Runtimes on the left. Select Create and upload a new runtime, then enter the name of the runtime, choose its framework and version. If the runtime contains an application server that will be used in the build process, select Replace built-in. If the runtime requires a specific build tool, enter the build tool. If the framework is .NET, possible values are framework (and its deprecated equivalent managed) and visualstudio; if the framework is Java, possible values are ant, gradle, maven, and sbt. If the runtime requires a specific non-Unicode encoding, enter the encoding. Select the runtime archive file you created previously, then select Create runtime.Edit a runtime using the Web UI Open the Web UI using a browser and sign in with your credentials. Select Settings in the upper-right corner, then select Runtimes on the left. On the runtime you want to edit, select Edit. Update the information in the edit window, then select Save to save the changes. You can also select Cancel or Delete runtime to cancel the change or delete the runtime. Note that only the name of the runtime can be edited. If you want to update the content of the runtime, create a new runtime and edit the applications to use the new runtime.Delete a runtime using the Web UI Open the Web UI using a browser and sign in with your credentials. Select Settings in the upper-right corner, then select Runtimes on the left. On the runtime you want to edit, select Delete. To delete the runtime, enter yes in the confirmation textbox, then select Delete. Once a runtime has been deleted, all applications using that runtime will use the system's default runtime instead.Choose a runtime for a new application Open the Web UI using a browser and sign in with your credentials. Select New application, enter the name of application and choose its framework, then select More options. In the expanded options, choose the appropriate runtime in the Runtime drop-down list, then select Create to create the application.Change the runtime of an existing application Open the Web UI using a browser and sign in with your credentials. On the application you want to modify, select Edit, then select More options. In the expanded options, choose the appropriate runtime in the Runtime drop-down list, then select Save to create the application. Note that this modification only affect future scans of this application and does not impact previous scans.", "keywords": "avm, howto" } , "/en/avm/troubleshoot/scan": { "id": "738036", "url": "/en/avm/troubleshoot/scan", "title": "Troubleshoot scan errors", "description": "", "date": "2023/3/14", "content" : "Scanning an application to identify and remediate vulnerabilities is a complex process. It involves building the application, analyzing the source code and binary files to identify vulnerabilities, remediating those vulnerabilities, and generating the remediated, secure source code.This article explains the errors that might occur during different stages of a scan, and how to resolve them.Issues that might occur during the Preparing Analysis stage The scan is stuck between 40% and 60% of the Preparing Analysis stage If dependency analysis is enabled and real-time intelligence is set to basic or advanced, online services are used to discover the dependencies used by an application. If the scan is stuck between 40% and 60% of the Preparing Analysis stage for an extended period of time, the online services might be experiencing issues. Try setting real-time intelligence to off or disabling dependency analysis to see if the scan progresses. The scan is stuck between 60% and 90% of the Preparing Analysis stage Before analyzing the application, Lucent Sky AVM scans source code files and libraries to understand the application's structure, size, and detect encoding of source code files. If the application has a large amount of source code, it might take a long time to detect source code encoding. If all source code files have the same encoding, specifying its encoding in scan arguments (such as Encoding,Utf8) can reduce the amount of time required for this stage. Issues that might occur during the Building stage The scan failed due to Ant errors To resolve Ant errors, view the following article in the Lucent Sky Knowledge Base:Troubleshoot Ant errors The scan failed due to ASP.NET compilation errors To resolve ASP.NET compilation errors, view the following article in the Lucent Sky Knowledge Base:Troubleshoot ASP.NET compilation errors The scan failed due to Maven errors To resolve Maven errors, view the following article in the Lucent Sky Knowledge Base:Troubleshoot Maven errors The scan failed due to MSBuild errors To resolve Ant errors, view the following article in the Lucent Sky Knowledge Base:Troubleshoot MSBuild errors The scan failed due to IL generation errors To resolve IL generation errors, view the following article in the Lucent Sky Knowledge Base:Lucent Sky AVM scan result code The scan failed due to other errors during the Build stage The application might not be in a project structure supported by Lucent Sky AVM. To learn more about how to prepare an application for scanning, view the following article in the Lucent Sky Knowledge Base:Prepare an application for scanning In addition to resolving build errors, another approach is using direct binary analysis to scan .NET and Java applications without building them on Lucent Sky AVM. To learn more about how to use direct binary analysis, view the following article in the Lucent Sky Knowledge Base:Scan an application using direct binary analysisIssues that might occur during the Analysis stagesTo resolve issues occurred during the Analysis stages (S-1 to S-5), view the following article in the Lucent Sky Knowledge Base:Lucent Sky AVM scan result codeIssues with the remediated source code References are missing when building remediated source code Lucent Sky AVM utilizes the Application Protection Library (APL) to remediate some vulnerabilities. Build errors might occur if APL is not referenced by the project. To learn more about how to use APL in an application, view the following article in the Lucent Sky Knowledge Base:Using Application Protection Library in an application Syntax errors occurred when building remediated source code Although extremely rare, errors might occur when placing Instant Fixes into the original source code, resulting in syntax errors during compilation. The resulted syntax error is usually very visible. Follow the syntax rules of the specific language to modify the Instant Fix to resolve the syntax error. Errors about invalid byte order marks (BOM) occurred when building remediated source code Remediated source code files generated by Lucent Sky AVM follows its original encoding. An exception to this rule is UTF-8 files: when the original encoding of a file is UTF-8 without BOM, the modified file will use UTF-8 with BOM as its encoding. Some compilers require UTF-8 files to be without BOM, and will throw invalid BOM errors when encountering UTF-8 files with BOM. To make Lucent Sky AVM generate UTF-8 files without BOM, change the value of Utf8EmitBom to false in CLEAR Engine configurations. Errors about an invalid character occurred when building remediated source code A common cause to this error is due to incorrect encoding. If an encoding was specified in scan arguments, make sure the encoding is correct. Additionally, CLEAR Engine uses CR LF line endings in remediated source code files. While most build tools and compilers can handle different line endings, some of them might only accept line endings that are the same as the operating system's. On Unix-like systems, use commands such as dos2unix, tr, or sed to convert the line endings of remediated source code files from CR LF to LF. ", "keywords": "avm, troubleshoot, dotnet, android, asp, cpp, ios, go, java, php, python, ruby, visualbasic" } , "/en/search": { "id": "", "url": "/en/search", "title": "", "description": "", "date": "", "content" : " Lucent Sky Docs  |   Docs follow us      status  |  blog  |  news center Hello from California © 2026 Lucent Sky ", "keywords": "" } , "/en/avm/compliance/security-standards-and-vulnerability-lists": { "id": "939997", "url": "/en/avm/compliance/security-standards-and-vulnerability-lists", "title": "Security standards and vulnerability lists supported by Lucent Sky AVM", "description": "", "date": "2026/01/28", "content" : "This article describes how Lucent Sky AVM categorizes vulnerabilities, as well as the security standards and vulnerability lists supported by different versions of Lucent Sky AVM.## How Lucent Sky AVM categorizes vulnerabilitiesLucent Sky AVM uses CWE IDs as the primary categorization mechanism. CWE uses a cascading categorization scheme, meaning that some vulnerabilities can be categorized under more than one CWE IDs. For such vulnerabilities, the Lucent Sky team works with external experts and stakeholders in deciding which CWE ID should be used. The goal is to use the CWE IDs with identifiable and unique definitions (for example, choosing *CWE-201: Information Exposure Through Sent Data* over *CWE-200: Exposure of Sensitive Information to an Unauthorized Actor*), while avoiding cluttering the scan results with many different but similar CWE IDs (for example, choosing *CWE-22: Path Traversal* over *CWE-32: Path Traversal: '...' (Triple Dot)*). ## Supported security standards and vulnerability listsThis table denotes the security standards and vulnerability lists included in the *Built-in* rule package of Lucent Sky AVM. | Standard[1](#footnote-1) | Version | Lucent Sky AVM versions[2](#footnote-2) ||-|-|-|| CVE | | All || CVSS | 3.1 | All || CWE[3](#footnote-3) | 4.19.1 | All || CWE Top 25| 2025 | 2512 || | 2024 | All || | 2023 | All || | 2022 | All || | 2021 | All || | 2020 | All || | 2019 | All || CWE/SANS Top 25 | 3.0 | All || HIPAA[4](#footnote-4) | | All || MISRA C[4](#footnote-4) | 2004 | All || | 2012 | All || MISRA C++[4](#footnote-4) | 2008 | All || OWASP API Security Top 10 | 2023 | 2512 || | 2019 | All || OWASP ASVS | 4.0 | All || OWASP Mobile Top 10 | 2024 | All || | 2016 | All || | 2014 | All || OWASP Top 10 | 2025 | 2512 || | 2021 | All || | 2017 | All || | 2013 | All || | 2010 | All || PCI DSS[5](#footnote-5) | 4.0.1 | All |----1.Most of the security standards and vulnerability lists include vulnerabilities beyond the scope of static code analysis. The inclusion of a specific standard or a list does not indicate the support of all vulnerabilities included in the standard or list. For more information about how Lucent Sky AVM can help organizations meet the requirements of these standards, contact Lucent Sky support.2.Only includes supported Lucent Sky AVM versions (current as of the last revision date of this article). Also, only the then-current versions of certain security standards and vulnerability lists (such as CWE and CVSS) are supported by a specific version of Lucent Sky AVM. For the security standards, vulnerability lists, and their versions supported by a specific version of Lucent Sky AVM, contact Lucent Sky support.3.For a list of CWE vulnerability categories supported by Lucent Sky AVM, view the following article in the Lucent Sky Knowledge Base: [List of vulnerability categories supported by Lucent Sky AVM](vulnerability-categories-list).4.The *Built-in* rule package includes vulnerability categories that cover guidelines and rules in these standards, but these standards are not available as a predefined weakness policies group.5.To learn more about Lucent Sky AVM and PCI DSS compliance, view the following article in the Lucent Sky Knowledge Base: [Lucent Sky AVM for PCI DSS Compliance](pci-compliance).", "keywords": "avm, compliance, list, asvs, cve, cvss, cwe, hippa, misra, owasp, pcidss, sans" } , "/en/avm/how-to/setup-multi-factor-authentication": { "id": "257747", "url": "/en/avm/how-to/setup-multi-factor-authentication", "title": "Setup multi-factor authentication", "description": "", "date": "2025/7/1", "content" : "Lucent Sky AVM supports the use of TOTP MFA (time-based one time password multi-factor authentication) for local accounts, providing a convenient way of enhancing account security.In this article, you will learn how to:- Enable, reset, or disable multi-factor authentication for the current user.- Enable or disable multi-factor authentication for a specific user.- Enable or disable system-wide multi-factor authentication settings.At the end, you will be able to configure multi-factor authentication for your own account and other accounts, and manage multi-factor authentication on the system.## Enable, reset, or disable multi-factor authentication for the current userFollow these steps to enable multi-factor authentication for the current user:1. On the Web UI, navigate to **Settings** > **Account**, then select **Enable MFA**. You will be automatically signed out. If you don't see the **Enable MFA** command, multi-factor authentication is disabled on the system and cannot be enabled.1. Sign in normally, and the Web UI will display a QR code for setting up multi-factor authentication. Use a compatible authenticator app, such as Apple Passwords (iOS) or Microsoft Authenticator (Android, iOS), to scan the QR code and set up multi-factor authentication. 1. If you are unable to scan the QR code, select **Enter code manually** and enter the **Secret key** in your authenticator app.1. Confirm you have set up multi-factor authentication correctly by entering the token generated by your authenticator app.Follow these steps to reset multi-factor authentication for the current user:1. On the Web UI, navigate to **Settings** > **Account**, then select **Reset MFA**. You will be automatically signed out.1. Sign in normally, and the Web UI will display a QR code for setting up multi-factor authentication. Use a compatible authenticator app, such as Apple Passwords (iOS) or Microsoft Authenticator (Android, iOS), to scan the QR code and set up multi-factor authentication. 1. If you are unable to scan the QR code, select **Enter code manually** and enter the **Secret key** in your authenticator app.1. Confirm you have set up multi-factor authentication correctly by entering the token generated by your authenticator app.Follow these steps to disable multi-factor authentication for the current user:1. On the Web UI, navigate to **Settings** > **Account**, then select **Disable MFA**. Multi-factor authentication will be disabled on your account and you will be automatically signed out. If you don't see the **Disable MFA** command, multi-factor authentication is enforced on the system and cannot be disabled.## Enable, reset, or disable multi-factor authentication for a specific userUsers with Full Access permission to the User API interface can enable, reset, or disable multi-factor authentication for other users.Follow these steps to enable multi-factor authentication for a specific user:1. On the Web UI, navigate to **Settings** > **Users**, then select the **Edit** icon of the user to eanble multi-factor authentication for.1. Select the **Multi-factor Authenticaiton** checkbox, then select **Save**.1. Multi-factor authentication for the user has been enabled, and they will be required to setup multi-factor authentication the next time they sign in using the Web UI.Follow these steps to reset multi-factor authentication for a specific user:1. On the Web UI, navigate to **Settings** > **Users**, then select the **Edit** icon of the user to reset multi-factor authentication for.1. Unselect the **Multi-factor Authenticaiton** checkbox, then select **Save**.1. select the **Edit** icon of the user again.1. Select the **Multi-factor Authenticaiton** checkbox, then select **Save**.1. Multi-factor authenticaiton for the user has been reset, and they will be required to setup multi-factor authentication again the next time they sign in using the Web UI.Follow these steps to disable multi-factor authentication for a specific user:1. On the Web UI, navigate to **Settings** > **Users**, then select the **Edit** icon of the user to reset multi-factor authentication for.1. Unselect the **Multi-factor Authenticaiton** checkbox, then select **Save**.1. Multi-factor authentication for the user has been disabled.## Enable or disable system-wide multi-factor authentication settingsIn its default configuration, multi-factor authentication are enabled but not enforced. In this configuration, users can enable multi-factor authentication on their own but are not required to do so. Follow these steps to change the default configuration:1. Open PowerShell as administrator and enter the following command to open the CLEAR Engine storage configuration file with the default text editor: ```powershell (Select-Xml -Path "C:Program FilesLucent SkyCLEAR EngineSkyAnalyzer.config" -XPath "skyAnalyzer").Node.File | Invoke-Item ```1. Locate the **MultiFactorAuthentication** key. The default value is *empty*, which enable multi-factor authentication.1. To enforce multi-factor authentication for all users, set its value to **true**. Every user will be required to set up multi-factor authentication the next time they sign in.1. To disable multi-factor authentication for all users, set its value to **false**. Multi-factor authentication will be disabled for all users.1. Enter the following command in PowerShell to restart CLEAR Engine for the changes to take effect. Repeat this on every instance in the cluster: ```powershell Stop-Service "CLEAR Engine"; Start-Service "CLEAR Engine" ```Disabling system-wide multi-factor authentication does not clear the per-user multi-factor authentication secret key. If system-wide multi-factor authentication is enabled again, users can use their existing authenticator apps to sign in.", "keywords": "avm, howto, interface, webui, mfa, multifactorauthentication" } , "/en/avm/troubleshoot/source-code-upload": { "id": "875218", "url": "/en/avm/troubleshoot/source-code-upload", "title": "Troubleshoot source code upload errors", "description": "", "date": "2024/7/3", "content" : "## SymptomsAfter uploading the source code archive using the Lucent Sky AVM Web UI or CLI, you receive an error message.## CauseVarious reasons can cause source code archive upload to fail. This article describes common causes and solutions to source code archive upload errors.## Resolution- After uploading the source code archive, you receive one of the following error messages: An unspecified error occurred while extracting the archive file. An unspecified I/O error has occurred. ARCHIVE_UNSPECIFIED_ERROR This problem occurs when CLEAR Engine encountered an error extracting the source code archive. A common cause is invalid characters in the path of files in the archive file. CLEAR Engine uses .NET Framework Compression API to extract archive files in Zip format. Follow these steps to identify the underlying error that occurred while extracting the source code archive: 1. On the CLEAR Engine instance, open PowerShell as administrator. 1. Enter the following command: ```powershell # Replace with path to the source code archive $sourceCodePath = "" # Replace with path to a temporary directory $tempDirectoryPath = "" Import-Module C:WindowsMicrosoft.NETFramework64v4.0.30319System.IO.Compression.FileSystem.dll; [System.IO.Compression.ZipFile]::ExtractToDirectory("$sourceCodePath", "$tempDirectoryPath") ``` 1. If an exception occurred, the source code archive is incompatible with .NET Framework Compression API. Follow the exception message to resolve the error. Using a 3rd-party program (such as 7-Zip) to extract and recreate the source code archive might also resolve the error. CLEAR Engine uses 7-Zip to extract archive files in other formats. Use the **Teat archive** function in 7-Zip to verify the integrity of the source code archive file.- After uploading the source code archive, you receive the following error message: Maximum request length exceeded. This problem occurs when the uploaded source code archive exceeded the maximum size allowed by CLEAR Engine. By default, Web UI allows a maximum size of 1 GB when uploading the source code archive. This limit can be extended to 2 GB. Follow these steps to increase the limit: - Web UI 1. Open C:Program FilesLucent SkyCLEAR Webweb.config with a text editor. 1. Locate the `` node in the `` section, and change the value of the `maxRequestLength` attribute to `2097152`. 1. Locate the the `` node in the `` section, and change the value of the `maxAllowedContentLength` attribute to `2147483648`. - The CLI already allows the maximum upload size of 2 GB.- After uploading the source code archive, you receive the following error message: The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters. This problem occurs when the path of some files in the source code archive is too long. On systems running Windows Server 2016 (OS Build 14393) and later, enabling long path support will remove this limit. To learn about how to enable long path support, view the following article in the Lucent Sky Knowledge Base: [Administration of Lucent Sky AVM CLI]({{ site.baseurl }}/en/avm/admin-guides/clear-engine-and-web-ui) On systems running on an earlier version of Windows, a workaround exists that extends the path length limit to around 190 characters. Applying this workaround will prevent CLEAR Engine from generating reports and remediated source code of previous scans. Follow these steps to apply the workaround: 1. Create a directory with a short name in the root of a disk volume, such as _C:CLEAR_. Make sure the **LocalSystem** account has full control permission to the directory and the **NetworkService** account has write permission to the directory. 1. Open _C:Program FilesLucent SkyCLEAR EngineSkyAnalyzer.config_ using a text editor. 1. Locate the `` node in the `` section, and change its value to **C:CLEAR**, where _C:CLEAR_ is the directory you created in a previous step. 1. Open PowerShell as administrator, enter the following command to restart CLEAR Engine: ```powershell Stop-Service "CLEAR Engine"; Start-Service "CLEAR Engine" ```- After uploading the source code archive, you receive the following error message: The source code archive contains entries with invalid characters. This problem occurs when the path of some files in the source code archive contains characters that are invalid for files and directories on Windows. In addition, this error might also occur when CLEAR Engine was unable to locate the MSVC runtime libraries.", "keywords": "avm, troubleshoot, webui, cli" } , "/en/avm/how-to/suppress-result": { "id": "507268", "url": "/en/avm/how-to/suppress-result", "title": "Suppress results from appearing in future scans", "description": "", "date": "2024/1/22", "content" : "Lucent Sky AVM uses a suppression mechanism to prevent unwanted results from appearing in future scans. This is useful when creating custom rules for those results is not feasible or undesirable. This article describes how to create a suppression rule to suppress a result from appearing in future scans.In this article, you will learn how to:- Create a suppression rule and add it to a rule package.At the end, you will be able to suppress results so they stop appearing in future scans.## Creating a suppression rule1. Create a directory with an arbitrary name, such as _Rule Package Foo_. Then, create a _Suppressions_ directory under it.1. Create a _Suppression.xml_ file in the _Suppressions_ directory created in the previous step.1. Insert the following to the XML file created in the previous step: ``` xml ```1. The suppression signature for a result is available on the Web UI and the verbose HTML report. - Obtain the suppression signature of a single result using the Web UI: 1. Navigate to the details page of the result to suppress. 1. Select **Suppress** on the Action Bar. 1. Select the textbox and copy the suppression signature. - Obtain the suppression signature of all hidden results using the Web UI: 1. Navigate to the details page of the scan. 1. Select **Bulk Suppress** on the Action Bar. 1. Select the textbox and copy the suppression signature. - Obtain the signature in the verbose HTML report: 1. Locate the result to suppress. 1. Select the suppression signature at the end of the result and copy its content. The suppression signature should look similar to the following sample: ``` xml ``` or the following for a hidden result: ``` xml ```1. Insert the suppression signature before the `` end tag in _Suppression.xml_.Suppression rules can only be used with a custom rule package. The built-in rule package does not support the use of suppression rules. To learn how to deploy a custom rule package, view the following article in the Lucent Sky Knowledge Base: [Scan an application using a custom rule package]({{ site.baseurl }}/en/avm/how-to/scan-with-custom-rule-package)", "keywords": "avm, howto, interface, webui, suppression" } , "/en/avm/troubleshoot/unexpected-error": { "id": "225878", "url": "/en/avm/troubleshoot/unexpected-error", "title": "Common unexpected errors", "description": "", "date": "2024/7/5", "content" : "## Symptoms When you scan an application in Lucent Sky AVM, the scan fails with the following errors: An unexpected error occurred. Contact Lucent Sky support. (-89999990)Depending on the underlying error, the error code in the message (_-89999990_) might start with a different number, but it always ends with _9999990_.## CauseAn unexpected error occurs when CLEAR Engine detected that its system configurations or parameters are out of the expected ranges. It fails the scan to protect system and data integrity.## ResolutionWhen an unexpected error occurred during a scan, its scan logs will contain one or more correlation IDs. The logs will contain entries similar to the following: An unexpected error occurred. The correlation ID is '30bb0b29-57dc-450f-95c0-5ed4ea821dae'. The entry might also contain additional information to help you identify the cause of the unexpected error. More information might also be available on Lucent Sky Docs by [searching](/en/search) for the correlation ID. If you are unable to identify or resolve the unexpected error, contact Lucent Sky support.", "keywords": "avm, troubleshoot" } , "/en/avm/how-to/using-application-protection-library": { "id": "727444", "url": "/en/avm/how-to/using-application-protection-library", "title": "Using Application Protection Library in an application", "description": "", "date": "2024/1/22", "content" : "This article describes how to use Application Protection Library (APL) in an application.## .NETIn most situations, MSBuild and Visual Studio automatically detect and add referenced libraries to .NET projects. If APL needs to be manually added as a reference, follow these steps to add APL as a reference to a .NET project:1. Obtain APL - When generating the remediated source code archive, Lucent Sky AVM will attempt to add _ApplicationProtectionLibrary.dll_ in the _bin_ directory of the application. - Lucent Sky AVM CLI can download APL from CLEAR Engine. For example: ```powershell # Replace with path to download the APL $aplPath = "" ./SkyAnalyzer.Interface.Cli --Interface Maintenance --Method DownloadApl --Framework "DotNet" --AplPath "$aplPath" ``` - Alternatively, APL can be located in _C:Program FilesLucent SkyCLEAR EngineResourcesApplicationProtectionLibrary.dll_ on a server running CLEAR Engine. 1. Add APL in the reference list - **MSBuild** - open the project file (_.*proj_) of the project, create a new `` section with the path to _ApplicationProtectionLibrary.dll_ as the value of its `` tag. For example: ```xml binApplicationProtectionLibrary.dll ``` - **Visual Studio** - select and hold (or right-click) the project node and select **Add** > **Reference**. In Reference Manager, select **Browse**, locate _ApplicationProtectionLibrary.dll_, then select **OK**## ECMAScriptTo use APL in ECMAScript, include a reference to the ApplicationProtectionLibrary.js file.1. Obtain APL - Lucent Sky AVM CLI can download APL from CLEAR Engine. For example: ```powershell # Replace with path to download the APL $aplPath = "" ./SkyAnalyzer.Interface.Cli --Interface Maintenance --Method DownloadApl --Framework "StaticWeb" --AplPath "$aplPath" ``` _ApplicationProtectionLibrary.js_ is included when downloading the APL for any framework that supports ECMAScript, not just the static web framework. - APL can be located in _C:Program FilesLucent SkyCLEAR EngineResourcesApplicationProtectionLibrary.js_ on a server running CLEAR Engine.1. Add reference to APL - To use APL in browsers, APL can be loaded using the HTML script tag, ECMAScript module, or other methods. - To use APL in Node.js, APL can be loaded using ECMAScript module.## JavaWhile some build tools detect and add required dependencies automatically, some build tools (such as Maven) requires dependencies to be explicitly added. Follow these steps to add APL as a dependency to a Ant or Maven project: 1. Obtain APL - When generating the remediated source code archive, Lucent Sky AVM will attempt to add _ApplicationProtectionLibrary.jar_ in the _lib_ directory of the application. - Lucent Sky AVM CLI can download APL from CLEAR Engine. For example: ```powershell # Replace with path to download the APL $aplPath = "" ./SkyAnalyzer.Interface.Cli --Interface Maintenance --Method DownloadApl --Framework "Java" --AplPath "$aplPath" ``` - Alternatively, APL can be located in _C:Program FilesLucent SkyCLEAR EngineResourcesApplicationProtectionLibrary.jar_ on a server running CLEAR Engine. 1. Add APL in the dependency list - **Apache Ant** - open the _build.xml_ in the root of the project, and add the path to _ApplicationProtectionLibrary.jar_ in the `` section. For example: ```xml ``` - **Apache Maven** - open the _pom.xml_ in the root of the project, create a new `` section with the path to _ApplicationProtectionLibrary.jar_ as the value of its `` tag. For example: ```xml com.lucentsky.security.application com.lucentsky.security.application 1.0 jar system ${project.basedir}/WEB-INF/lib/ApplicationProtectionLibrary.jar ```## PHPTo use APL in a PHP application, it is recommended to reference _ApplicationProtectionLibrary.php_ using a _.htaccess_ file. This will automatically reference APL in all PHP files. Alternatively, each PHP file that uses APL can reference _ApplicationProtectionLibrary.php_ individually.1. Obtain APL - When generating the remediated source code archive, Lucent Sky AVM will attempt to add _ApplicationProtectionLibrary.php_ in the root directory of the application. - Lucent Sky AVM CLI can download APL from CLEAR Engine. For example: ```powershell # Replace with path to download the APL $aplPath = "" ./SkyAnalyzer.Interface.Cli --Interface Maintenance --Method DownloadApl --Framework "Php" --AplPath "$aplPath" ``` - Alternatively, APL can be located in _C:Program FilesLucent SkyCLEAR EngineResourcesApplicationProtectionLibrary.php_ on a server running CLEAR Engine.1. Add reference to APL - Add reference to APL with .htaccess 1. Create a .htaccess file under the root directory of the PHP application, or open the existing _.htaccess_. 1. Add the following line to _.htaccess_: ```php php_value auto_prepend_file "/ApplicationProtectionLibrary.php" ``` - Add reference to APL in an individual PHP file 1. Open a PHP file that need to reference APL, and insert the following at the beginning of the file: ```php ```", "keywords": "avm, howto, dotnet, ecmascript, java, php" } , "/en/avm/admin-guides/visual-studio-code": { "id": "232484", "url": "/en/avm/admin-guides/visual-studio-code", "title": "Administration guide to Lucent Sky AVM for Visual Studio Code", "description": "", "date": "2026/02/10", "content" : "This article covers the installation, configuration, removal of Lucent Sky AVM for Visual Studio Code.In this article, you will learn how to:- Install Lucent Sky AVM for Visual Studio Code- Uninstall Lucent Sky AVM for Visual Studio CodeAt the end, you will be able to install and uninstall Lucent Sky AVM for Visual Studio Code.### System RequirementsProcessor, memory, and hard disk space requirements:- Processor: 1.6 GHz processor- Memory: 2 GB- Hard disk space: 200 MBLucent Sky AVM for Visual Studio Code can be installed with the following versions of Visual Studio Code:- Visual Studio Code 1.74 - 1.109Lucent Sky AVM for Visual Studio Code can be installed on the following operating systems:- Windows (x64)- macOS (Apple silicon and Intel)- Ubuntu (x64)Lucent Sky AVM for Visual Studio Code might also work with Visual Studio Code running on other architectures or other operating systems, or other IDEs based on Code - OSS.## Install Lucent Sky AVM for Visual Studio1. Lucent Sky AVM for Visual Studio Code requires the cross-platform Lucent Sky AVM CLI. Before installing Lucent Sky AVM for Visual Studio, install Lucent Sky AVM CLI. Lucent Sky AVM for Visual Studio Code will attempt to locate Lucent Sky AVM CLI in the following locations: - on Windows - *%LOCALAPPDATA%ProgramsCLEAR CLI* - *%LOCALAPPDATA%Programsclear-cli* - *C:Program FilesLucent SkyCLEAR CLI* - on macOS - *$HOME/Applications/CLEAR CLI* - *$HOME/Applications/clear-cli* - */Applications/CLEAR CLI* - on Ubuntu - *$HOME/clear-cli* - */opt/clear-cli* You can also use the `lucentSkyAvm.CliPath` setting in Visual Studio Code to specify the location of Lucent Sky AVM CLI. To learn more about how to install Lucent Sky AVM CLI, view the following article in the Lucent Sky Knowledge Base:[Administration guide to Lucent Sky AVM CLI]({{ site.baseurl }}/en/avm/admin-guides/cli-core)1. Extract the _.vsix_ file from the Lucent Sky AVM for Visual Studio Code setup package.1. Open Visual Studio Code, open the Command Palette, and select **Extensions: Install from VSIX**.1. Select the _.vsix_ file to install.## Uninstall Lucent Sky AVM for Visual Studio Code1. In Visual Studio Code, open the menu bar, select **Extensions** on the Activity Bar.1. Select **Lucent Sky AVM for Visual Studio Code**, then select **Uninstall**.", "keywords": "avm, guide, administration, visualstudiocode, vscode, vsix" } , "/en/avm/get-started/visual-studio-code": { "id": "236537", "url": "/en/avm/get-started/visual-studio-code", "title": "Get started with Lucent Sky AVM for Visual Studio Code", "description": "", "date": "2024/9/5", "content" : "Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.In this article, you will learn how to:- Install Lucent Sky AVM for Visual Studio Code- Scan an application- Review the identified result and their Instant FixAt the end, you will be able to use Lucent Sky AVM for Visual Studio Code to scan projects, review scan results, and apply Instant Fixes to remediate vulnerabilities automatically.### Prerequisites- **Visual Studio Code** - This article uses Visual Studio Code 1.91, but Lucent Sky AVM for Visual Studio Code can also be used in other supported version of Visual Studio Code.## Install Lucent Sky AVM for Visual Studio CodeTo learn more about the installation and configuration of Lucent Sky AVM for Visual Studio Code, as well as system requirements, view the following article in the Lucent Sky Knowledge Base: [Administration guide to Lucent Sky AVM for Visual Studio Code]({{ site.baseurl }}/en/avm/admin-guides/visual-studio-code)## Create an API key1. Go to the Web UI in your browser, and then sign in with your credentials.1. Go to **Settings** > **Account**, and select **Create a new key**. In the dialog, enter **CLI** as the description of the key, then select **Create Key**.1. Select and copy the generated API key.## Scan a project1. In Visual Studio Code, open the workspace or folder containing the project.1. Open the Command Palette, select **Lucent Sky AVM: Sign In**, and sign in with your Lucent Sky AVM API key.1. To create a new application for the scan, open the Command Palette, select **Lucent Sky AVM: New Application**. Enter the name of the application, select the framework of the application, then review and change its vectors as needed. Then, select **OK** to create the application.1. Open the Command Palette, select **Lucent Sky AVM: Scan**, select the workspace folder containing the project, select the framework of the project, then select an application to use for the scan.1. When the scan is in progress, notifications will display information about its progress.## Review scan results1. Once the scan is completed, the scan results will appear in the **Lucent Sky AVM** window. 1. Expanding a vulnerability category will show all results under that category. Expanding a result will show its **Statements**, **Instant Fix**, and **Suggestion**. Double-click on one of the **Statements** or **Instant Fixes** to open the file in the editor and go to the relevant line of code.1. To apply Instant Fix to a result, select and hold (or right-click) the **Instant Fix** of the result then select **Remediate**.", "keywords": "avm, getstarted, interface, vscode, visualstudiocode, vsix" } , "/en/avm/admin-guides/visual-studio": { "id": "390837", "url": "/en/avm/admin-guides/visual-studio", "title": "Administration guide to Lucent Sky AVM for Visual Studio", "description": "", "date": "2026/02/10", "content" : "This article covers the installation, configuration, removal of Lucent Sky AVM for Visual Studio.In this article, you will learn how to:- Install Lucent Sky AVM for Visual Studio- Uninstall Lucent Sky AVM for Visual StudioAt the end, you will be able to install and uninstall Lucent Sky AVM for Visual Studio.### System RequirementsProcessor, memory, and hard disk space requirements:- Processor: 1.6 GHz processor- Memory: 2 GB- Hard disk space: 200 MBThe 64-bit version of Lucent Sky AVM for Visual Studio requires .NET Framework 4.8 or later, and can be installed with the following versions of Visual Studio:- Visual Studio 2026 Enterprise, Professional, and Community- Visual Studio 2022 Enterprise, Professional, and CommunityThe 32-bit version of Lucent Sky AVM for Visual Studio requires .NET Framework 4.6 or later, and can be installed with the following versions of Visual Studio:- Visual Studio 2019 Enterprise, Professional, and Community- Visual Studio 2017 Enterprise, Professional, and CommunityLucent Sky AVM for Visual Studio might also work with Visual Studio versions that have reached end of support, such as Visual Studio 2012^, Visual Studio 2013^, and Visual Studio 2015^.Lucent Sky AVM for Visual Studio does not support Visual Studio Code, Visual Studio Express, or Visual Studio for Mac.## Install Lucent Sky AVM for Visual Studio1. Lucent Sky AVM for Visual Studio requires the cross-platform Lucent Sky AVM CLI. Before installing Lucent Sky AVM for Visual Studio, install Lucent Sky AVM CLI. Lucent Sky AVM for Visual Studio will attempt to locate Lucent Sky AVM CLI in the following locations: - *%LOCALAPPDATA%ProgramsCLEAR CLI* - *%LOCALAPPDATA%Programsclear-cli* - *C:Program FilesLucent SkyCLEAR CLI* To learn more about how to install Lucent Sky AVM CLI, view the following article in the Lucent Sky Knowledge Base:[Administration guide to Lucent Sky AVM CLI]({{ site.baseurl }}/en/avm/admin-guides/cli-core)1. Close all Visual Studio instances.1. Extract the _.vsix_ files from the Lucent Sky AVM for Visual Studio setup package.1. To install the 64-bit version, run the _.vsix_ file in the _X64_ directory. To install the 32-bit version, run the _.vsix_ file in the _X86_ directory.1. Select the Visual Studio instances to install Lucent Sky AVM for Visual Studio. - If VSIX Installer was unable to locate the desired Visual Studio installation, use the following command to install Lucent Sky AVM for Visual Studio to the specific Visual Studio installation: ```powershell # Replace with the path to VSIXInstaller.exe under the desired Visual Studio installation $vsixInstallerPath = "" # Replace with the path to the .vsix of Lucent Sky AVM for Visual Studio $vsixPath = "" .$vsixInstaller $vsixPath ```## Uninstall Lucent Sky AVM for Visual Studio1. In **Visual Studio**, open the menu bar, select **Tools** > **Extensions and Updates** or **Extensions** > **Manage Extensions**.1. Select **Lucent Sky AVM for Visual Studio**, then select **Uninstall**.1. Repeat these steps for every Visual Studio instance with the Lucent Sky AVM for Visual Studio installed.", "keywords": "avm, guide, administration, visualstudio, vsix" } , "/en/avm/get-started/visual-studio": { "id": "529516", "url": "/en/avm/get-started/visual-studio", "title": "Get started with Lucent Sky AVM for Visual Studio", "description": "", "date": "2024/9/5", "content" : "Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.In this article, you will learn how to:- Install Lucent Sky AVM for Visual Studio- Scan an application- Review the identified result and apply their Instant FixesAt the end, you will be able to use the Lucent Sky AVM for Visual Studio to scan projects, review scan results, and apply Instant Fixes to remediate vulnerabilities automatically.### Prerequisites- **Visual Studio** - This article uses Visual Studio 2022, but the Lucent Sky AVM for Visual Studio can also be used in other supported version of Visual Studio.## Install Lucent Sky AVM for Visual StudioTo learn more about the installation and configuration of Lucent Sky AVM for Visual Studio, as well as system requirements, view the following article in the Lucent Sky Knowledge Base: [Administration guide to Lucent Sky AVM for Visual Studio]({{ site.baseurl }}/en/avm/admin-guides/visual-studio)## Create an API key1. Go to the Web UI in your browser, and then sign in with your credentials.1. Go to **Settings** > **Account**, and select **Create a new key**. In the dialog, enter **CLI** as the description of the key, then select **Create Key**.1. Select and copy the generated API key.## Scan a project1. In Visual Studio, open the solution containing the project.1. In **Solution Explorer**, select and hold (or right-click) the project, and then select **Scan with Lucent Sky AVM**.1. The **New Scan - Lucent Sky AVM** dialog will appear. Select **Sign In**, and sign in with your Lucent Sky AVM API key.1. To create a new application for the scan, select **New Application**. In the **New Application - Lucent Sky AVM** window, enter the name of the application, select its framework, and review and change its vectors, rule package, runtime, and scan arguments as needed. Then, select **Create** to create the application.1. Alternatively, select an existing application in the **New Scan - Lucent Sky AVM** window to use for the scan.1. Review and change the weakness policies, vectors, and scan arguments as needed. Select **Scan** to start the scan.1. The **Lucent Sky AVM** window will appear. When the scan is in progress, the upper right corner will display information about its progress.## Review scan results1. Once the scan is completed, the scan results will appear in the **Lucent Sky AVM** window. 1. Expanding a vulnerability category will show all results under that category. Expanding a result will show its **Statements**, **Instant Fix**, and **Suggestion**. Double-click on one of the **Statements** or **Instant Fixes** to open the file in the editor and go to the relevant line of code.1. To apply Instant Fix to a result, select and hold (or right-click) the **Instant Fix** of the result then select **Remediate**.1. To apply Instant Fixes to all results of the same vulnerability category, select and hold (or right-click) the category then select **Remediate Vulnerabilities**. 1. To apply Instant Fixes to all results, select and hold (or right-click) the top node in the **Lucent Sky AVM** window, then select **Remediate All Vulnerabilities**. 1. To undo the applied Instant Fixes, select **Undo Remediation** in the respected context-click menu.", "keywords": "avm, getstarted, interface, visualstudio, vsix" } , "/en/avm/troubleshoot/visual-studio": { "id": "247734", "url": "/en/avm/troubleshoot/visual-studio", "title": "Troubleshoot Lucent Sky AVM for Visual Studio errors", "description": "", "date": "2024/3/4", "content" : "## Symptoms When you access Lucent Sky AVM for Visual Studio, you receive an error message.## CauseVarious reasons can cause the Lucent Sky AVM for Visual Studio to return an error. This article describes common causes and solutions to Web UI errors.## Resolution- When you access Lucent Sky AVM for Visual Studio, you receive the following error messages: The 'DevExtensionPackage' package did not load correctly. The problem may have been caused by a configuration change or by the installation of another extension. You can get more information by examining the file 'ActivityLog.xml'. And _ActivityLog.xml_ contains the following log entry: SetSite failed for package [DevExtensionPackage]Source: 'SkyAnalyzer.SecondaryInterface.DevExtension.X64' Description: Method not found This issue occurs when Visual Studio assemblies used by Lucent Sky AVM for Visual Studio are not available. Lucent Sky AVM for Visual Studio is built against the latest releases of each supported Visaul Studio versions, so some of the assemblies might not be available locally if the Visual Studio installation is not up to date. Update the local Visual Studio installation to the latest release might resolve this issue.", "keywords": "avm, troubleshoot, interface, visualstudio, vsix" } , "/en/avm/compliance/vulnerability-categories-list": { "id": "685905", "url": "/en/avm/compliance/vulnerability-categories-list", "title": "List of vulnerability categories supported by Lucent Sky AVM", "description": "", "date": "2026/01/28", "content" : "This article describes how Lucent Sky AVM categorizes vulnerabilities, as well as lists the vulnerability categories that can be identified and remediated by Lucent Sky AVM. Some vulnerability categories might not be supported in earlier versions of Lucent Sky AVM.## How Lucent Sky AVM categorizes vulnerabilitiesLucent Sky AVM uses CWE IDs as the primary categorization mechanism. CWE uses a cascading categorization scheme, meaning that some vulnerabilities can be categorized under more than one CWE IDs. For such vulnerabilities, the Lucent Sky team works with external experts and stakeholders in deciding which CWE ID should be used. The goal is to use the CWE IDs with identifiable and unique definitions (for example, choosing *CWE-201: Information Exposure Through Sent Data* over *CWE-200: Exposure of Sensitive Information to an Unauthorized Actor*), while avoiding cluttering the scan results with hundreds of similar CWE IDs (for example, choosing *CWE-22: Path Traversal* over *CWE-32: Path Traversal: '...' (Triple Dot)*).## List of Vulnerability Categories| Name | CWE ID | OWASP Top 10 | OWASP ASVS | PCI DSS | CWE Top 25 | CWE/SANS Top 25 ||-|-|-|-|-|-|-|| J2EE Misconfiguration: Data Transmission Without Encryption | CWE5 | 2004 A10, 2010 A9, 2013 A6, 2014 M3, 2016 M3, 2017 A3, 2021 A2, 2024 M5, 2025 A2, 2025 A4 | L1 | | | * || J2EE Misconfiguration: Insufficient Session-ID Length | CWE6 | 2004 A10, 2025 A4 | | | | || J2EE Misconfiguration: Missing Custom Error Page | CWE7 | 2004 A7, 2004 A10, 2021 A5, 2025 A10 | | | | || J2EE Misconfiguration: Entity Bean Declared Remote | CWE8 | 2004 A10, 2021 A1, 2025 A1 | | | | || J2EE Misconfiguration: Weak Access Permissions for EJB Methods | CWE9 | 2004 A2, 2004 A10, 2021 A4, 2025 A6 | | | | || ASP.NET Misconfiguration: Creating Debug Binary | CWE11 | 2004 A10, 2021 A5, 2025 A2 | | | | || ASP.NET Misconfiguration: Missing Custom Error Page* | CWE12 | 2004 A10, 2021 A5, 2025 A10 | | | | || ASP.NET Misconfiguration: Password in Configuration File | CWE13 | 2004 A10, 2021 A5, 2025 A2 | | | | || Compiler Removal of Code to Clear Buffers | CWE14 | 2004 A8 | | | | || External Control of System or Configuration Setting | CWE15 | 2004 A1, 2014 M8, 2021 A3, 2021 A4, 2021 A5, 2024 M4, 2025 A2, 2025 A5, 2025 A6 | L1 | v4.0.1 6.2.4 | * | * || Improper Input Validation | CWE20 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | CWE22 | 2004 A2, 2007 A4, 2010 A4, 2013 A4, 2017 A5, 2021 A1, 2025 A1 | L1 | v4.0.1 6.2.4 | * | * || Relative Path Traversal | CWE23 | 2004 A2, 2007 A4, 2010 A4, 2013 A4, 2017 A5, 2021 A1, 2025 A1 | L1 | v4.0.1 6.2.4 | * | * || Path Traversal: '../filedir'* | CWE24 | 2021 A1, 2025 A1 | | v4.0.1 6.2.4 | | || Path Traversal: '/../filedir' | CWE25 | 2021 A1, 2025 A1 | | v4.0.1 6.2.4 | | || Path Traversal: '/dir/../filename'* | CWE26 | 2021 A1, 2025 A1 | | v4.0.1 6.2.4 | | || Path Traversal: 'dir/../../filename' | CWE27 | 2021 A1, 2025 A1 | | v4.0.1 6.2.4 | | || Path Traversal: '..filedir' | CWE28 | 2021 A1, 2025 A1 | | v4.0.1 6.2.4 | | || Path Traversal: '..filename' | CWE29 | 2021 A1, 2025 A1 | | v4.0.1 6.2.4 | | || Path Traversal: 'dir..filename'* | CWE30 | 2021 A1, 2025 A1 | | v4.0.1 6.2.4 | | || Path Traversal: 'dir....filename' | CWE31 | 2021 A1, 2025 A1 | | v4.0.1 6.2.4 | | || Path Traversal: '...' (Triple Dot) | CWE32 | 2021 A1, 2025 A1 | | v4.0.1 6.2.4 | | || Path Traversal: '....' (Multiple Dot) | CWE33 | 2021 A1, 2025 A1 | | v4.0.1 6.2.4 | | || Path Traversal: '....//' | CWE34 | 2021 A1, 2025 A1 | | v4.0.1 6.2.4 | | || Path Traversal: '.../...//' | CWE35 | 2021 A1, 2025 A1 | | v4.0.1 6.2.4 | | || Absolute Path Traversal | CWE36 | 2004 A2, 2007 A4, 2010 A4, 2013 A4, 2017 A5, 2021 A1, 2025 A1 | L1 | v4.0.1 6.2.4 | * | * || Path Traversal: '/absolute/pathname/here'* | CWE37 | 2025 A1 | | | | || Path Traversal: 'absolutepathnamehere'* | CWE38 | 2025 A1 | | | | || Path Traversal: 'C:dirname'* | CWE39 | 2025 A1 | | | | || Path Traversal: 'UNCsharename' (Windows UNC Share) | CWE40 | 2025 A1 | | | | || Improper Resolution of Path Equivalence* | CWE41 | 2004 A2, 2010 A4, 2010 A8, 2013 A4, 2021 A1, 2025 A1, 2025 A7 | | | * | * || Path Equivalence: 'filename.' (Trailing Dot)* | CWE42 | 2004 A2 | | | | || Path Equivalence: 'filename....' (Multiple Trailing Dot)* | CWE43 | | | | | || Path Equivalence: 'file.name' (Internal Dot)* | CWE44 | 2004 A2 | | | | || Path Equivalence: 'file...name' (Multiple Internal Dot)* | CWE45 | | | | | || Path Equivalence: 'filename ' (Trailing Space)* | CWE46 | 2004 A2 | | | | || Path Equivalence: ' filename' (Leading Space)* | CWE47 | 2004 A2 | | | | || Path Equivalence: 'file name' (Internal Whitespace)* | CWE48 | 2004 A2 | | | | || Path Equivalence: 'filename/' (Trailing Slash)* | CWE49 | 2004 A2 | | | | || Path Equivalence: '//multiple/leading/slash' | CWE50 | 2004 A2 | | | | || Path Equivalence: '/multiple//internal/slash'* | CWE51 | 2004 A2 | | | | || Path Equivalence: '/multiple/trailing/slash//' | CWE52 | 2004 A2 | | | | || Path Equivalence: 'multipleinternalbackslash' | CWE53 | 2004 A2 | | | | || Path Equivalence: 'filedir' (Trailing Backslash)* | CWE54 | 2004 A2 | | | | || Path Equivalence: '/./' (Single Dot Directory) | CWE55 | 2004 A2 | | | | || Path Equivalence: 'filedir*' (Wildcard) | CWE56 | 2004 A2 | | | | || Path Equivalence: 'fakedir/../realdir/filename' | CWE57 | 2004 A2 | | | | || Path Equivalence: Windows 8.3 Filename | CWE58 | 2004 A2 | | | | || Improper Link Resolution Before File Access ('Link Following')* | CWE59 | 2013 A4, 2021 A1, 2025 A1 | | | | * || UNIX Symbolic Link (Symlink) Following | CWE61 | 2021 A1, 2025 A1 | | | | * || UNIX Hard Link | CWE62 | 2021 A1, 2025 A1 | | | | * || Windows Shortcut Following (.LNK) | CWE64 | 2021 A1, 2025 A1 | | | | * || Windows Hard Link | CWE65 | 2021 A1, 2025 A1 | | | | * || Improper Handling of File Names that Identify Virtual Resources* | CWE66 | 2013 A4, 2021 A1 | | | | || Improper Handling of Windows Device Names | CWE67 | | | | | || Improper Handling of Windows ::DATA Alternate Data Stream | CWE69 | | | | | || DEPRECATED: Apple '.DS_Store' | CWE71 | | | | | || Improper Handling of Apple HFS+ Alternate Data Stream Path | CWE72 | | | | | || External Control of File Name or Path | CWE73 | 2004 A1, 2004 A2, 2014 M8, 2021 A3, 2021 A4, 2024 M4, 2025 A5, 2025 A6 | L1 | v4.0.1 6.2.4 | * | * || Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | CWE74 | 2004 A6, 2013 A1, 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | | || Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) | CWE75 | 2004 A6, 2013 A1, 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | | || Improper Neutralization of Equivalent Special Elements | CWE76 | 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | | || Improper Neutralization of Special Elements used in a Command ('Command Injection') | CWE77 | 2004 A1, 2004 A6, 2007 A2, 2013 A1, 2017 A1, 2019 API8, 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | * | || Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | CWE78 | 2004 A1, 2004 A6, 2007 A2, 2007 A3, 2010 A1, 2013 A1, 2017 A1, 2019 API8, 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | CWE79 | 2004 A1, 2004 A4, 2004 A6, 2007 A1, 2010 A2, 2013 A1, 2013 A3, 2014 M7, 2017 A7, 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | CWE80 | 2004 A1, 2004 A4, 2007 A1, 2010 A2, 2013 A3, 2014 M7, 2017 A7, 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Neutralization of Script in an Error Message Web Page | CWE81 | 2004 A1, 2004 A4, 2007 A1, 2010 A2, 2013 A3, 2014 M7, 2017 A7, 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Neutralization of Script in Attributes of IMG Tags in a Web Page | CWE82 | 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | | || Improper Neutralization of Script in Attributes in a Web Page | CWE83 | 2004 A1, 2004 A4, 2007 A1, 2010 A2, 2013 A3, 2014 M7, 2017 A7, 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Neutralization of Encoded URI Schemes in a Web Page* | CWE84 | 2004 A1, 2004 A4, 2007 A1, 2010 A2, 2013 A3, 2014 M7, 2017 A7, 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Doubled Character XSS Manipulations | CWE85 | 2004 A1, 2004 A4, 2007 A1, 2010 A2, 2013 A3, 2014 M7, 2017 A7, 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Neutralization of Invalid Characters in Identifiers in Web Pages | CWE86 | 2004 A1, 2004 A4, 2007 A1, 2010 A2, 2013 A3, 2014 M7, 2017 A7, 2021 A3, 2025 A5, 2025 A6 | L1 | v4.0.1 6.2.4 | * | * || Improper Neutralization of Alternate XSS Syntax | CWE87 | 2004 A1, 2004 A4, 2007 A1, 2010 A2, 2013 A3, 2014 M7, 2017 A7, 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') | CWE88 | 2004 A1, 2004 A6, 2007 A2, 2010 A1, 2013 A1, 2017 A1, 2019 API8, 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | * | || Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | CWE89 | 2004 A1, 2004 A6, 2007 A2, 2010 A1, 2013 A1, 2014 M7, 2017 A1, 2019 API8, 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') | CWE90 | 2007 A2, 2010 A1, 2013 A1, 2017 A1, 2019 API8, 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | | || XML Injection (aka Blind XPath Injection) | CWE91 | 2004 A6, 2007 A2, 2010 A1, 2013 A1, 2014 M7, 2017 A1, 2019 API8, 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | | || DEPRECATED: Improper Sanitization of Custom Special Characters | CWE92 | | | | | || Improper Neutralization of CRLF Sequences ('CRLF Injection') | CWE93 | 2004 A6, 2007 A2, 2013 A1, 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | | || Improper Control of Generation of Code ('Code Injection') | CWE94 | 2004 A6, 2013 A1, 2021 A1, 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | CWE95 | 2004 A6, 2007 A3, 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | CWE96 | 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Neutralization of Server-Side Includes (SSI) Within a Web Page | CWE97 | 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | | || Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | CWE98 | 2004 A6, 2007 A3, 2010 A4, 2013 A4, 2021 A1, 2021 A3, 2021 A8, 2024 M2, 2025 A5, 2025 A8 | L1 | v4.0.1 6.2.4 | | * || Improper Control of Resource Identifiers ('Resource Injection')* | CWE99 | 2004 A6, 2010 A4, 2013 A1, 2013 A4, 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | | || Struts: Duplicate Validation Forms* | CWE102 | 2004 A1, 2014 M8, 2021 A3, 2021 A4, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Struts: Incomplete validate() Method Definition* | CWE103 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Struts: Form Bean Does Not Extend Validation Class* | CWE104 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Struts: Form Field Without Validator* | CWE105 | 2004 A1, 2014 M8, 2021 A3, 2021 A4, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Struts: Plug-in Framework not in Use | CWE106 | 2004 A1, 2014 M8, 2021 A3, 2021 A4, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Struts: Unused Validation Form* | CWE107 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Struts: Unvalidated Action Form* | CWE108 | 2004 A1, 2014 M8, 2021 A3, 2021 A4, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Struts: Validator Turned Off* | CWE109 | 2004 A1, 2014 M8, 2021 A3, 2021 A4, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Struts: Validator Without Form Field* | CWE110 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Direct Use of Unsafe JNI* | CWE111 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Missing XML Validation* | CWE112 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') | CWE113 | 2004 A1, 2007 A2, 2014 M8, 2021 A3, 2024 M4, 2025 A5, 2025 A6 | L1 | v4.0.1 6.2.4 | * | * || Process Control* | CWE114 | 2004 A1, 2004 A2, 2014 M8, 2021 A3, 2021 A4, 2024 M4, 2025 A5, 2025 A6 | L1 | v4.0.1 6.2.4 | * | * || Misinterpretation of Input* | CWE115 | 2025 A5, 2025 A6 | L2 | | | || Improper Encoding or Escaping of Output* | CWE116 | 2021 A3, 2024 M4, 2025 A5 | L1 | | | * || Improper Output Neutralization for Logs | CWE117 | 2004 A1, 2004 A6, 2014 M8, 2021 A3, 2021 A9, 2024 M4, 2025 A5, 2025 A9 | L1 | v4.0.1 10.3.2, v4.0.1 6.2.4 | * | * || Incorrect Access of Indexable Resource ('Range Error')* | CWE118 | | | | | || Improper Restriction of Operations within the Bounds of a Memory Buffer | CWE119 | 2004 A1, 2004 A5, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | CWE120 | 2004 A1, 2004 A5, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Stack-based Buffer Overflow* | CWE121 | | | v4.0.1 6.2.4 | * | || Heap-based Buffer Overflow* | CWE122 | | | v4.0.1 6.2.4 | * | || Write-what-where Condition* | CWE123 | 2004 A5 | | v4.0.1 6.2.4 | * | * || Buffer Underwrite ('Buffer Underflow')* | CWE124 | | | | * | || Out-of-bounds Read* | CWE125 | 2004 A5 | | v4.0.1 6.2.4 | * | * || Buffer Over-read* | CWE126 | | | | * | || Buffer Under-read* | CWE127 | | | | * | || Wrap-around Error | CWE128 | | | | | * || Improper Validation of Array Index* | CWE129 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Handling of Length Parameter Inconsistency* | CWE130 | 2004 A5 | | v4.0.1 6.2.4 | * | * || Incorrect Calculation of Buffer Size | CWE131 | | | | | * || DEPRECATED: Miscalculated Null Termination* | CWE132 | | | | | || Use of Externally-Controlled Format String | CWE134 | 2004 A1, 2004 A5, 2014 M8, 2021 A1, 2021 A3, 2024 M4, 2025 A1, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Incorrect Calculation of Multi-Byte String Length | CWE135 | | | | | * || Improper Neutralization of Special Elements* | CWE138 | 2021 A3 | L1 | | | || Improper Neutralization of Delimiters* | CWE140 | 2021 A3 | L1 | | | || Improper Neutralization of Parameter/Argument Delimiters* | CWE141 | | | | | || Improper Neutralization of Value Delimiters* | CWE142 | | | | | || Improper Neutralization of Record Delimiters* | CWE143 | | | | | || Improper Neutralization of Line Delimiters* | CWE144 | | | | | || Improper Neutralization of Section Delimiters* | CWE145 | | | | | || Improper Neutralization of Expression/Command Delimiters* | CWE146 | | | | | || Improper Neutralization of Input Terminators* | CWE147 | 2021 A3 | L1 | | | || Improper Neutralization of Input Leaders* | CWE148 | 2021 A3 | L1 | | | || Improper Neutralization of Quoting Syntax* | CWE149 | 2021 A3 | L1 | | | || Improper Neutralization of Escape, Meta, or Control Sequences* | CWE150 | 2021 A3 | L1 | | | || Improper Neutralization of Comment Delimiters* | CWE151 | 2021 A3 | L1 | | | || Improper Neutralization of Macro Symbols* | CWE152 | 2021 A3 | L1 | | | || Improper Neutralization of Substitution Characters* | CWE153 | 2021 A3 | L1 | | | || Improper Neutralization of Variable Name Delimiters* | CWE154 | 2021 A3 | L1 | | | || Improper Neutralization of Wildcards or Matching Symbols* | CWE155 | 2021 A3 | L1 | | | || Improper Neutralization of Whitespace* | CWE156 | 2021 A3 | L1 | | | || Failure to Sanitize Paired Delimiters* | CWE157 | 2021 A3 | L1 | | | || Improper Neutralization of Null Byte or NUL Character | CWE158 | 2021 A3 | L1 | | | || Improper Handling of Invalid Use of Special Elements* | CWE159 | 2021 A3, 2025 A5 | L1 | | | || Improper Neutralization of Leading Special Elements* | CWE160 | 2021 A3 | L1 | | | || Improper Neutralization of Multiple Leading Special Elements* | CWE161 | | | | | || Improper Neutralization of Trailing Special Elements* | CWE162 | 2021 A3 | L1 | | | || Improper Neutralization of Multiple Trailing Special Elements* | CWE163 | | | | | || Improper Neutralization of Internal Special Elements* | CWE164 | 2021 A3 | L1 | | | || Improper Neutralization of Multiple Internal Special Elements* | CWE165 | | | | | || Improper Handling of Missing Special Element* | CWE166 | 2004 A1, 2004 A7, 2025 A5 | L1 | | | || Improper Handling of Additional Special Element* | CWE167 | 2004 A1, 2004 A7, 2025 A5 | L1 | | | || Improper Handling of Inconsistent Special Elements* | CWE168 | 2004 A7, 2025 A5 | L1 | | | || Improper Null Termination | CWE170 | 2004 A1, 2004 A9, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Encoding Error* | CWE172 | | | | | || Improper Handling of Alternate Encoding | CWE173 | | L1 | | | || Double Decoding of the Same Data* | CWE174 | | | | | || Improper Handling of Mixed Encoding* | CWE175 | | | | | || Improper Handling of Unicode Encoding | CWE176 | | L1 | | | || Improper Handling of URL Encoding (Hex Encoding)* | CWE177 | | | | | || Improper Handling of Case Sensitivity* | CWE178 | 2013 A4, 2021 A1 | | | | || Incorrect Behavior Order: Early Validation | CWE179 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Incorrect Behavior Order: Validate Before Canonicalize | CWE180 | 2004 A1 | | | | || Incorrect Behavior Order: Validate Before Filter* | CWE181 | 2004 A1 | | | | || Collapse of Data into Unsafe Value | CWE182 | 2004 A1 | | | | || Permissive List of Allowed Inputs* | CWE183 | 2004 A1, 2021 A4, 2025 A6 | | | | || Incomplete List of Disallowed Inputs* | CWE184 | 2021 A3, 2025 A6 | | | | || Incorrect Regular Expression | CWE185 | | | | | || Overly Restrictive Regular Expression* | CWE186 | | | | | || Partial String Comparison* | CWE187 | | | | | || Reliance on Data/Memory Layout* | CWE188 | | | | | || Integer Overflow or Wraparound | CWE190 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Integer Underflow (Wrap or Wraparound)* | CWE191 | | | | | * || Integer Coercion Error | CWE192 | | | | | * || Off-by-one Error* | CWE193 | | | | | * || Unexpected Sign Extension* | CWE194 | | | | | * || Signed to Unsigned Conversion Error | CWE195 | | | | | * || Unsigned to Signed Conversion Error* | CWE196 | | | | | * || Numeric Truncation Error | CWE197 | | | | | * || Use of Incorrect Byte Ordering* | CWE198 | | | | | || Exposure of Sensitive Information to an Unauthorized Actor | CWE200 | 2007 A6, 2021 A1, 2024 M6, 2025 A1 | L1 | | * | || Insertion of Sensitive Information Into Sent Data* | CWE201 | 2007 A6, 2021 A1, 2024 M6, 2025 A1 | L1 | | * | || Exposure of Sensitive Information Through Data Queries* | CWE202 | | | | | || Observable Discrepancy | CWE203 | 2004 A7, 2007 A6, 2021 A1, 2024 M6, 2025 A1 | L1 | | * | || Observable Response Discrepancy* | CWE204 | 2004 A7, 2007 A6 | | | | || Observable Behavioral Discrepancy* | CWE205 | 2004 A7, 2007 A6 | | | | || Observable Internal Behavioral Discrepancy* | CWE206 | | | | | || Observable Behavioral Discrepancy With Equivalent Products* | CWE207 | | | | | || Observable Timing Discrepancy* | CWE208 | 2004 A7, 2007 A6 | | | | || Generation of Error Message Containing Sensitive Information | CWE209 | 2004 A7, 2004 A10, 2007 A6, 2010 A6, 2013 A5, 2017 A6, 2021 A1, 2021 A4, 2024 M6, 2025 A1, 2025 A10 | L1 | | * | * || Self-generated Error Message Containing Sensitive Information* | CWE210 | 2004 A7, 2004 A10, 2007 A6, 2010 A6, 2013 A5, 2017 A6, 2021 A4, 2025 A10 | L1 | | | * || Externally-Generated Error Message Containing Sensitive Information | CWE211 | 2004 A7, 2004 A10, 2007 A6, 2010 A6, 2013 A5, 2017 A6, 2021 A4, 2025 A10 | | | | * || Improper Removal of Sensitive Information Before Storage or Transfer | CWE212 | | L1 | | | * || Exposure of Sensitive Information Due to Incompatible Policies | CWE213 | 2007 A6, 2019 API3, 2021 A1, 2021 A4, 2024 M6, 2025 A1 | L1 | | * | || Invocation of Process Using Visible Sensitive Information* | CWE214 | 2021 A1, 2025 A1 | L1 | | | || Insertion of Sensitive Information Into Debugging Code | CWE215 | 2004 A10, 2007 A6, 2013 A5, 2021 A1, 2024 M6, 2025 A1, 2025 A10 | L1 | | * | || DEPRECATED: Containment Errors (Container Errors)* | CWE216 | | | | | || DEPRECATED: Failure to Protect Stored Data from Modification* | CWE217 | | | | | || DEPRECATED: Failure to provide confidentiality for stored data* | CWE218 | | | | | || Storage of File with Sensitive Data Under Web Root* | CWE219 | 2004 A10, 2010 A6, 2021 A1, 2025 A1 | L1 | | | || Storage of File With Sensitive Data Under FTP Root* | CWE220 | 2004 A10, 2010 A6, 2017 A3, 2021 A1, 2025 A1 | L1 | | | || Information Loss or Omission* | CWE221 | 2025 A9 | | | | || Truncation of Security-relevant Information* | CWE222 | 2025 A9 | | | | || Omission of Security-relevant Information* | CWE223 | 2017 A10, 2019 API10, 2021 A9, 2025 A9 | | | | || Obscured Security-relevant Information by Alternate Name* | CWE224 | 2025 A9 | | | | || DEPRECATED: General Information Management Problems* | CWE225 | | | | | || Sensitive Information in Resource Not Removed Before Reuse* | CWE226 | 2004 A8, 2004 A10 | L1 | | | * || Improper Handling of Syntactically Invalid Structure* | CWE228 | 2004 A7, 2025 A10 | | | | || Improper Handling of Values* | CWE229 | 2004 A7 | | | | || Improper Handling of Missing Values* | CWE230 | | | | | || Improper Handling of Extra Values* | CWE231 | | | | | || Improper Handling of Undefined Values* | CWE232 | | | | | || Improper Handling of Parameters* | CWE233 | 2004 A7 | L2 | | | || Failure to Handle Missing Parameter* | CWE234 | 2025 A10 | L2 | | | || Improper Handling of Extra Parameters | CWE235 | 2021 A4, 2025 A10 | L1 | | | || Improper Handling of Undefined Parameters* | CWE236 | | L2 | | | || Improper Handling of Structural Elements* | CWE237 | 2004 A7 | | | | || Improper Handling of Incomplete Structural Elements* | CWE238 | | | | | || Failure to Handle Incomplete Element* | CWE239 | | | | | || Improper Handling of Inconsistent Structural Elements* | CWE240 | | | | | || Improper Handling of Unexpected Data Type* | CWE241 | 2004 A7 | | | | || Use of Inherently Dangerous Function | CWE242 | 2016 M1, 2016 M7 | | v4.0.1 6.2.4 | | || Creation of chroot Jail Without Changing Working Directory* | CWE243 | | | | | || Improper Clearing of Heap Memory Before Release ('Heap Inspection')* | CWE244 | 2004 A8 | L2 | | | || J2EE Bad Practices: Direct Management of Connections* | CWE245 | | | | | || J2EE Bad Practices: Direct Use of Sockets* | CWE246 | | | | | || DEPRECATED: Reliance on DNS Lookups in a Security Decision* | CWE247 | | | | | || Uncaught Exception* | CWE248 | 2004 A9, 2025 A10 | | | | || DEPRECATED: Often Misused: Path Manipulation* | CWE249 | | | | | || Execution with Unnecessary Privileges* | CWE250 | 2010 A6, 2021 A4, 2025 A6 | L2 | | * | * || Unchecked Return Value | CWE252 | 2004 A7, 2025 A10 | L2 | | | * || Incorrect Check of Function Return Value | CWE253 | 2025 A10 | L2 | | | * || Plaintext Storage of a Password* | CWE256 | 2004 A3, 2007 A7, 2013 A2, 2017 A2, 2021 A4, 2025 A6 | L2 | | * | || Storing Passwords in a Recoverable Format* | CWE257 | 2004 A3, 2007 A7, 2013 A2, 2017 A2, 2021 A4, 2025 A6 | | | * | || Empty Password in Configuration File* | CWE258 | 2004 A3, 2021 A5, 2021 A7, 2025 A2, 2025 A7 | L1 | | | || Use of Hard-coded Password | CWE259 | 2004 A3, 2010 A3, 2014 M2, 2016 M2, 2019 API2, 2021 A7, 2024 M1, 2024 M9, 2025 A7 | L2 | v4.0.1 8.6.2 | * | * || Password in Configuration File* | CWE260 | 2004 A3, 2007 A7, 2013 A2, 2017 A2, 2021 A4, 2021 A5, 2025 A2, 2025 A6 | | | * | || Weak Encoding for Password* | CWE261 | 2004 A3, 2004 A8, 2007 A7, 2013 A2, 2017 A2, 2021 A2, 2021 A4, 2025 A4, 2025 A6 | | | * | || Not Using Password Aging* | CWE262 | 2025 A7 | | | | || Password Aging with Long Expiration* | CWE263 | 2025 A7 | L1 | | | || Incorrect Privilege Assignment | CWE266 | 2004 A2, 2021 A4, 2025 A6 | | | * | || Privilege Defined With Unsafe Actions* | CWE267 | 2021 A4, 2025 A6 | | | * | || Privilege Chaining* | CWE268 | 2004 A2, 2021 A4, 2025 A6 | | | * | || Improper Privilege Management* | CWE269 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2021 A4, 2024 M3, 2025 A1, 2025 A6 | L2 | v4.0.1 6.2.4 | * | || Privilege Context Switching Error* | CWE270 | 2021 A4, 2025 A6 | | | * | || Privilege Dropping / Lowering Errors* | CWE271 | 2021 A4, 2025 A6 | | | * | || Least Privilege Violation* | CWE272 | | L2 | | | || Improper Check for Dropped Privileges* | CWE273 | 2025 A10 | L2 | | | * || Improper Handling of Insufficient Privileges* | CWE274 | 2021 A4, 2025 A6, 2025 A10 | | | * | || Incorrect Default Permissions | CWE276 | 2010 A6, 2021 A1, 2025 A1 | L2 | | * | * || Insecure Inherited Permissions* | CWE277 | 2010 A6, 2025 A1 | L2 | | * | * || Insecure Preserved Inherited Permissions* | CWE278 | 2010 A6, 2025 A1 | L2 | | * | * || Incorrect Execution-Assigned Permissions* | CWE279 | 2010 A6, 2025 A1 | L2 | | * | * || Improper Handling of Insufficient Permissions or Privileges * | CWE280 | 2021 A4, 2025 A10 | | | | || Improper Preservation of Permissions* | CWE281 | 2010 A6, 2025 A1 | L2 | | * | * || Improper Ownership Management* | CWE282 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Unverified Ownership* | CWE283 | 2004 A2, 2025 A1 | | | | || Improper Access Control* | CWE284 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Improper Authorization | CWE285 | 2004 A2, 2007 A10, 2010 A8, 2013 A7, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2019 API5, 2021 A1, 2024 M3, 2025 A1 | L1 | v4.0.1 6.2.4 | * | * || Incorrect User Management* | CWE286 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1, 2025 A6 | L2 | v4.0.1 6.2.4 | * | || Improper Authentication* | CWE287 | 2004 A2, 2004 A3, 2007 A7, 2010 A3, 2013 A2, 2014 M5, 2016 M4, 2017 A2, 2017 A5, 2019 API1, 2021 A1, 2021 A7, 2024 M3, 2025 A1, 2025 A7 | L1 | v4.0.1 6.2.4 | * | || Authentication Bypass Using an Alternate Path or Channel* | CWE288 | 2004 A2, 2007 A10, 2010 A3, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2021 A7, 2024 M3, 2025 A1, 2025 A7 | L1 | v4.0.1 6.2.4 | * | * || Authentication Bypass by Alternate Name | CWE289 | 2025 A7 | | | | || Authentication Bypass by Spoofing* | CWE290 | 2004 A3, 2007 A7, 2010 A3, 2013 A2, 2017 A2, 2021 A7, 2025 A7 | L1 | v4.0.1 6.2.4 | * | || Reliance on IP Address for Authentication* | CWE291 | 2021 A7, 2025 A7 | L2 | | | || DEPRECATED: Trusting Self-reported DNS Name* | CWE292 | | | | | || Using Referer Field for Authentication* | CWE293 | 2021 A7, 2025 A7 | L2 | | | || Authentication Bypass by Capture-replay* | CWE294 | 2004 A3, 2007 A7, 2010 A3, 2013 A2, 2017 A2, 2021 A7, 2025 A7 | L1 | v4.0.1 6.2.4 | * | || Improper Certificate Validation | CWE295 | 2004 A3, 2004 A10, 2007 A7, 2010 A3, 2013 A2, 2014 M5, 2016 M4, 2017 A2, 2017 A3, 2021 A7, 2024 M3, 2025 A7 | L1 | v4.0.1 4.2.1, v4.0.1 6.2.4 | * | || Improper Following of a Certificate's Chain of Trust* | CWE296 | 2004 A3, 2004 A10, 2014 M5, 2016 M4, 2017 A3, 2021 A2, 2021 A7, 2024 M3, 2025 A4, 2025 A7 | L2 | v4.0.1 4.2.1 | * | || Improper Validation of Certificate with Host Mismatch | CWE297 | 2004 A10, 2014 M5, 2016 M4, 2017 A3, 2021 A7, 2024 M3, 2025 A7 | L2 | v4.0.1 4.2.1 | * | || Improper Validation of Certificate Expiration* | CWE298 | 2004 A3, 2004 A10, 2014 M5, 2016 M4, 2017 A3, 2021 A7, 2024 M3, 2025 A7 | L2 | v4.0.1 4.2.1 | * | * || Improper Check for Certificate Revocation* | CWE299 | 2004 A9, 2004 A10, 2014 M5, 2016 M4, 2017 A3, 2021 A7, 2024 M3, 2025 A7 | L2 | v4.0.1 4.2.1 | * | * || Channel Accessible by Non-Endpoint* | CWE300 | 2021 A7, 2025 A7 | L2 | | | || Reflection Attack in an Authentication Protocol* | CWE301 | 2007 A7, 2025 A7 | | | | || Authentication Bypass by Assumed-Immutable Data | CWE302 | 2004 A3, 2021 A4, 2021 A7, 2025 A6, 2025 A7 | | | | * || Incorrect Implementation of Authentication Algorithm* | CWE303 | 2025 A7 | | | | || Missing Critical Step in Authentication* | CWE304 | 2004 A3, 2021 A7, 2025 A7 | L1 | | | || Authentication Bypass by Primary Weakness* | CWE305 | 2025 A7 | | | | || Missing Authentication for Critical Function* | CWE306 | 2004 A3, 2007 A7, 2010 A3, 2013 A2, 2017 A2, 2021 A7, 2025 A7 | L1 | v4.0.1 6.2.4 | * | * || Improper Restriction of Excessive Authentication Attempts* | CWE307 | 2004 A3, 2007 A7, 2010 A3, 2013 A2, 2017 A2, 2019 API4, 2021 A4, 2021 A7, 2025 A6, 2025 A7 | L1 | v4.0.1 6.2.4 | * | * || Use of Single-factor Authentication* | CWE308 | 2017 A2, 2025 A7 | L2 | | | || Use of Password System for Primary Authentication* | CWE309 | 2004 A3, 2025 A7 | | | | || Missing Encryption of Sensitive Data | CWE311 | 2004 A8, 2007 A8, 2007 A9, 2010 A7, 2010 A9, 2013 A2, 2013 A6, 2017 A3, 2021 A4, 2025 A6 | L2 | v4.0.1 4.2.1 | | * || Cleartext Storage of Sensitive Information | CWE312 | 2004 A8, 2007 A8, 2007 A9, 2010 A7, 2010 A9, 2013 A2, 2013 A6, 2014 M2, 2016 M2, 2017 A3, 2021 A1, 2021 A4, 2024 M9, 2025 A1, 2025 A6 | L1 | v4.0.1 4.2.1 | | * || Cleartext Storage in a File or on Disk* | CWE313 | 2010 A7, 2013 A6, 2014 M2, 2016 M2, 2017 A3, 2021 A4, 2024 M9, 2025 A6 | | | | || Cleartext Storage in the Registry* | CWE314 | 2010 A7, 2013 A6, 2014 M2, 2016 M2, 2017 A3, 2021 A4, 2024 M9, 2025 A6 | | | | || Cleartext Storage of Sensitive Information in a Cookie | CWE315 | 2010 A7, 2013 A6, 2014 M2, 2016 M2, 2017 A3, 2021 A4, 2021 A5, 2024 M9, 2025 A2, 2025 A6 | | | | || Cleartext Storage of Sensitive Information in Memory* | CWE316 | 2010 A7, 2013 A6, 2014 M2, 2016 M2, 2017 A3, 2021 A4, 2024 M9, 2025 A6 | | | | || Cleartext Storage of Sensitive Information in GUI* | CWE317 | 2010 A7, 2013 A6, 2014 M2, 2016 M2, 2017 A3, 2021 A4, 2024 M9, 2025 A6 | | | | || Cleartext Storage of Sensitive Information in Executable* | CWE318 | 2010 A7, 2013 A6, 2014 M2, 2016 M2, 2017 A3, 2021 A4, 2024 M9, 2025 A6 | | | | || Cleartext Transmission of Sensitive Information | CWE319 | 2004 A8, 2007 A8, 2007 A9, 2010 A7, 2010 A9, 2013 A2, 2013 A6, 2014 M3, 2016 M3, 2017 A3, 2021 A2, 2021 A4, 2024 M5, 2025 A4, 2025 A6 | L1 | v4.0.1 4.2.1 | | * || Use of Hard-coded Cryptographic Key | CWE321 | 2004 A3, 2004 A8, 2007 A8, 2007 A9, 2010 A3, 2014 M2, 2016 M2, 2019 API2, 2021 A2, 2021 A7, 2024 M1, 2024 M9, 2025 A4, 2025 A7 | L2 | v4.0.1 8.6.2 | * | * || Key Exchange without Entity Authentication* | CWE322 | 2010 A3, 2021 A2, 2021 A7, 2025 A4, 2025 A7 | L1 | | * | * || Reusing a Nonce, Key Pair in Encryption* | CWE323 | 2021 A2, 2025 A4 | | | | || Use of a Key Past its Expiration Date* | CWE324 | 2021 A2, 2025 A4 | | | | * || Missing Cryptographic Step* | CWE325 | 2007 A8, 2007 A9, 2013 A6, 2017 A3, 2021 A2, 2025 A4 | | | | || Inadequate Encryption Strength | CWE326 | 2004 A8, 2007 A8, 2007 A9, 2010 A7, 2013 A6, 2014 M6, 2016 M5, 2017 A3, 2021 A2, 2024 M10, 2025 A4, 2025 A6 | L1 | v4.0.1 6.2.4 | | || Use of a Broken or Risky Cryptographic Algorithm | CWE327 | 2004 A8, 2010 A7, 2013 A6, 2014 M6, 2016 M5, 2017 A3, 2021 A2, 2024 M10, 2025 A4, 2025 A6 | L2 | v4.0.1 6.2.4 | | * || Use of Weak Hash | CWE328 | 2004 A8, 2007 A8, 2007 A9, 2010 A7, 2013 A6, 2014 M6, 2016 M5, 2017 A3, 2021 A2, 2024 M10, 2025 A4 | L1 | v4.0.1 6.2.4 | | * || Generation of Predictable IV with CBC Mode | CWE329 | 2021 A2, 2025 A4 | | v4.0.1 6.2.4 | | || Use of Insufficiently Random Values | CWE330 | 2004 A2, 2021 A2, 2025 A4, 2025 A6 | L1 | | | * || Insufficient Entropy* | CWE331 | 2004 A2, 2021 A2, 2025 A4 | L1 | | | * || Insufficient Entropy in PRNG* | CWE332 | 2021 A2, 2025 A4 | L1 | | | || Improper Handling of Insufficient Entropy in TRNG* | CWE333 | 2021 A2, 2025 A4, 2025 A10 | L1 | | | || Small Space of Random Values* | CWE334 | 2004 A2, 2021 A2, 2025 A4 | L1 | | | * || Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)* | CWE335 | 2004 A2, 2021 A2, 2025 A4 | L1 | | | * || Same Seed in Pseudo-Random Number Generator (PRNG)* | CWE336 | 2021 A2, 2025 A4 | | | | || Predictable Seed in Pseudo-Random Number Generator (PRNG)* | CWE337 | 2021 A2, 2025 A4 | | | | || Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)* | CWE338 | 2004 A2, 2021 A2, 2025 A4 | L1 | | | * || Small Seed Space in PRNG* | CWE339 | 2021 A2, 2025 A4 | | | | || Generation of Predictable Numbers or Identifiers* | CWE340 | 2004 A2, 2021 A2, 2025 A4 | L1 | | | * || Predictable from Observable State* | CWE341 | 2021 A2, 2025 A4 | | | | || Predictable Exact Value from Previous Values* | CWE342 | 2021 A2, 2025 A4 | | | | || Predictable Value Range from Previous Values* | CWE343 | 2021 A2, 2025 A4 | | | | || Use of Invariant Value in Dynamically Changing Context* | CWE344 | 2004 A2, 2021 A2, 2025 A4 | L1 | | | * || Insufficient Verification of Data Authenticity* | CWE345 | 2004 A3, 2021 A8, 2025 A6, 2025 A8 | L2 | | | || Origin Validation Error* | CWE346 | 2004 A2, 2004 A3, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2021 A7, 2021 A8, 2024 M3, 2025 A1, 2025 A7, 2025 A8 | L1 | v4.0.1 6.2.4 | * | || Improper Verification of Cryptographic Signature* | CWE347 | 2004 A3, 2021 A2, 2021 A8, 2025 A4, 2025 A8 | L2 | | | || Use of Less Trusted Source* | CWE348 | 2004 A3, 2021 A8, 2025 A8 | L2 | | | || Acceptance of Extraneous Untrusted Data With Trusted Data* | CWE349 | 2004 A3, 2021 A8, 2025 A8 | L2 | | | || Reliance on Reverse DNS Resolution for a Security-Critical Action* | CWE350 | 2021 A4, 2021 A7, 2025 A6, 2025 A7 | L1 | | | * || Insufficient Type Distinction* | CWE351 | 2004 A3, 2021 A8, 2025 A8 | L2 | | | || Cross-Site Request Forgery (CSRF) | CWE352 | 2004 A3, 2007 A5, 2010 A5, 2013 A8, 2021 A1, 2021 A8, 2025 A1, 2025 A8 | L1 | v4.0.1 6.2.4 | * | * || Missing Support for Integrity Check | CWE353 | 2004 A3, 2021 A8, 2025 A8 | L1 | | | || Improper Validation of Integrity Check Value* | CWE354 | 2004 A3, 2021 A8, 2025 A8, 2025 A10 | L2 | | | * || Product UI does not Warn User of Unsafe Actions* | CWE356 | 2025 A9 | | | | || Insufficient UI Warning of Dangerous Operations* | CWE357 | 2025 A6 | | | | || Improperly Implemented Security Check for Standard* | CWE358 | 2025 A6 | | | | || Exposure of Private Personal Information to an Unauthorized Actor | CWE359 | 2007 A6, 2017 A3, 2021 A1, 2024 M6, 2025 A1 | L1 | | * | || Trust of System Event Data* | CWE360 | 2004 A3, 2021 A8, 2025 A8 | L2 | | | || Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | CWE362 | 2025 A6 | L2 | | * | * || Race Condition Enabling Link Following* | CWE363 | | L2 | | | || Signal Handler Race Condition* | CWE364 | 2025 A6 | L2 | | * | * || DEPRECATED: Race Condition in Switch* | CWE365 | | | | | || Race Condition within a Thread | CWE366 | 2025 A6 | L2 | | * | * || Time-of-check Time-of-use (TOCTOU) Race Condition* | CWE367 | 2025 A6 | L2 | | * | * || Context Switching Race Condition* | CWE368 | 2025 A6 | L2 | | * | * || Divide By Zero | CWE369 | 2004 A9, 2025 A10 | | | | * || Missing Check for Certificate Revocation after Initial Check* | CWE370 | 2025 A7 | L2 | | | || Incomplete Internal State Distinction* | CWE372 | | | | | || DEPRECATED: State Synchronization Error* | CWE373 | | | | | || Passing Mutable Objects to an Untrusted Method | CWE374 | 2021 A1, 2025 A1 | | | | || Returning a Mutable Object to an Untrusted Caller* | CWE375 | 2021 A1, 2025 A1 | | | | || Insecure Temporary File* | CWE377 | 2021 A1, 2025 A1 | | | | || Creation of Temporary File With Insecure Permissions* | CWE378 | 2021 A1, 2025 A1 | | | | || Creation of Temporary File in Directory with Insecure Permissions* | CWE379 | 2021 A1, 2025 A1 | | | | || J2EE Bad Practices: Use of System.exit() | CWE382 | 2004 A9, 2025 A6 | | | | || J2EE Bad Practices: Direct Use of Threads* | CWE383 | | | | | || Session Fixation* | CWE384 | 2004 A3, 2013 A2, 2014 M9, 2017 A2, 2021 A3, 2021 A7, 2025 A5, 2025 A7 | L1 | | | || Covert Timing Channel* | CWE385 | | L3 | | | || Symbolic Name not Mapping to Correct Object* | CWE386 | 2013 A4, 2021 A1 | | | | || Detection of Error Condition Without Action* | CWE390 | 2004 A7, 2025 A10 | L2 | | | || Unchecked Error Condition | CWE391 | 2004 A7, 2025 A10 | L2 | | | * || Missing Report of Error Condition* | CWE392 | 2025 A10 | | | | || Return of Wrong Status Code* | CWE393 | 2025 A10 | | | | || Unexpected Status Code or Return Value* | CWE394 | 2004 A7, 2025 A10 | L2 | | | * || Use of NullPointerException Catch to Detect NULL Pointer Dereference | CWE395 | 2025 A10 | | | | || Declaration of Catch for Generic Exception | CWE396 | 2025 A9, 2025 A10 | | | | || Declaration of Throws for Generic Exception | CWE397 | 2025 A9, 2025 A10 | | | | || Uncontrolled Resource Consumption | CWE400 | 2004 A9 | L1 | | * | || Missing Release of Memory after Effective Lifetime | CWE401 | 2004 A9 | | | * | * || Transmission of Private Resources into a New Sphere ('Resource Leak')* | CWE402 | 2021 A1, 2025 A1 | | | | || Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')* | CWE403 | 2021 A1, 2025 A1 | | | | || Improper Resource Shutdown or Release | CWE404 | 2004 A9 | | | | * || Asymmetric Resource Consumption (Amplification)* | CWE405 | 2004 A9 | L1 | | * | || Insufficient Control of Network Message Volume (Network Amplification)* | CWE406 | 2004 A9 | | | | || Inefficient Algorithmic Complexity* | CWE407 | 2004 A9 | | | | || Incorrect Behavior Order: Early Amplification* | CWE408 | 2004 A9 | | | | || Improper Handling of Highly Compressed Data (Data Amplification)* | CWE409 | 2004 A9 | L2 | | | || Insufficient Resource Pool* | CWE410 | 2004 A9 | | | | || Unrestricted Externally Accessible Lock | CWE412 | 2004 A9 | | | | || Improper Resource Locking | CWE413 | | | | | || Missing Lock Check* | CWE414 | | | | | || Double Free | CWE415 | | | | | * || Use After Free | CWE416 | | | | * | * || Unprotected Primary Channel* | CWE419 | 2021 A4, 2025 A6 | L1 | | | || Unprotected Alternate Channel* | CWE420 | | L2 | | | || Race Condition During Access to Alternate Channel* | CWE421 | 2025 A6 | L2 | | * | * || Unprotected Windows Messaging Channel ('Shatter')* | CWE422 | | | | | || DEPRECATED: Proxied Trusted Channel* | CWE423 | | | | | || Improper Protection of Alternate Path* | CWE424 | 2025 A1, 2025 A6 | | | | || Direct Request ('Forced Browsing')* | CWE425 | 2004 A1, 2004 A2, 2007 A10, 2010 A4, 2010 A8, 2017 A5, 2021 A1, 2021 A7, 2025 A1, 2025 A7 | | | * | * || Untrusted Search Path* | CWE426 | 2021 A1, 2021 A4, 2021 A8, 2025 A1, 2025 A6, 2025 A8 | | | * | * || Uncontrolled Search Path Element* | CWE427 | 2021 A1, 2025 A1, 2025 A8 | | | | || Unquoted Search Path or Element* | CWE428 | 2021 A1, 2025 A1 | | | | || Deployment of Wrong Handler* | CWE430 | 2021 A4 | | | | || Missing Handler* | CWE431 | | L2 | | | || Dangerous Signal Handler not Disabled During Sensitive Operations* | CWE432 | | | | | || Unparsed Raw Web Content Delivery* | CWE433 | 2004 A10, 2010 A6, 2021 A1, 2025 A1 | | | | || Unrestricted Upload of File with Dangerous Type* | CWE434 | 2007 A3, 2010 A4, 2021 A4, 2025 A6 | L1 | | * | * || Improper Interaction Between Multiple Correctly-Behaving Entities* | CWE435 | | | | | || Interpretation Conflict* | CWE436 | 2025 A6 | L2 | | | || Incomplete Model of Endpoint Features* | CWE437 | 2025 A6 | L2 | | | || Behavioral Change in New Version or Environment* | CWE439 | | | | | || Expected Behavior Violation | CWE440 | | | | | || Unintended Proxy or Intermediary ('Confused Deputy')* | CWE441 | 2021 A1, 2021 A3, 2025 A1, 2025 A5 | | | | || DEPRECATED: HTTP response splitting* | CWE443 | | | | | || Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')* | CWE444 | 2021 A4, 2025 A6 | L2 | | | || UI Discrepancy for Security Feature* | CWE446 | | | | | || Unimplemented or Unsupported Feature in UI* | CWE447 | 2025 A3 | | | | || Obsolete Feature in UI* | CWE448 | | | | | || The UI Performs the Wrong Action* | CWE449 | | | | | || Multiple Interpretations of UI Input* | CWE450 | | | | | || User Interface (UI) Misrepresentation of Critical Information* | CWE451 | 2021 A4, 2025 A6, 2025 A9 | | | | || Insecure Default Variable Initialization* | CWE453 | | | | | || External Initialization of Trusted Variables or Data Stores* | CWE454 | 2025 A6 | | | | * || Non-exit on Failed Initialization* | CWE455 | 2004 A7, 2025 A10 | | | | * || Missing Initialization of a Variable* | CWE456 | | | | | * || Use of Uninitialized Variable | CWE457 | | | | | * || DEPRECATED: Incorrect Initialization* | CWE458 | | | | | || Incomplete Cleanup | CWE459 | 2004 A9, 2004 A10 | | | | * || Improper Cleanup on Thrown Exception* | CWE460 | 2004 A10, 2025 A10 | | | | || Duplicate Key in Associative List (Alist)* | CWE462 | | | | | || Deletion of Data Structure Sentinel* | CWE463 | | | | | || Addition of Data Structure Sentinel* | CWE464 | 2021 A3 | L1 | | | || Return of Pointer Value Outside of Expected Range* | CWE466 | 2004 A1, 2004 A5, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Use of sizeof() on a Pointer Type | CWE467 | | | | | * || Incorrect Pointer Scaling* | CWE468 | | | | | * || Use of Pointer Subtraction to Determine Size* | CWE469 | | | | | * || Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | CWE470 | 2004 A1, 2014 M8, 2021 A1, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Modification of Assumed-Immutable Data (MAID) | CWE471 | 2021 A3 | | | | || External Control of Assumed-Immutable Web Parameter* | CWE472 | 2004 A1, 2007 A4, 2021 A3, 2021 A4, 2025 A6 | | | | * || PHP External Variable Modification* | CWE473 | 2021 A3 | | | | || Use of Function with Inconsistent Implementations* | CWE474 | | | | | || Undefined Behavior for Input to API | CWE475 | | | | | || NULL Pointer Dereference | CWE476 | 2004 A9, 2025 A10 | L2 | | * | * || Use of Obsolete Function | CWE477 | 2025 A3 | L2 | | | || Missing Default Case in Multiple Condition Expression | CWE478 | 2025 A10 | | | | || Signal Handler Use of a Non-reentrant Function* | CWE479 | | | | | || Use of Incorrect Operator | CWE480 | | | | | || Assigning instead of Comparing | CWE481 | | | | | || Comparing instead of Assigning* | CWE482 | | | | | || Incorrect Block Delimitation* | CWE483 | | | | | || Omitted Break Statement in Switch | CWE484 | 2025 A10 | | | | || Comparison of Classes by Name | CWE486 | | | | | || Reliance on Package-level Scope* | CWE487 | | | | | || Exposure of Data Element to Wrong Session* | CWE488 | 2021 A1, 2025 A1 | | | | || Active Debug Code* | CWE489 | 2004 A10, 2025 A2 | | | | || Public cloneable() Method Without Final ('Object Hijack')* | CWE491 | 2021 A1, 2025 A1 | | | | || Use of Inner Class Containing Sensitive Data* | CWE492 | 2021 A1, 2025 A1 | | | | || Critical Public Variable Without Final Modifier | CWE493 | 2021 A1, 2025 A1, 2025 A5 | | | | || Download of Code Without Integrity Check* | CWE494 | 2004 A3, 2021 A8, 2024 M2, 2025 A8 | L2 | v4.0.1 6.4.3 | | * || Private Data Structure Returned From A Public Method* | CWE495 | | | | | || Public Data Assigned to Private Array-Typed Field* | CWE496 | | | | | || Exposure of Sensitive System Information to an Unauthorized Control Sphere* | CWE497 | 2007 A6, 2021 A1, 2024 M6, 2025 A1 | L1 | | * | || Cloneable Class Containing Sensitive Information* | CWE498 | 2021 A1, 2025 A1 | | | | || Serializable Class Containing Sensitive Data* | CWE499 | 2021 A1, 2025 A1 | | | | || Public Static Field Not Marked Final | CWE500 | 2025 A5 | | | | || Trust Boundary Violation | CWE501 | 2021 A4, 2025 A6 | | | | || Deserialization of Untrusted Data | CWE502 | 2017 A8, 2021 A1, 2021 A8, 2025 A8 | L1 | | * | || Embedded Malicious Code* | CWE506 | 2025 A8 | | | | || Trojan Horse* | CWE507 | 2025 A8 | L3 | | | || Non-Replicating Malicious Code* | CWE508 | | L3 | | | || Replicating Malicious Code (Virus or Worm)* | CWE509 | 2025 A8 | L1 | | | || Trapdoor* | CWE510 | 2025 A8 | | | | || Logic/Time Bomb* | CWE511 | 2025 A8 | L3 | | | || Spyware* | CWE512 | 2025 A8 | | | | || Covert Channel* | CWE514 | | | | | || Covert Storage Channel* | CWE515 | | | | | || DEPRECATED: Covert Timing Channel* | CWE516 | | | | | || .NET Misconfiguration: Use of Impersonation* | CWE520 | 2004 A2, 2004 A10, 2021 A4, 2021 A5, 2025 A6 | | | | || Weak Password Requirements* | CWE521 | 2004 A3, 2007 A7, 2010 A3, 2013 A2, 2017 A2, 2021 A7, 2025 A7 | L1 | v4.0.1 6.2.4 | * | || Insufficiently Protected Credentials* | CWE522 | 2004 A3, 2007 A7, 2010 A3, 2013 A2, 2017 A2, 2021 A1, 2021 A4, 2021 A7, 2025 A1, 2025 A6, 2025 A7 | L1 | v4.0.1 6.2.4 | * | || Unprotected Transport of Credentials* | CWE523 | 2004 A3, 2007 A7, 2013 A2, 2017 A2, 2021 A2, 2021 A4, 2025 A4, 2025 A6 | L1 | | * | || Use of Cache Containing Sensitive Information* | CWE524 | 2021 A1, 2025 A1 | L2 | | | || Use of Web Browser Cache Containing Sensitive Information* | CWE525 | 2004 A2, 2004 A3, 2021 A4, 2025 A6 | L1 | | | || Cleartext Storage of Sensitive Information in an Environment Variable* | CWE526 | 2004 A10, 2010 A7, 2013 A6, 2014 M2, 2016 M2, 2017 A3, 2021 A4, 2021 A5, 2024 M9, 2025 A2, 2025 A6 | | | | || Exposure of Version-Control Repository to an Unauthorized Control Sphere* | CWE527 | 2004 A10, 2010 A6, 2021 A1, 2025 A1 | L1 | | | || Exposure of Core Dump File to an Unauthorized Control Sphere* | CWE528 | 2004 A10, 2010 A6, 2021 A1, 2025 A1 | L1 | | | || Exposure of Access Control List Files to an Unauthorized Control Sphere* | CWE529 | 2004 A10, 2010 A6, 2021 A1, 2025 A1 | L1 | | | || Exposure of Backup File to an Unauthorized Control Sphere* | CWE530 | 2004 A10, 2010 A6, 2021 A1, 2025 A1 | L1 | | | || Inclusion of Sensitive Information in Test Code* | CWE531 | 2004 A10, 2021 A1, 2025 A1 | | | | || Insertion of Sensitive Information into Log File* | CWE532 | 2004 A10, 2007 A6, 2010 A6, 2021 A1, 2021 A9, 2024 M6, 2025 A1, 2025 A9 | L1 | | * | || DEPRECATED: Information Exposure Through Server Log Files* | CWE533 | | | | | || DEPRECATED: Information Exposure Through Debug Log Files* | CWE534 | | | | | || Exposure of Information Through Shell Error Message* | CWE535 | | | | | || Servlet Runtime Error Message Containing Sensitive Information* | CWE536 | | | | | || Java Runtime Error Message Containing Sensitive Information* | CWE537 | 2021 A5 | | | | || Insertion of Sensitive Information into Externally-Accessible File or Directory* | CWE538 | 2007 A6, 2010 A6, 2021 A1, 2024 M6, 2025 A1 | L1 | | * | || Use of Persistent Cookies Containing Sensitive Information | CWE539 | 2004 A8, 2004 A10, 2010 A6, 2021 A1, 2021 A4, 2025 A1, 2025 A6 | L1 | | | || Inclusion of Sensitive Information in Source Code* | CWE540 | 2004 A10, 2010 A6, 2021 A1, 2025 A1 | | | | || Inclusion of Sensitive Information in an Include File* | CWE541 | 2004 A10, 2021 A1, 2021 A5, 2025 A1 | | | | || DEPRECATED: Information Exposure Through Cleanup Log Files* | CWE542 | | | | | || Use of Singleton Pattern Without Synchronization in a Multithreaded Context | CWE543 | | | | | || Missing Standardized Error Handling Mechanism* | CWE544 | 2025 A10 | L2 | | | || DEPRECATED: Use of Dynamic Class Loading* | CWE545 | | | | | || Suspicious Comment* | CWE546 | | | | | || Use of Hard-coded, Security-relevant Constants* | CWE547 | 2021 A5, 2025 A2 | | | | || Exposure of Information Through Directory Listing* | CWE548 | 2004 A10, 2013 A5, 2017 A6, 2021 A1, 2025 A1 | L1 | | | || Missing Password Field Masking* | CWE549 | 2004 A3, 2007 A7, 2013 A2, 2017 A2, 2021 A4, 2025 A6 | | | * | || Server-generated Error Message Containing Sensitive Information* | CWE550 | 2004 A7, 2004 A10, 2007 A6, 2010 A6, 2013 A5, 2017 A6, 2021 A4, 2025 A10 | | | | * || Incorrect Behavior Order: Authorization Before Parsing and Canonicalization* | CWE551 | 2004 A2, 2010 A4, 2010 A8, 2021 A1, 2025 A1 | | | * | * || Files or Directories Accessible to External Parties | CWE552 | 2004 A2, 2004 A10, 2007 A10, 2010 A6, 2010 A8, 2013 A7, 2017 A5, 2019 API1, 2019 API5, 2021 A1, 2025 A1 | L1 | | | * || Command Shell in Externally Accessible Directory* | CWE553 | 2004 A10, 2010 A6, 2021 A1, 2025 A1 | L1 | | | || ASP.NET Misconfiguration: Not Using Input Validation Framework* | CWE554 | 2004 A10, 2021 A4 | | | | || J2EE Misconfiguration: Plaintext Password in Configuration File* | CWE555 | 2004 A10, 2021 A5, 2025 A2 | | | | || ASP.NET Misconfiguration: Use of Identity Impersonation* | CWE556 | 2004 A2, 2004 A10, 2021 A4, 2025 A6 | | | | || Use of getlogin() in Multithreaded Application* | CWE558 | | | | | || Use of umask() with chmod-style Argument* | CWE560 | | | | | || Dead Code | CWE561 | | | | | || Return of Stack Variable Address | CWE562 | | | | | || Assignment to Variable without Use | CWE563 | | | | | || SQL Injection: Hibernate | CWE564 | 2004 A1, 2004 A6, 2007 A2, 2010 A1, 2013 A1, 2014 M7, 2017 A1, 2019 API8, 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Reliance on Cookies without Validation and Integrity Checking* | CWE565 | 2004 A1, 2021 A4, 2021 A8, 2025 A6, 2025 A8 | L1 | | | * || Authorization Bypass Through User-Controlled SQL Primary Key* | CWE566 | 2004 A2, 2007 A4, 2010 A4, 2013 A4, 2017 A5, 2019 API1, 2021 A1, 2025 A1 | L1 | | * | || Unsynchronized Access to Shared Data in a Multithreaded Context | CWE567 | | | | | || finalize() Method Without super.finalize() | CWE568 | 2004 A10 | | | | || Expression is Always False | CWE570 | | | | | || Expression is Always True | CWE571 | | | | | || Call to Thread run() instead of start() | CWE572 | | | | | || Improper Following of Specification by Caller* | CWE573 | | | | | || EJB Bad Practices: Use of Synchronization Primitives* | CWE574 | | | | | || EJB Bad Practices: Use of AWT Swing* | CWE575 | | | | | || EJB Bad Practices: Use of Java I/O* | CWE576 | | | | | || EJB Bad Practices: Use of Sockets* | CWE577 | | | | | || EJB Bad Practices: Use of Class Loader* | CWE578 | | | | | || J2EE Bad Practices: Non-serializable Object Stored in Session | CWE579 | 2021 A4 | | | | || clone() Method Without super.clone() | CWE580 | | | | | || Object Model Violation: Just One of Equals and Hashcode Defined | CWE581 | | | | | || Array Declared Public, Final, and Static* | CWE582 | 2021 A1, 2025 A1 | | | | || finalize() Method Declared Public | CWE583 | 2021 A1, 2025 A1 | | | | || Return Inside Finally Block* | CWE584 | | | | | || Empty Synchronized Block | CWE585 | | | | | || Explicit Call to Finalize() | CWE586 | | | | | || Assignment of a Fixed Address to a Pointer | CWE587 | | | | | || Attempt to Access Child of a Non-structure Pointer* | CWE588 | | | | | || Call to Non-ubiquitous API* | CWE589 | | | | | || Free of Memory not on the Heap | CWE590 | | | | | || Sensitive Data Storage in Improperly Locked Memory* | CWE591 | 2004 A8 | | | | || DEPRECATED: Authentication Bypass Issues* | CWE592 | | | | | || Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created* | CWE593 | 2025 A7 | | | | || J2EE Framework: Saving Unserializable Objects to Disk* | CWE594 | | | | | || Comparison of Object References Instead of Object Contents | CWE595 | | | | | || DEPRECATED: Incorrect Semantic Object Comparison* | CWE596 | | | | | || Use of Wrong Operator in String Comparison | CWE597 | | | | | || Use of GET Request Method With Sensitive Query Strings* | CWE598 | 2004 A8, 2021 A1, 2021 A4, 2025 A1, 2025 A6 | L1 | | | || Missing Validation of OpenSSL Certificate* | CWE599 | 2004 A10, 2014 M5, 2016 M4, 2017 A3, 2021 A7, 2024 M3, 2025 A7 | L2 | v4.0.1 4.2.1 | * | || Uncaught Exception in Servlet * | CWE600 | 2004 A9, 2025 A10 | | | | || URL Redirection to Untrusted Site ('Open Redirect') | CWE601 | 2004 A1, 2010 A10, 2013 A10, 2021 A1, 2021 A3, 2025 A1, 2025 A5 | L1 | | | * || Client-Side Enforcement of Server-Side Security* | CWE602 | 2004 A1, 2021 A4, 2025 A6 | L1 | | | * || Use of Client-Side Authentication* | CWE603 | 2004 A1, 2021 A4, 2025 A6, 2025 A7 | L1 | | | * || Multiple Binds to the Same Port* | CWE605 | | | | | || Unchecked Input for Loop Condition* | CWE606 | | | | | || Public Static Final Field References Mutable Object | CWE607 | 2021 A3 | | | | || Struts: Non-private Field in ActionForm Class* | CWE608 | 2021 A1, 2025 A1 | | | | || Double-Checked Locking | CWE609 | | | | | || Externally Controlled Reference to a Resource in Another Sphere* | CWE610 | 2021 A3, 2025 A5 | | | | || Improper Restriction of XML External Entity Reference | CWE611 | 2017 A4, 2021 A3, 2021 A5, 2025 A2, 2025 A5 | L1 | | * | || Improper Authorization of Index Containing Sensitive Information* | CWE612 | | | | | || Insufficient Session Expiration* | CWE613 | 2004 A3, 2013 A2, 2014 M9, 2017 A2, 2021 A7, 2025 A7 | L1 | | | * || Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | CWE614 | 2010 A9, 2013 A6, 2014 M3, 2016 M3, 2017 A3, 2021 A2, 2021 A5, 2024 M5, 2025 A2, 2025 A4 | L1 | | | * || Inclusion of Sensitive Information in Source Code Comments* | CWE615 | 2004 A10, 2021 A1, 2025 A1 | | | | || Incomplete Identification of Uploaded File Variables (PHP)* | CWE616 | 2004 A3, 2021 A8, 2025 A8 | L2 | | | || Reachable Assertion | CWE617 | | | | | || Exposed Unsafe ActiveX Method* | CWE618 | 2025 A1 | L1 | | | * || Dangling Database Cursor ('Cursor Injection')* | CWE619 | 2021 A1, 2025 A1 | | | | || Unverified Password Change* | CWE620 | 2004 A3, 2013 A2, 2017 A2, 2021 A7, 2025 A7 | L1 | | | || Variable Extraction Error* | CWE621 | | | | | || Improper Validation of Function Hook Arguments* | CWE622 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Unsafe ActiveX Control Marked Safe For Scripting* | CWE623 | | | | | || Executable Regular Expression Error* | CWE624 | 2004 A1, 2004 A6, 2007 A2, 2013 A1, 2017 A1, 2019 API8, 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | * | || Permissive Regular Expression* | CWE625 | | | | | || Null Byte Interaction Error (Poison Null Byte)* | CWE626 | 2025 A6 | L1 | | | || Dynamic Variable Evaluation* | CWE627 | | | | | || Function Call with Incorrectly Specified Arguments | CWE628 | 2025 A6 | | | | || Not Failing Securely ('Failing Open')* | CWE636 | 2004 A7, 2021 A4, 2025 A6, 2025 A10 | | | | || Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')* | CWE637 | 2021 A4, 2025 A6 | L2 | | | || Not Using Complete Mediation* | CWE638 | 2010 A4, 2010 A8, 2021 A1, 2021 A4, 2025 A1, 2025 A6 | | | * | * || Authorization Bypass Through User-Controlled Key* | CWE639 | 2004 A2, 2007 A4, 2010 A4, 2010 A8, 2013 A4, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L1 | v4.0.1 6.2.4 | * | * || Weak Password Recovery Mechanism for Forgotten Password* | CWE640 | 2004 A3, 2007 A7, 2010 A3, 2013 A2, 2017 A2, 2021 A7, 2025 A7 | L1 | v4.0.1 6.2.4 | * | || Improper Restriction of Names for Files and Other Resources* | CWE641 | 2010 A4, 2013 A4, 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | | || External Control of Critical State Data* | CWE642 | 2021 A1, 2021 A4, 2025 A1, 2025 A6 | | | | * || Improper Neutralization of Data within XPath Expressions ('XPath Injection') | CWE643 | 2004 A6, 2007 A2, 2010 A1, 2013 A1, 2014 M7, 2017 A1, 2019 API8, 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | | || Improper Neutralization of HTTP Headers for Scripting Syntax* | CWE644 | 2004 A4, 2021 A3, 2024 M4, 2025 A5 | L1 | | | * || Overly Restrictive Account Lockout Mechanism* | CWE645 | 2004 A3, 2007 A7, 2010 A3, 2013 A2, 2017 A2, 2021 A7, 2025 A7 | L1 | v4.0.1 6.2.4 | * | || Reliance on File Name or Extension of Externally-Supplied File* | CWE646 | 2004 A3, 2021 A4, 2021 A8, 2025 A6, 2025 A8 | L2 | | | || Use of Non-Canonical URL Paths for Authorization Decisions* | CWE647 | 2004 A1, 2010 A4, 2010 A8, 2021 A1, 2025 A1 | | | * | * || Incorrect Use of Privileged APIs* | CWE648 | 2021 A4, 2025 A6 | | | * | || Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking* | CWE649 | 2004 A3, 2021 A8, 2025 A8 | L2 | | | || Trusting HTTP Permission Methods on the Server Side* | CWE650 | 2021 A4, 2025 A6 | L1 | | | || Exposure of WSDL File Containing Sensitive Information* | CWE651 | 2010 A6, 2021 A1, 2025 A1 | | | | || Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')* | CWE652 | 2004 A6, 2007 A2, 2010 A1, 2013 A1, 2014 M7, 2017 A1, 2019 API8, 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | | || Improper Isolation or Compartmentalization* | CWE653 | 2021 A4, 2025 A6 | | | | || Reliance on a Single Factor in a Security Decision* | CWE654 | 2021 A4, 2025 A6 | | | | || Insufficient Psychological Acceptability* | CWE655 | 2021 A4, 2025 A6 | | | | || Reliance on Security Through Obscurity* | CWE656 | 2021 A4, 2025 A6 | | | | || Violation of Secure Design Principles* | CWE657 | 2021 A4, 2025 A6 | | | | || Improper Synchronization | CWE662 | | | | | || Use of a Non-reentrant Function in a Concurrent Context* | CWE663 | | | | | || Improper Control of a Resource Through its Lifetime | CWE664 | | | | | || Improper Initialization | CWE665 | | | | | * || Operation on Resource in Wrong Phase of Lifetime* | CWE666 | | | | | || Improper Locking | CWE667 | | | | | || Exposure of Resource to Wrong Sphere* | CWE668 | 2021 A1, 2025 A1 | | | | || Incorrect Resource Transfer Between Spheres* | CWE669 | | | | | || Always-Incorrect Control Flow Implementation* | CWE670 | | | | | || Lack of Administrator Control over Security* | CWE671 | 2021 A4, 2025 A6 | | | | || Operation on a Resource after Expiration or Release | CWE672 | | | | | * || External Influence of Sphere Definition* | CWE673 | | | | | || Uncontrolled Recursion | CWE674 | 2004 A9 | | | | || Multiple Operations on Resource in Single-Operation Context* | CWE675 | | | | | || Use of Potentially Dangerous Function | CWE676 | 2025 A6 | | | | * || Integer Overflow to Buffer Overflow* | CWE680 | | L2 | | * | * || Incorrect Conversion between Numeric Types* | CWE681 | | | | | * || Incorrect Calculation | CWE682 | | | | | * || Function Call With Incorrect Order of Arguments | CWE683 | 2025 A6 | | | | || Incorrect Provision of Specified Functionality* | CWE684 | | | | | || Function Call With Incorrect Number of Arguments | CWE685 | 2025 A6 | | | | || Function Call With Incorrect Argument Type | CWE686 | 2025 A6 | | | | || Function Call With Incorrectly Specified Argument Value | CWE687 | 2025 A6 | | | | || Function Call With Incorrect Variable or Reference as Argument | CWE688 | 2025 A6 | | | | || Permission Race Condition During Resource Copy* | CWE689 | 2025 A6 | L2 | | * | * || Unchecked Return Value to NULL Pointer Dereference* | CWE690 | 2004 A7, 2025 A10 | | | | || Insufficient Control Flow Management* | CWE691 | | | | | || Incomplete Denylist to Cross-Site Scripting* | CWE692 | 2021 A3 | | | | || Protection Mechanism Failure* | CWE693 | 2025 A6 | | | | || Use of Multiple Resources with Duplicate Identifier* | CWE694 | 2010 A4, 2013 A4, 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | | || Use of Low-Level Functionality* | CWE695 | | | | | || Incorrect Behavior Order | CWE696 | | | | | || Incorrect Comparison* | CWE697 | | | | | || Execution After Redirect (EAR)* | CWE698 | | | | | || Improper Check or Handling of Exceptional Conditions | CWE703 | 2025 A10 | | | | || Incorrect Type Conversion or Cast | CWE704 | | | | | || Incorrect Control Flow Scoping* | CWE705 | | | | | || Use of Incorrectly-Resolved Name or Reference* | CWE706 | 2013 A4, 2021 A1 | | | | || Improper Neutralization* | CWE707 | | | | | || Incorrect Ownership Assignment* | CWE708 | 2004 A2, 2025 A1 | | | | || Improper Adherence to Coding Standards* | CWE710 | | | | | || Incorrect Permission Assignment for Critical Resource | CWE732 | 2004 A2, 2007 A10, 2010 A6, 2010 A8, 2013 A7, 2017 A5, 2019 API1, 2019 API5, 2021 A1, 2025 A1 | L1 | | * | * || Compiler Optimization Removal or Modification of Security-critical Code* | CWE733 | | | | | || Exposed Dangerous Method or Function | CWE749 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L1 | v4.0.1 6.2.4 | * | * || Improper Check for Unusual or Exceptional Conditions | CWE754 | 2025 A10 | L2 | | | * || Improper Handling of Exceptional Conditions* | CWE755 | 2025 A10 | | | | || Missing Custom Error Page* | CWE756 | 2021 A5, 2025 A10 | | | | || Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')* | CWE757 | 2021 A2, 2025 A4, 2025 A6 | | | | || Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | CWE758 | | | | | || Use of a One-Way Hash without a Salt* | CWE759 | 2010 A7, 2021 A2, 2025 A4 | L2 | | | * || Use of a One-Way Hash with a Predictable Salt* | CWE760 | 2021 A2, 2025 A4 | L2 | | | || Free of Pointer not at Start of Buffer* | CWE761 | 2004 A9 | | | | * || Mismatched Memory Management Routines | CWE762 | 2004 A9 | | | | * || Release of Invalid Pointer or Reference* | CWE763 | 2004 A9 | | | | * || Multiple Locks of a Critical Resource* | CWE764 | | | | | || Multiple Unlocks of a Critical Resource* | CWE765 | | | | | || Critical Data Element Declared Public | CWE766 | 2010 A6, 2025 A1 | L2 | | * | * || Access to Critical Private Variable via Public Method* | CWE767 | 2021 A1, 2025 A1 | | | | || Incorrect Short Circuit Evaluation | CWE768 | | | | | || DEPRECATED: Uncontrolled File Descriptor Consumption* | CWE769 | | | | | || Allocation of Resources Without Limits or Throttling* | CWE770 | 2004 A9, 2019 API4 | L1 | | * | * || Missing Reference to Active Allocated Resource | CWE771 | 2004 A9 | L1 | | * | || Missing Release of Resource after Effective Lifetime | CWE772 | 2004 A9 | | | * | * || Missing Reference to Active File Descriptor or Handle* | CWE773 | | | | | || Allocation of File Descriptors or Handles Without Limits or Throttling* | CWE774 | 2019 API4 | L1 | | * | * || Missing Release of File Descriptor or Handle after Effective Lifetime | CWE775 | 2004 A9 | | | * | * || Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')* | CWE776 | 2004 A9, 2017 A4, 2021 A5, 2025 A2 | | | | || Regular Expression without Anchors* | CWE777 | | | | | || Insufficient Logging* | CWE778 | 2017 A10, 2019 API10, 2021 A9, 2025 A9 | L2 | | | || Logging of Excessive Data* | CWE779 | 2004 A9 | L1 | | * | || Use of RSA Algorithm without OAEP | CWE780 | 2004 A8, 2010 A7, 2013 A6, 2014 M6, 2016 M5, 2017 A3, 2021 A2, 2024 M10, 2025 A4 | L2 | v4.0.1 6.2.4 | | * || Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code* | CWE781 | | | | | || Exposed IOCTL with Insufficient Access Control* | CWE782 | 2025 A1 | L1 | | | * || Operator Precedence Logic Error | CWE783 | | | | | || Reliance on Cookies without Validation and Integrity Checking in a Security Decision* | CWE784 | 2021 A4, 2021 A8, 2025 A6, 2025 A8 | | | | * || Use of Path Manipulation Function without Maximum-sized Buffer* | CWE785 | 2004 A1, 2004 A5, 2014 M8, 2021 A3, 2024 M4, 2025 A5, 2025 A6 | L1 | v4.0.1 6.2.4 | * | * || Access of Memory Location Before Start of Buffer | CWE786 | 2004 A5 | | v4.0.1 6.2.4 | * | * || Out-of-bounds Write* | CWE787 | 2004 A5 | | v4.0.1 6.2.4 | * | * || Access of Memory Location After End of Buffer | CWE788 | 2004 A5 | | v4.0.1 6.2.4 | * | * || Memory Allocation with Excessive Size Value* | CWE789 | 2019 API4 | L1 | | * | * || Improper Filtering of Special Elements* | CWE790 | 2021 A3 | L1 | | | || Incomplete Filtering of Special Elements* | CWE791 | | | | | || Incomplete Filtering of One or More Instances of Special Elements* | CWE792 | | | | | || Only Filtering One Instance of a Special Element* | CWE793 | | | | | || Incomplete Filtering of Multiple Instances of Special Elements* | CWE794 | | | | | || Only Filtering Special Elements at a Specified Location* | CWE795 | | | | | || Only Filtering Special Elements Relative to a Marker* | CWE796 | | | | | || Only Filtering Special Elements at an Absolute Position* | CWE797 | | | | | || Use of Hard-coded Credentials | CWE798 | 2004 A3, 2007 A7, 2010 A3, 2013 A2, 2014 M2, 2016 M2, 2017 A2, 2019 API2, 2021 A7, 2024 M1, 2024 M9, 2025 A7 | L1 | v4.0.1 6.2.4, v4.0.1 8.6.2 | * | * || Improper Control of Interaction Frequency* | CWE799 | 2021 A4, 2025 A6 | L1 | | | * || Guessable CAPTCHA* | CWE804 | 2010 A4, 2010 A8, 2021 A1, 2025 A1, 2025 A7 | | | * | * || Buffer Access with Incorrect Length Value* | CWE805 | 2004 A5 | | v4.0.1 6.2.4 | * | * || Buffer Access Using Size of Source Buffer* | CWE806 | | | | | * || Reliance on Untrusted Inputs in a Security Decision | CWE807 | 2021 A4, 2025 A6 | | | | * || Missing Synchronization | CWE820 | | | | | || Incorrect Synchronization | CWE821 | | | | | || Untrusted Pointer Dereference* | CWE822 | 2004 A5 | | v4.0.1 6.2.4 | * | * || Use of Out-of-range Pointer Offset* | CWE823 | 2004 A5 | | v4.0.1 6.2.4 | * | * || Access of Uninitialized Pointer* | CWE824 | 2004 A5 | | v4.0.1 6.2.4 | * | * || Expired Pointer Dereference | CWE825 | 2004 A5 | | v4.0.1 6.2.4 | * | * || Premature Release of Resource During Expected Lifetime* | CWE826 | | | | | || Improper Control of Document Type Definition* | CWE827 | 2010 A4, 2013 A4, 2021 A1, 2021 A8, 2024 M2, 2025 A8 | L1 | | | * || Signal Handler with Functionality that is not Asynchronous-Safe* | CWE828 | | | | | || Inclusion of Functionality from Untrusted Control Sphere* | CWE829 | 2010 A4, 2021 A8, 2024 M2, 2025 A8 | L1 | | | * || Inclusion of Web Functionality from an Untrusted Source* | CWE830 | 2010 A4, 2021 A8, 2024 M2, 2025 A8 | L1 | | | * || Signal Handler Function Associated with Multiple Signals* | CWE831 | | | | | || Unlock of a Resource that is not Locked* | CWE832 | | | | | || Deadlock | CWE833 | | | | | || Excessive Iteration | CWE834 | | | | | || Loop with Unreachable Exit Condition ('Infinite Loop') | CWE835 | | | | | || Use of Password Hash Instead of Password for Authentication* | CWE836 | 2025 A7 | | | | || Improper Enforcement of a Single, Unique Action* | CWE837 | 2021 A4, 2025 A6 | L1 | | | * || Inappropriate Encoding for Output Context* | CWE838 | 2021 A3, 2024 M4, 2025 A5 | L1 | | | * || Numeric Range Comparison Without Minimum Check* | CWE839 | | | | | || Improper Enforcement of Behavioral Workflow* | CWE841 | 2021 A4, 2025 A6 | L1 | | | * || Placement of User into Incorrect Group* | CWE842 | 2025 A6 | | | | || Access of Resource Using Incompatible Type ('Type Confusion')* | CWE843 | | | | | || Missing Authorization* | CWE862 | 2004 A2, 2007 A10, 2010 A4, 2010 A8, 2013 A7, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2019 API5, 2021 A1, 2024 M3, 2025 A1 | L1 | v4.0.1 6.2.4 | * | * || Incorrect Authorization* | CWE863 | 2004 A2, 2007 A10, 2010 A4, 2010 A8, 2013 A7, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2019 API5, 2021 A1, 2024 M3, 2025 A1 | L1 | v4.0.1 6.2.4 | * | * || Use of Uninitialized Resource* | CWE908 | | | | | * || Missing Initialization of Resource* | CWE909 | | | | | * || Use of Expired File Descriptor | CWE910 | | | | | * || Improper Update of Reference Count* | CWE911 | | | | | || Hidden Functionality* | CWE912 | | | | | || Improper Control of Dynamically-Managed Code Resources* | CWE913 | 2021 A1 | | | | || Improper Control of Dynamically-Identified Variables* | CWE914 | 2010 A4, 2013 A4, 2021 A1, 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | | || Improperly Controlled Modification of Dynamically-Determined Object Attributes | CWE915 | 2019 API6, 2021 A1, 2021 A8, 2025 A8 | L1 | | | || Use of Password Hash With Insufficient Computational Effort* | CWE916 | 2004 A8, 2010 A7, 2013 A6, 2014 M6, 2016 M5, 2017 A3, 2021 A2, 2024 M10, 2025 A4 | L2 | v4.0.1 6.2.4 | | * || Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') | CWE917 | 2004 A1, 2004 A6, 2007 A2, 2013 A1, 2017 A1, 2019 API8, 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | * | || Server-Side Request Forgery (SSRF) | CWE918 | 2021 A1, 2021 A3, 2021 A10, 2025 A1, 2025 A5 | L1 | | * | || Improper Restriction of Power Consumption* | CWE920 | 2004 A9 | L1 | | * | || Storage of Sensitive Data in a Mechanism without Access Control | CWE921 | 2014 M2, 2014 M4, 2016 M2, 2021 A1, 2024 M9, 2025 A1 | L1 | | | || Insecure Storage of Sensitive Information* | CWE922 | 2021 A1, 2025 A1 | L1 | | | || Improper Restriction of Communication Channel to Intended Endpoints* | CWE923 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Improper Enforcement of Message Integrity During Transmission in a Communication Channel* | CWE924 | 2004 A3, 2021 A8, 2025 A8 | L2 | | | || Improper Verification of Intent by Broadcast Receiver | CWE925 | 2016 M1, 2021 A7, 2025 A7 | | | | || Improper Export of Android Application Components* | CWE926 | 2004 A2, 2007 A10, 2010 A8, 2013 A7, 2016 M1, 2017 A5, 2019 API1, 2019 API5, 2021 A1, 2025 A1, 2025 A8 | L1 | | | * || Use of Implicit Intent for Sensitive Communication | CWE927 | 2004 A2, 2007 A10, 2010 A8, 2013 A7, 2017 A5, 2019 API1, 2019 API5, 2021 A1, 2021 A4, 2025 A1 | L1 | | | * || Improper Authorization in Handler for Custom URL Scheme* | CWE939 | 2010 A4, 2010 A8, 2021 A1, 2021 A7, 2025 A1, 2025 A7 | | | * | * || Improper Verification of Source of a Communication Channel* | CWE940 | 2021 A7, 2025 A7 | L1 | | | || Incorrectly Specified Destination in a Communication Channel* | CWE941 | 2025 A7 | L2 | | | || Permissive Cross-domain Security Policy with Untrusted Domains | CWE942 | 2004 A1, 2010 A4, 2010 A8, 2021 A1, 2021 A4, 2021 A5, 2025 A1, 2025 A2, 2025 A6 | L2 | | * | * || Improper Neutralization of Special Elements in Data Query Logic | CWE943 | 2004 A6, 2013 A1, 2017 A1, 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | | || Sensitive Cookie Without 'HttpOnly' Flag | CWE1004 | 2010 A6, 2021 A5, 2025 A1, 2025 A2 | L1 | | * | * || Insufficient Visual Distinction of Homoglyphs Presented to User* | CWE1007 | 2021 A4, 2025 A6 | | | | || Improper Restriction of Rendered UI Layers or Frames* | CWE1021 | 2021 A1, 2021 A3, 2021 A4, 2025 A1, 2025 A5, 2025 A6 | L1 | | | || Use of Web Link to Untrusted Target with window.opener Access* | CWE1022 | 2004 A2, 2021 A4, 2025 A6 | | | | || Incomplete Comparison with Missing Factors* | CWE1023 | | | | | || Comparison of Incompatible Types* | CWE1024 | | | | | || Comparison Using Wrong Factors* | CWE1025 | | | | | || Processor Optimization Removal or Modification of Security-critical Code* | CWE1037 | | | | | || Insecure Automated Optimizations* | CWE1038 | | | | | || Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism* | CWE1039 | 2025 A6 | | | | || Use of Redundant Code | CWE1041 | | | | | || Static Member Data Element outside of a Singleton Class Element* | CWE1042 | | | | | || Data Element Aggregating an Excessively Large Number of Non-Primitive Elements* | CWE1043 | | | | | || Architecture with Number of Horizontal Layers Outside of Expected Range* | CWE1044 | | | | | || Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor* | CWE1045 | | | | | || Creation of Immutable Text Using String Concatenation* | CWE1046 | | | | | || Modules with Circular Dependencies* | CWE1047 | | | | | || Invokable Control Element with Large Number of Outward Calls* | CWE1048 | | | | | || Excessive Data Query Operations in a Large Data Table* | CWE1049 | | | | | || Excessive Platform Resource Consumption within a Loop* | CWE1050 | 2004 A9 | | | | || Initialization with Hard-Coded Network Resource Configuration Data* | CWE1051 | | | | | || Excessive Use of Hard-Coded Literals in Initialization* | CWE1052 | | | | | || Missing Documentation for Design* | CWE1053 | 2019 API9 | L2 | | | || Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer* | CWE1054 | | | | | || Multiple Inheritance from Concrete Classes* | CWE1055 | | | | | || Invokable Control Element with Variadic Parameters* | CWE1056 | | | | | || Data Access Operations Outside of Expected Data Manager Component* | CWE1057 | | | | | || Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element* | CWE1058 | | | | | || Insufficient Technical Documentation* | CWE1059 | 2019 API9 | L2 | | | || Excessive Number of Inefficient Server-Side Data Accesses* | CWE1060 | | | | | || Insufficient Encapsulation* | CWE1061 | | | | | || Parent Class with References to Child Class* | CWE1062 | | | | | || Creation of Class Instance within a Static Code Block* | CWE1063 | | | | | || Invokable Control Element with Signature Containing an Excessive Number of Parameters* | CWE1064 | | | | | || Runtime Resource Management Control Element in a Component Built to Run on Application Servers* | CWE1065 | | | | | || Missing Serialization Control Element | CWE1066 | | | | | || Excessive Execution of Sequential Searches of Data Resource* | CWE1067 | | | | | || Inconsistency Between Implementation and Documented Design* | CWE1068 | | | | | || Empty Exception Block* | CWE1069 | | | | | || Serializable Data Element Containing non-Serializable Item Elements* | CWE1070 | | | | | || Empty Code Block* | CWE1071 | | | | | || Data Resource Access without Use of Connection Pooling* | CWE1072 | 2004 A9 | | | | || Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses* | CWE1073 | 2004 A9 | | | | || Class with Excessively Deep Inheritance* | CWE1074 | | | | | || Unconditional Control Flow Transfer outside of Switch Block* | CWE1075 | | | | | || Insufficient Adherence to Expected Conventions* | CWE1076 | | | | | || Floating Point Comparison with Incorrect Operator* | CWE1077 | | | | | || Inappropriate Source Code Style or Formatting* | CWE1078 | | | | | || Parent Class without Virtual Destructor Method* | CWE1079 | | | | | || Source Code File with Excessive Number of Lines of Code* | CWE1080 | | | | | || Class Instance Self Destruction Control Element* | CWE1082 | | | | | || Data Access from Outside Expected Data Manager Component* | CWE1083 | | | | | || Invokable Control Element with Excessive File or Data Access Operations* | CWE1084 | 2004 A9 | | | | || Invokable Control Element with Excessive Volume of Commented-out Code* | CWE1085 | | | | | || Class with Excessive Number of Child Classes* | CWE1086 | | | | | || Class with Virtual Method without a Virtual Destructor* | CWE1087 | | | | | || Synchronous Access of Remote Resource without Timeout* | CWE1088 | | | | | || Large Data Table with Excessive Number of Indices* | CWE1089 | 2004 A9 | | | | || Method Containing Access of a Member Element from Another Class* | CWE1090 | | | | | || Use of Object without Invoking Destructor Method* | CWE1091 | | | | * | * || Use of Same Invokable Control Element in Multiple Architectural Layers* | CWE1092 | | | | | || Excessively Complex Data Representation* | CWE1093 | | | | | || Excessive Index Range Scan for a Data Resource* | CWE1094 | 2004 A9 | | | | || Loop Condition Value Update within the Loop* | CWE1095 | | | | | || Singleton Class Instance Creation without Proper Locking or Synchronization* | CWE1096 | | | | | || Persistent Storable Data Element without Associated Comparison Control Element* | CWE1097 | | | | | || Data Element containing Pointer Item without Proper Copy Control Element* | CWE1098 | | | | | || Inconsistent Naming Conventions for Identifiers* | CWE1099 | | | | | || Insufficient Isolation of System-Dependent Functions* | CWE1100 | | | | | || Reliance on Runtime Component in Generated Code* | CWE1101 | | | | | || Reliance on Machine-Dependent Data Representation* | CWE1102 | | | | | || Use of Platform-Dependent Third Party Components* | CWE1103 | | | | | || Use of Unmaintained Third Party Components | CWE1104 | 2021 A6, 2025 A3 | L2 | v4.0.1 6.3.3 | | || Insufficient Encapsulation of Machine-Dependent Functionality* | CWE1105 | | | | | || Insufficient Use of Symbolic Constants | CWE1106 | | | | | || Insufficient Isolation of Symbolic Constant Definitions* | CWE1107 | | | | | || Excessive Reliance on Global Variables* | CWE1108 | | | | | || Use of Same Variable for Multiple Purposes* | CWE1109 | | | | | || Incomplete Design Documentation* | CWE1110 | 2019 API9 | L2 | | | || Incomplete I/O Documentation* | CWE1111 | 2019 API9 | L2 | | | || Incomplete Documentation of Program Execution* | CWE1112 | 2019 API9 | L2 | | | || Inappropriate Comment Style* | CWE1113 | | | | | || Inappropriate Whitespace Style* | CWE1114 | | | | | || Source Code Element without Standard Prologue* | CWE1115 | | | | | || Inaccurate Source Code Comments* | CWE1116 | | | | | || Callable with Insufficient Behavioral Summary* | CWE1117 | | | | | || Insufficient Documentation of Error Handling Techniques* | CWE1118 | 2019 API9 | L2 | | | || Excessive Use of Unconditional Branching* | CWE1119 | | | | | || Excessive Code Complexity* | CWE1120 | | | | | || Excessive McCabe Cyclomatic Complexity* | CWE1121 | | | | | || Excessive Halstead Complexity* | CWE1122 | | | | | || Excessive Use of Self-Modifying Code* | CWE1123 | | | | | || Excessively Deep Nesting* | CWE1124 | | | | | || Excessive Attack Surface* | CWE1125 | 2025 A6 | | | | || Declaration of Variable with Unnecessarily Wide Scope* | CWE1126 | | | | | || Compilation with Insufficient Warnings or Errors* | CWE1127 | | | | | || Irrelevant Code* | CWE1164 | | | | | || Improper Use of Validation Framework* | CWE1173 | 2004 A1, 2014 M8, 2021 A3, 2021 A4, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || ASP.NET Misconfiguration: Improper Model Validation* | CWE1174 | 2021 A4, 2021 A5, 2025 A2 | | | | || Inefficient CPU Computation* | CWE1176 | 2004 A9 | | | | || Use of Prohibited Code* | CWE1177 | | | | | || DEPRECATED: Use of Uninitialized Resource* | CWE1187 | | | | | || Initialization of a Resource with an Insecure Default* | CWE1188 | | | | | * || Improper Isolation of Shared Resources on System-on-a-Chip (SoC)* | CWE1189 | 2021 A1, 2021 A4, 2025 A1, 2025 A6 | | | | || DMA Device Enabled Too Early in Boot Phase* | CWE1190 | | | | | || On-Chip Debug and Test Interface With Improper Access Control* | CWE1191 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Improper Identifier for IP Block used in System-On-Chip (SOC)* | CWE1192 | 2021 A4, 2025 A6 | | | | || Power-On of Untrusted Execution Core Before Enabling Fabric Access Control* | CWE1193 | | | | | || Generation of Weak Initialization Vector (IV)* | CWE1204 | 2004 A2, 2021 A2, 2025 A4 | L1 | | | * || Failure to Disable Reserved Bits* | CWE1209 | | | | | || Insufficient Granularity of Access Control* | CWE1220 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Incorrect Register Defaults or Module Parameters* | CWE1221 | | | | | || Insufficient Granularity of Address Regions Protected by Register Locks* | CWE1222 | | | | | || Race Condition for Write-Once Attributes* | CWE1223 | 2025 A6 | L2 | | * | * || Improper Restriction of Write-Once Bit Fields* | CWE1224 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Creation of Emergent Resource* | CWE1229 | | | | | || Exposure of Sensitive Information Through Metadata* | CWE1230 | 2004 A2, 2007 A10, 2010 A8, 2013 A7, 2017 A5, 2019 API1, 2019 API5, 2021 A1, 2025 A1 | L1 | | | * || Improper Prevention of Lock Bit Modification* | CWE1231 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Improper Lock Behavior After Power State Transition* | CWE1232 | | | | | || Security-Sensitive Hardware Controls with Missing Lock Bit Protection* | CWE1233 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Hardware Internal or Debug Modes Allow Override of Locks* | CWE1234 | | | | | || Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations* | CWE1235 | 2004 A9 | L1 | | * | || Improper Neutralization of Formula Elements in a CSV File* | CWE1236 | 2004 A6, 2013 A1, 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | | || Improper Zeroization of Hardware Register* | CWE1239 | 2004 A8 | L2 | | | || Use of a Cryptographic Primitive with a Risky Implementation* | CWE1240 | 2004 A8, 2010 A7, 2013 A6, 2014 M6, 2016 M5, 2017 A3, 2021 A2, 2024 M10, 2025 A4 | L2 | v4.0.1 6.2.4 | | * || Use of Predictable Algorithm in Random Number Generator* | CWE1241 | 2004 A2, 2021 A2, 2025 A4 | L1 | | | * || Inclusion of Undocumented Features or Chicken Bits* | CWE1242 | | | | | || Sensitive Non-Volatile Information Not Protected During Debug* | CWE1243 | | | | | || Internal Asset Exposed to Unsafe Debug Access Level or State* | CWE1244 | 2010 A4, 2010 A8, 2021 A1, 2025 A1 | | | * | * || Improper Finite State Machines (FSMs) in Hardware Logic* | CWE1245 | | | | | || Improper Write Handling in Limited-write Non-Volatile Memories* | CWE1246 | 2004 A9 | L1 | | * | || Improper Protection Against Voltage and Clock Glitches* | CWE1247 | | | | | || Semiconductor Defects in Hardware Logic with Security-Sensitive Implications* | CWE1248 | 2025 A6 | | | | || Application-Level Admin Tool with Inconsistent View of Underlying Operating System* | CWE1249 | | | | | || Improper Preservation of Consistency Between Independent Representations of Shared State* | CWE1250 | | | | | || Mirrored Regions with Different Values* | CWE1251 | | | | | || CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations* | CWE1252 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Incorrect Selection of Fuse Values* | CWE1253 | 2025 A6 | | | | || Incorrect Comparison Logic Granularity* | CWE1254 | | | | | || Comparison Logic is Vulnerable to Power Side-Channel Attacks* | CWE1255 | | | | | || Improper Restriction of Software Interfaces to Hardware Features* | CWE1256 | 2004 A2, 2007 A10, 2010 A8, 2013 A7, 2017 A5, 2019 API1, 2019 API5, 2021 A1, 2025 A1 | L1 | | | * || Improper Access Control Applied to Mirrored or Aliased Memory Regions* | CWE1257 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Exposure of Sensitive System Information Due to Uncleared Debug Information* | CWE1258 | | L1 | | | * || Improper Restriction of Security Token Assignment* | CWE1259 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Improper Handling of Overlap Between Protected Memory Ranges* | CWE1260 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Improper Handling of Single Event Upsets* | CWE1261 | | | | | || Improper Access Control for Register Interface* | CWE1262 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Improper Physical Access Control* | CWE1263 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Hardware Logic with Insecure De-Synchronization between Control and Data Channels* | CWE1264 | | | | | || Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls* | CWE1265 | | | | | || Improper Scrubbing of Sensitive Data from Decommissioned Device* | CWE1266 | 2004 A9 | | | | * || Policy Uses Obsolete Encoding* | CWE1267 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Policy Privileges are not Assigned Consistently Between Control and Data Agents* | CWE1268 | 2004 A2, 2021 A4, 2025 A6 | | | | || Product Released in Non-Release Configuration* | CWE1269 | 2025 A6 | | | | || Generation of Incorrect Security Tokens* | CWE1270 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Uninitialized Value on Reset for Registers Holding Security Settings* | CWE1271 | | | | | || Sensitive Information Uncleared Before Debug/Power State Transition* | CWE1272 | 2004 A8 | L2 | | | || Device Unlock Credential Sharing* | CWE1273 | 2007 A6, 2021 A1, 2024 M6, 2025 A1 | L1 | | * | || Improper Access Control for Volatile Memory Containing Boot Code* | CWE1274 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Sensitive Cookie with Improper SameSite Attribute* | CWE1275 | 2021 A1, 2025 A1 | L2 | | | || Hardware Child Block Incorrectly Connected to Parent System* | CWE1276 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Firmware Not Updateable* | CWE1277 | 2025 A3 | | | | || Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques* | CWE1278 | 2025 A6 | | | | || Cryptographic Operations are run Before Supporting Units are Ready* | CWE1279 | | | | | * || Access Control Check Implemented After Asset is Accessed* | CWE1280 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Sequence of Processor Instructions Leads to Unexpected Behavior* | CWE1281 | | | | | || Assumed-Immutable Data is Stored in Writable Memory* | CWE1282 | 2021 A1, 2025 A1 | | | | || Mutable Attestation or Measurement Reporting Data* | CWE1283 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Improper Validation of Specified Quantity in Input* | CWE1284 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Validation of Specified Index, Position, or Offset in Input* | CWE1285 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Validation of Syntactic Correctness of Input* | CWE1286 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Validation of Specified Type of Input* | CWE1287 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Validation of Consistency within Input* | CWE1288 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Validation of Unsafe Equivalence in Input* | CWE1289 | 2004 A1, 2014 M8, 2021 A3, 2024 M4, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Incorrect Decoding of Security Identifiers * | CWE1290 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Public Key Re-Use for Signing both Debug and Production Code* | CWE1291 | 2025 A6 | | | | || Incorrect Conversion of Security Identifiers* | CWE1292 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Missing Source Correlation of Multiple Independent Data* | CWE1293 | 2004 A3, 2021 A8, 2025 A8 | L2 | | | || Insecure Security Identifier Mechanism* | CWE1294 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Debug Messages Revealing Unnecessary Information* | CWE1295 | 2007 A6, 2021 A1, 2024 M6, 2025 A1 | L1 | | * | || Incorrect Chaining or Granularity of Debug Components* | CWE1296 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Unprotected Confidential Information on Device is Accessible by OSAT Vendors* | CWE1297 | 2004 A2, 2007 A10, 2010 A8, 2013 A7, 2017 A5, 2019 API1, 2019 API5, 2021 A1, 2025 A1 | L1 | | | * || Hardware Logic Contains Race Conditions* | CWE1298 | 2025 A6 | L2 | | * | * || Missing Protection Mechanism for Alternate Hardware Interface* | CWE1299 | 2007 A10, 2021 A7, 2025 A7 | | | | || Improper Protection of Physical Side Channels* | CWE1300 | 2004 A7, 2007 A6 | | | | || Insufficient or Incomplete Data Removal within Hardware Component* | CWE1301 | 2004 A8 | L2 | | | || Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)* | CWE1302 | | | | | || Non-Transparent Sharing of Microarchitectural Resources* | CWE1303 | 2004 A7, 2007 A6 | | | | || Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation* | CWE1304 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Missing Ability to Patch ROM Code* | CWE1310 | 2025 A3 | | | | || Improper Translation of Security Attributes by Fabric Bridge* | CWE1311 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Missing Protection for Mirrored Regions in On-Chip Fabric Firewall* | CWE1312 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Hardware Allows Activation of Test or Debug Logic at Runtime* | CWE1313 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Missing Write Protection for Parametric Data Values* | CWE1314 | 2010 A4, 2010 A8, 2021 A1, 2025 A1 | | | * | * || Improper Setting of Bus Controlling Capability in Fabric End-point* | CWE1315 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges* | CWE1316 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Improper Access Control in Fabric Bridge* | CWE1317 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Missing Support for Security Features in On-chip Fabrics or Buses* | CWE1318 | 2025 A6 | | | | || Improper Protection against Electromagnetic Fault Injection (EM-FI)* | CWE1319 | 2025 A6 | | | | || Improper Protection for Outbound Error Messages and Alert Signals* | CWE1320 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')* | CWE1321 | 2019 API6, 2021 A1, 2021 A8, 2025 A8 | L1 | | | || Use of Blocking Code in Single-threaded, Non-blocking Context* | CWE1322 | | | | | || Improper Management of Sensitive Trace Data* | CWE1323 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface* | CWE1324 | | | | | || Improperly Controlled Sequential Memory Allocation* | CWE1325 | 2019 API4 | L1 | | * | * || Missing Immutable Root of Trust in Hardware* | CWE1326 | 2025 A6 | | | | || Binding to an Unrestricted IP Address* | CWE1327 | 2021 A1, 2025 A1 | | | | || Security Version Number Mutable to Older Versions* | CWE1328 | 2004 A2, 2007 A10, 2010 A8, 2013 A7, 2017 A5, 2019 API1, 2019 API5, 2021 A1, 2025 A1 | L1 | | | * || Reliance on Component That is Not Updateable* | CWE1329 | 2025 A3 | | | | || Remanent Data Readable after Memory Erase* | CWE1330 | | | | | || Improper Isolation of Shared Resources in Network On Chip (NoC)* | CWE1331 | 2021 A1, 2021 A4, 2025 A1, 2025 A6 | | | | || Improper Handling of Faults that Lead to Instruction Skips* | CWE1332 | | | | | || Inefficient Regular Expression Complexity* | CWE1333 | | | | | || Unauthorized Error Injection Can Degrade Hardware Redundancy* | CWE1334 | 2004 A2, 2014 M5, 2016 M4, 2017 A5, 2019 API1, 2021 A1, 2024 M3, 2025 A1 | L2 | v4.0.1 6.2.4 | * | || Incorrect Bitwise Shift of Integer* | CWE1335 | | | | | * || Improper Neutralization of Special Elements Used in a Template Engine* | CWE1336 | 2021 A3, 2025 A5 | L1 | v4.0.1 6.2.4 | * | * || Improper Protections Against Hardware Overheating* | CWE1338 | 2025 A6 | | | | || Insufficient Precision or Accuracy of a Real Number | CWE1339 | | | | | * || Multiple Releases of Same Resource or Handle* | CWE1341 | | | | | || Information Exposure through Microarchitectural State after Transient Execution* | CWE1342 | 2004 A8 | L2 | | | || Improper Handling of Hardware Behavior in Exceptionally Cold Environments* | CWE1351 | | | | | || Reliance on Insufficiently Trustworthy Component* | CWE1357 | | | | | || Improper Handling of Physical or Environmental Conditions* | CWE1384 | 2025 A10 | | | | || Missing Origin Validation in WebSockets* | CWE1385 | 2021 A7, 2025 A7 | L1 | | | || Insecure Operation on Windows Junction / Mount Point* | CWE1386 | 2021 A1, 2025 A1 | | | | * || Incorrect Parsing of Numbers with Different Radices* | CWE1389 | | | | | || Weak Authentication* | CWE1390 | 2004 A3, 2007 A7, 2010 A3, 2013 A2, 2017 A2, 2021 A7, 2025 A7 | L1 | v4.0.1 6.2.4 | * | || Use of Weak Credentials* | CWE1391 | 2025 A7 | | | | || Use of Default Credentials* | CWE1392 | 2025 A7 | | | | || Use of Default Password* | CWE1393 | 2025 A7 | | | | || Use of Default Cryptographic Key* | CWE1394 | 2025 A7 | | | | || Dependency on Vulnerable Third-Party Component* | CWE1395 | 2021 A4, 2025 A3, 2025 A6 | | | | || Incorrect Initialization of Resource* | CWE1419 | | | | | * || Exposure of Sensitive Information during Transient Execution* | CWE1420 | | | | | || Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution* | CWE1421 | | | | | || Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution* | CWE1422 | | | | | || Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution* | CWE1423 | | | | | || Improper Validation of Generative AI Output* | CWE1426 | | | | | || Improper Neutralization of Input Used for LLM Prompting* | CWE1427 | 2004 A1, 2004 A6, 2007 A2, 2013 A1, 2017 A1, 2019 API8, 2021 A3, 2025 A5 | | v4.0.1 6.2.4 | * | || Reliance on HTTP instead of HTTPS* | CWE1428 | 2010 A9, 2013 A6, 2014 M3, 2016 M3, 2017 A3, 2021 A2, 2024 M5, 2025 A4 | L1 | | | * || Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface* | CWE1429 | 2017 A10, 2019 API10, 2021 A9, 2025 A9 | | | | || Driving Intermediate Cryptographic State/Results to Hardware Module Outputs* | CWE1431 | 2007 A6, 2021 A1, 2024 M6, 2025 A1 | L1 | | * | || Insecure Setting of Generative AI/ML Model Inference Parameters* | CWE1434 | | | | | * |* The weakness or vulnerability is not included in the built-in rule package, but is a subset of another weakness in the built-in rule package, or supported through a custom rule package.## References1. Names of vulnerability categories are according to the Common Weakness Enumeration List Version 4.19.1.1. OWASP Top 10 lists are according to the OWASP Top Ten project.1. OWASP ASVS list is according to OWASP Application Security Verification Standard 4.0.3.1. CWE Top 25 list is according to CWE Top 25 Most Dangerous Software Errors.1. CWE/SANS Top 25 list is according to SANS Top 25 Most Dangerous Software Errors Version 3.0.1. PCI DSS list is according to Payment Card Industry (PCI) Data Security Standard, v4.0.1.", "keywords": "avm, compliance, list, cwe" } , "/en/avm/reference/web-ui": { "id": "215751", "url": "/en/avm/reference/web-ui", "title": "Lucent Sky AVM Web UI reference", "description": "", "date": "2026/03/26", "content" : "This article provides reference materials about the features and functions of Lucent Sky AVM Web UI.Lucent Sky AVM Web UI has the following sets of features: `Application`, `Authentication`, `Dependency`, `Efficiency`,`File`, `Group`, `Key`, `Result`, `Rule Package`, `Runtime`, `Scan`, `Settings`, `User` and `Vulnerability`. Each set of features has several actions, which in turn includes **fields** that provide information, **options** that take inputs, and **commands** that perform or cancel the action.In addition, the Web UI has three navigation menus: the **Hubs** menu on the upper right, the **Action Bar** on the left, and the **Breadcrumb** at the header.## In this article- **[Menus](#menus)** - **[Hubs](#hubs)** - **[Action Bar](#action-bar)** - **[Breadcrumb](#breadcrumb)**- **[Features](#features)** - **[Application](#application)** - **[Authentication](#authentication)** - **[Autopilot](#autopilot)** - **[Dependency](#dependency)** - **[Efficiency](#efficiency)** - **[File](#file)** - **[Group](#group)** - **[Key](#key)** - **[Result](#result)** - **[Rule Package](#rule-package)** - **[Runtime](#runtime)** - **[Scan](#scan)** - **[Settings](#settings)** - **[User](#user)** - **[Vulnerability](#vulnerability)**## Menus {#menus}### HubsThe **Hubs** menu is located on the upper right of the Web UI. It provides access to primary features, also known as Hubs, including the **Applications** Hub, the **Dependencies** Hub, the **Efficiency** Hub, and the **Settings** Hub.### Action BarThe **Action Bar** menu is located on the left of the Web UI. It provides access to actions of the current feature. For example, when viewing the details of a scan, it can be used to access **Report** and **Remediate** actions. It can also be used to switch context. For example, when viewing a list of scans of an application, it can be used to switch to viewing a list of dependencies of the application.### BreadcrumbThe **Breadcrumb** menu is located at the header, above the primary content. It provides access along the current navigational hierarchy. For example, when viewing the details of a result, it can be used to access a list of results of the scan, or the details of the scan itself.## Features {#features}### ApplicationThe `Application` feature includes the following actions: `BatchDelete`, `BatchEdit`, `Create`, `Delete`, `Duplicate`, `Edit`, `Index`, and `Trend`.#### BatchDelete {#project-batchdelete}To delete applications in batch, navigate to **Applications** > **Edit Applications**. Select the applications using the selection options, then select **Delete selected applications**.Options:- **Warning** - Confirm that the applications and their scans will be deleted. Valid value is `yes`.Commands:- **Delete** - Delete the selected applications.- **Cancel** - Cancel and close the dialog.This action require the Owner role of the applications, or Full Control permission to the Application API interface.#### BatchEdit {#project-batchedit}To edit applications in batch, navigate to **Applications** > **Edit Applications**. Select the applications using the selection options, then check the edit options of the properties to be modified.Selection options: - **Framework** - The framework of the applications to edit.- **Applications** - The applications to edit.Edit options:- **Member Users** - (optional) The users with access of this application. These users can view the application settings, create scans under the application, and view scans under the application created by other users.- **Member Groups** - (optional) The groups with access of this application. Users in these groups can view the application settings, create scans under the application, and view scans under the application created by other users.- **Scan Arguments** - (optional) The default scan arguments of scans of the application.- **Runtime** - (optional) The default runtime of scans of the applications.- **Rule Package** - (optional) The default rule package of scans of the applications.- **Weakness Policies** - (optional) The default weakness policies of scans of the applications.- **Vectors** - (optional) The default vectors of scans of the applications.Commands:- **Save** - Save changes made to the applications.- **Delete Selected Applications** - Navigate to the application batch deletion dialog for the selected application.This action require the Owner role of the applications, or Full Control permission to the Application API interface.#### Create {#project-create}To create a new application, navigate to **Applications** > **New Application**.Options:- **Application Name** - The name of the application.- **Application Tags** - (optional) Tags of the application. Each tag should be separated by a semicolon.- **Framework** - The framework, or technology stack, of the application.More options:- **Analysis Target** - (optional) The default analysis entry point of scans of the application. Typically a project file or a binary file.- **Repository** - (optional) The default source code repository connection string of scans of the application.- **Scan Arguments** - (optional) The default scan arguments of scans of the application.- **Runtime** - (optional) The default runtime of scans of the applications.- **Rule Package** - (optional) The default rule package of scans of the applications.- **Weakness Policies** - (optional) The default weakness policies of scans of the applications.- **Vectors** - (optional) The default vectors of scans of the applications.Commands:- **Create** - Create the new application.- **Autopilot** - Navigate to the start autopilot dialog.- **Cancel** - Cancel and close the dialog.This action requires membership of the built-in Users group.To learn about choosing the framework for an application, view the following article in the Lucent Sky Knowledge Base: [Prepare an application for scanning]({{ site.baseurl }}/en/avm/how-to/prepare-application-for-scan)To learn about using a custom rule package, view the following article in the Lucent Sky Knowledge Base: [Scan an application using a custom rule package]({{ site.baseurl }}/en/avm/how-to/scan-with-custom-rule-package)To learn about using a specific runtime, view the following article in the Lucent Sky Knowledge Base: [Scan an application with a specific runtime]({{ site.baseurl }}/en/avm/how-to/scan-with-specific-runtime)#### Delete {#project-delete}To delete an application, navigate to **Applications**, point to the application, and select the **Delete** icon.Options:- **Application Name** - (read-only) The name of the application.- **Application Tags** - (read-only) Tags of the application.Commands:- **Delete** - Delete the application.- **Cancel** - Cancel and close the dialog.This action requires the Owner role of the application, or Write permission to the Application API interface.#### Duplicate {#project-duplicate}To duplicate an application, navigate to **Applications**, point to the application, and select the **Duplicate** icon. A new application will be created with same settings of the source application, and **- Copy** will be appended to its name. Scans of the source application will not be duplicated.Commands:- **Duplicate** - Duplicate the application.- **Cancel** - Cancel and close the dialog.This action requires the Member or Owner role of the application, or Read permission to the Application API interface.#### Edit {#project-edit}To view or edit an application's settings, navigate to **Applications**, point to the application, and select the **Settings** icon.Options:- **Application Name** - The name of the application.- **Application Tags** - (optional) Tags of the application. Each tag should be separated by a semicolon.- **Framework** - (read-only) The framework the application is developed for.- **Member Users** - The users with access of this application. These users can view the application settings, create scans under the application, and view scans under the application created by other users.- **Member Groups** - The groups with access of this application. Users in these groups can view the application settings, create scans under the application, and view scans under the application created by other users.More options:- **Analysis Target** - (optional) The default analysis entry point of scans of the application. Typically a project file or a binary file.- **Scan Arguments** - (optional) The default scan arguments of scans of the application.- **Runtime** - (optional) The default runtime of scans of the applications.- **Rule Package** - (optional) The default rule package of scans of the applications.- **Weakness Policies** - (optional) The default weakness policies of scans of the applications.- **Vectors** - (optional) The default vectors of scans of the applications.- **APM Provider** - (optional) The APM provider to link this application to.- **APM Resource Path** - (optional) The APM resource path to link this application to.Commands:- **Save** - Save changes made to the application.- **Cancel** - Cancel and close the dialog.- **Delete** - Navigate to the application deletion dialog.This action requires the Member or Owner role of the application, or Read permission to the Application API interface. Editing the application requires the Owner role of the application, or Write permission to the Application API interface.#### Index {#project-index}To view all application, navigate to **Applications**. Each application is presented as an application box. Use the pagination at the bottom to navigate between pages, and use the search and filter textbox next to the breadcrumb menu to filter applications that match a keyword or other filter options.Filter options:- **Keyword** - Only applications containing all the keywords in their names or tags are shown.- **Owner** - When set to `My`, only applications owned by you are shown; when set to `All`, all applications you have access to are shown.- **Framework** - Only applications in the selected framework are shown.- **Scan Status** - Only applications with a scan in the selected scan status are shown.- **Secure Score** - Only applications of which the most recent scan is within the selected secure score range is shown.- **Sort by** - Whether to sort applications by the date of their most recent scans or by their names.Top row fields of the application box:- **Status** - A circular icon indicating the status of the most recent scan of the application. The color of the icon represents the secure score range of the most recent scan.- **Name** - The name of the application.- **Tags** - The tags of the application, if any.Bottom row fields of the application box (the bottom row shows **No Data** when low data mode is enabled):- **Unactionable results** - The number of results in the most recent scan that are unactionable, meaning those without Instant Fixes, Guided Fixes, nor Guided Updates.- **Actionable results** - The number of results in the most recent scan that are actionable, meaning those with either Instant Fixes, Guided Fixes, or Guided Updates.- **Total results** - The number of all results in the most recent scan.Right-side commands and fields of the application box:- **Create** - Navigate to the application delete dialog.- **📅 (History)** - Navigate to the scan list of the application.- **Dependencies** - Navigate to the dependency list of the application.- **Trend** - Navigate to the trend of the application.- **Settings** - Navigate to the application settings dialog.- **Duplicate** - Navigate to the application duplicate dialog.- **Delete** - Navigate to the application delete dialog.- **Timestamp** - The time the most recent scan of the application was created.This action does not require specific permission. An application can be listed only if the the user has the Member or Owner role, or the Execute and Read permissions to the Application API interface.#### Trend {#project-trend}To view the secure score trend of an application, navigate to **Applications**, point to the application, and select the **Trend** icon. Alternatively, in the scan list page of the application, select **Trend** on the Action Bar.This action requires the Member role to the application, or the Execute and Read permissions to the Application API interface.### AuthenticationThe `Authentication` feature includes the following actions: `ChangePassword`, `LogIn`, and `LogOut`.#### ChangePassword {#authentication-changepassword}To change your password, navigate to **Settings** > **Account**, and select **Change Password**. This action is not available to organizational accounts.Options:- **Current Password** - your current password.- **New Password** - the new password.- **Confirm Password** - the new password for confirmation.Commands:- **Change** - change your password.- **Cancel** - Cancel and close the dialog.#### LogIn {#authentication-login}To log in to the Web UI, navigate to the homepage of the Web UI. Options:- **Email** - The email of your account.- **Password** - Your password.- **Organizational account** - (optional) Whether your account is an organizational account.Commands:- **Sign In** - Sign in to the Web UI with your account.#### LogOut {#authentication-logout}To log out from the Web UI, select **Sign Out** from the Views menu.### AutopilotThe `Autopilot` feature includes the following action: `Start`.#### Start {#autopilot-start}To start a new autopilot scan for an application, navigate to **Applications** > **New Application**, then select **Autopilot**. To start subsequent autopilot scans for an application, navigate to **Applications**, point to the application, and select the **Create** icon. Alternatively, navigate to the scan list page or scan details page of the application, and select **New Scan** on the Action Bar.Options:- **Application Name** - The name of the application. This option is only available when starting a new autopilot scan.- **Application Tags** - (optional) Tags of the application. Each tag should be separated by a semicolon. This option is only available when starting a new autopilot scan.- **Source Code** - The archive file or directory containing the source code.More options:- **Scan Arguments** - (optional) The default scan arguments of scans of the application. Arguments not applicable to the identified framework(s) are ignored. This option is only available when starting a new autopilot scan.- **Rule Package** - (optional) The default rule package of scans of the applications. This option is only available when starting a new autopilot scan.- **Weakness Policies** - (optional) The default weakness policies of scans of the applications. This option is only available when starting a new autopilot scan.- **Vectors** - (optional) The default vectors of scans of the applications. This option is only available when starting a new autopilot scan.Commands:- **Start** - Start an autopilot scan of the application.- **New Application** - Navigate to the new application dialog.- **Cancel** - Cancel and close the dialog.This action requires membership of the built-in Users group.To learn about using a custom rule package, view the following article in the Lucent Sky Knowledge Base: [Scan an application using a custom rule package]({{ site.baseurl }}/en/avm/how-to/scan-with-custom-rule-package)### DependencyThe `Dependency` feature includes the following actions: `Details` and `Index`.#### Details {#dependency-details}To view the details of a dependency, as well as applications and files that have the dependency, navigate to **Dependencies**, select the vendor and product of the dependency, then select the version of the dependency. To scope the dependency to a particular application, select the application from the Applications field. To remove the scope, select the dependency version from the Breadcrumb menu.Fields:- **Vendor** - The vendor of the dependency.- **Product** - The product of the dependency.- **Version** - The version of the dependency.- **CPE** - The version 2.3 CPE names of the dependency.- **Applications** - The list of applications of which the most recent scan contains the dependency. This field only appears when the dependency details page is unscoped.- **Files** - The list of files from the most recent scan of the scoped application that contain the dependency. This field only appears when the dependency details page is scoped to an application.When unscoped, this action does not require specific permission. An application can be listed only if the the user has the Member or Owner role, the Execute and Read permissions to the Application API interface, or Full Control of the Dependency API interface. When scoped to an application, this action requires the Member or Owner role of the scoped application, the Execute and Read permissions to the Application API interface, or Full Control of the Dependency API interface.#### Index {#dependency-index}To view all dependencies, navigate to **Dependencies**. To view all versions of a dependency, select the vendor and product of the dependency. To search for a dependency using its CPE name, use the search textbox next to the Breadcrumb menu. To scope the dependency list to a particular application, navigate to **Applications**, point to the application, then select the **Dependencies** icon. To scope the dependency to a particular scan, navigate to the scan details page, then select **Dependencies** from the Dependencies field.Top row fields of the dependency box:- **Vendor and Product** - The vendor and product of the dependency.Bottom row fields of the dependency box:- **Version** - The version of the dependency.When unscoped, this action does not require specific permission. When scoped to an application or a scan, this action requires the Member or Owner role of the scoped application, the Execute and Read permissions to the Application API interface, or Full Control of the Dependency API interface. ### EfficiencyThe `Efficiency` feature includes the following action: `Index`.#### Index {#roi-index}To view the efficiency overview and other statistics, navigate to **Efficiency**.Options:- **Statistic** - The statistic to show.- **Applications** - The applications to show.- **Savings Calculation** - The formula used to calculate the cost and effort savings of automatic remediation.This action does not require specific permission. An application can be listed only if the the user has the Member or Owner role, or the Execute and Read permissions to the Application API interface. ### FileThe `File` feature includes the following action: `Details`.#### Details {#file-details}To view the content of a file, navigate to a result contaning a statement from the file, then select the Open icon next to the file path of the statement.This action requires the Member or Owner role of the application, or Read permission to the Result API interfaces.### GroupThe `Group` feature includes the following actions: `Create`, `Delete`, `Edit`, and `Index`.#### Create {#group-create}To create a new group, navigate to **Settings** > **Groups**, and select **Create a new group**.Options:- **Name** - The name of the group.Commands:- **Create** - Create the new group.- **Cancel** - Cancel and close the dialog.This action requires Full Control of the Group API interface.#### Delete {#group-delete}To delete a group, navigate to **Settings** > **Groups**, point to the group, and select the **Delete** icon. Built-in groups cannot be deleted.Options:- **Name** - (read-only) The name of the group.- **Warning** - Confirm that the group will be deleted. Valid value is `yes`.Commands:- **Delete** - Delete the group.- **Cancel** - Cancel and close the dialog.This action requires Full Control of the Group API interface.#### Edit {#group-edit}To edit a group, navigate to **Settings** > **Groups**, point to the group, and select the **Edit** icon.Options:- **Group ID** - (read-only) The ID of the group.- **Name** - The name of the group.- **Members** - Users belonging to this group.- **API Permissions** - The API permissions the users of the group have. This option is not available to built-in groups.Commands:- **Save** - Save changes made to the group.- **Cancel** - Cancel and close the dialog.- **Delete Group** - Navigate to the group deletion dialog.This action requires Full Control of the Group API interface.#### Index {#group-index}To view all groups, go to **Settings** > **Groups**.Fields of the group box:- **Name** - The name of the group.This action requires Full Control of the Group API interface.### KeyThe `Key` feature includes the following actions: `Create`, `Delete`, and `Index`.#### Create {#key-create}To create a new key, go to **Settings** > **Account**, and select **Create a new key**.Options:- **Description** - The description of the key.- **Expires** - Whether the key expires.- **Validity in Days** - The number of days the key is valid for.Commands:- **Create** - Create the new key.- **Cancel** - Cancel and close the dialog.This action does not require specific permission.#### Delete {#key-delete}To delete a key, go to **Settings** > **Account** > **Manage keys**, point to the key, and select the **Delete** icon.Commands:- **Delete** - Delete the key.- **Cancel** - Cancel and close the dialog.This action does not require specific permission.#### Index {#key-index}To view all key, go to **Settings** > **Account** > **Manage keys**.Top row fields of the key box:- **Name** - The name of the key.Bottom row fields of the key box:- **Validity** - The validity period of the key.This action does not require specific permission.### ResultThe Result has the following actions: `Details`, `Hide`, `Index`, and `Suppress`.#### Details {#result-details}To view the details of a result, navigate to the all results page of a scan, then select the result.Fields:- **Rule** - The rule of which the result belongs to.- **Categories** - The weakness categories, if any, the result belongs to. Select the cheveron icon to see the full list of categories.- **Vector** - The vector of the result.- **Priority** - The priority of the result, of which 1 being the highest and 4 being the lowest, and if the result has been hidden.- **CVSS Score** - The CVSS base score of the result.- **Occurrence** - Whether the result is new or recurring, and if recurring, the scan information of its first occurrence.- **Statements** - The files, line numbers, and statements of the result. Select the **Expand** icon next to a statement to view the file containing the statement.- **Instant Fix** - The Instant Fix of the result, if available.- **Guided Fix** - The guided fix of the result, if available.- **Guided Update** - The guided update of the result, if available.- **Suggestion** - The remediation suggestion of the result, available when neither Instant Fix, guided fix, nor guided update is not available.- **Confidence** - The confidence of the remediation, of which 13 and 12 being a high confidence Instant Fix is available, 11 being a low confidence Instant Fix is available, 1 being a contextual remediation suggestion is available, and 0 being a basic remediation suggestion is available.- **Explanation** The explanations of the cause and the remediation mechanism of the result, if available.- **CPE Name** - If the result is of a vulnerable dependency, the CPE name of the dependency.This action requires the Member or Owner role of the application, or Read permission to the Result API interfaces.#### Hide {#result-hide}Hiding a result prevents it from appearing in the report of the current scan. To hide a result, navigate to details page of the result, and select **Hide** on the Action Bar. To unhide it, select **Unhide**.This action requires the Owner role of the application or the scan, or Write permission to the Result API interfaces.#### Index {#result-index}To view all results of a scan, navigate to the details page of the scan, and select **All** to the left on the charts. To view all results of a priority level or a rule, select the priority level or the rule on the charts.When viewing results, use the pagination at the bottom to navigate between pages, and the filter dialog next to the Breadcrumb menu to filter the results being displayed.Filter options:- **Rule** - Only results of the selected rules are shown.- **Vector** - Only results of the selected vectors are shown.- **Confidence** - Only results of the selected original confidence are shown.- **Priority** - Only results of the selected priorities are shown.- **Occurrence** - Only results of the selected occurrence are shown.- **Categories** - Automatically select the rules covered by the selected category.- **Remediation** - Automatically select the confidence covered by the selected remediation type.Fields:- **Rule** - The rule of which the result belongs to.- **Vector** - The vector of the result.- **Priority** - The priority of the result, of which 1 being the highest and 4 being the lowest, and if the result has been hidden.- **CVSS Score** - The CVSS base score of the result.- **Confidence** - The confidence of the remediation, of which 13 and 12 being a high confidence Instant Fix is available, 11 being a low confidence Instant Fix is available, 1 being a contextual remediation suggestion is available, and 0 being a basic remediation suggestion is available.- **Location** - The primary file of the result.- **Statement** - The primary line number(s) and statement(s) of the result.This action requires the Member or Owner role of the application, or Execute and Read permissions to the Result API interfaces.#### Suppress {#result-suppress}Suppressing a result presents it from appearing in future scans. To generate the suppression signature for a result, navigate to details page of the result, and select **Suppress** on the Action Bar. Each result has a fine suppression, which targets the result and other very similar ones with high precision. Some results also have a broad suppression, which also targets additional results that share general traits with the result. Fields:- **Scope** - The scope of the suppression signature. This field is invisible if the result only has the **fine** suppression available.- **Signature** - The suppression signature that will suppress results similar to the current one in future scans.- **Instructions** - A brief instruction on how to use the suppression signature.Commands:- **Learn More** - Learn more about how to use result suppression.- **Close** - Close the dialog.This action requires the Member or Owner role of the application, or Read permission to the Result API interface.### Rule PackageThe `Rule Package` feature includes the following actions: `Create`, `Delete`, `Edit`, and `Index`.#### Create {#rulepack-create}To create a new rule package, navigate to **Settings** > **Rule Packages**, and select **Create and upload a new rule package**.Options:- **Name** - The name of the rule package.- **Rule Package Archive** - The archive file containing the files of the rule package.Commands:- **Create** - Create the new rule package.- **Cancel** - Cancel and close the dialog.This action requires Full Access permission to the RulePack API interfaces.To learn about creating a custom rule package, view the following article in the Lucent Sky Knowledge Base: [Scan an application using a custom rule package]({{ site.baseurl }}/en/avm/how-to/scan-with-custom-rule-package)#### Delete {#rulepack-delete}To delete a rule package, go to **Settings** > **Rule Packages**, point to the rule package, and select the **Delete** icon.Options:- **Name** - (read-only) The ID of the rule package.- **Warning** - Confirm that the rule package and its data files will be deleted. Valid value is `yes`.Commands:- **Delete** - Delete the rule package.- **Cancel** - Cancel and close the dialog.This action requires Full Access permission to the RulePack API interfaces.#### Edit {#rulepack-edit}To delete a rule package, go to **Settings** > **Rule Packages**, point to the rule package, and select the **Edit** icon.Options:- **Edit Type** - Whether to upload a new rule package archive.- **Identifier** - (read-only) The ID of the rule package.- **Name** - The name of the rule package.- **Last Updated** - (read-only) The time the rule package was last updated.- **Rule Package Archive** - (optional) The archive file containing the files of the rule package.Commands:- **Save** - Save changes made to the rule package.- **Cancel** - Cancel and close the dialog.- **Delete Rule Package** - Navigate to the rule package deletion dialog.This action requires Full Access permission to the RulePack API interfaces.#### Index {#rulepack-index}To view all rule packages, go to **Settings** > **Rule Packages**.Top row fields of the rule package box:- **Name** - The name of the rule package.Bottom row fields of the rule package box:- **Identifier** - The identifier of the rule package.This action requires Full Access permission to the RulePack API interfaces.### RuntimeThe `Runtime` feature includes the following actions: `Create`, `Delete`, `Edit`, and `Index`.#### Create {#runtime-create}To create a new runtime, go to **Settings** > **Runtimes**, and select **Create and upload a new runtime**.Options:- **Name** - The name of the runtime.- **Framework** - The framework the runtime is targeting.- **Replace Built-in** - (optional) Whether the runtime contains an application server for use in the build process. Only available when the framework is set to Java.- **Version** - The framework version the runtime is targeting.- **Build Tools** - (optional) The build tool to use when using the runtime. Valid values are `latest` and `managed` for runtimes targeting .NET, and `ant`, `gradle`, `maven`, and `sbt` for runtimes targeting JDK.- **Encoding** - (optional) The encoding to use when using the runtime. Valid values are the IANA name of an encoding, such as `big5`, `shift_jis`, `windows-1252`, or `utf-8`.- **Runtime Archive** - The archive file containing the files of the runtime.Commands:- **Create** - Create the new runtime.- **Cancel** - Cancel and close the dialog.This action requires Full Access permission to the Runtime API interfaces.To learn about creating a custom runtime, view the following article in the Lucent Sky Knowledge Base: [Scan an application with a specific runtime]({{ site.baseurl }}/en/avm/how-to/scan-with-specific-runtime)#### Delete {#runtime-delete}To delete a runtime, go to **Settings** > **Runtimes**, point to the runtime, and select the **Delete** icon.Options:- **Name** - (read-only) The name of the runtime.- **Warning** - Confirm that the runtime and its data files will be deleted. Valid value is `yes`.Commands:- **Delete** - Delete the runtime.- **Cancel** - Cancel and close the dialog.This action requires Full Access permission to the Runtime API interfaces.#### Edit {#runtime-edit}To delete a runtime, go to **Settings** > **Runtimes**, point to the runtime, and select the **Edit** icon.Options:- **Identifier** - (read-only) The ID of the runtime.- **Name** - The name of the runtime.- **Framework** - (read-only) The framework the runtime is targeting.- **Replace Built-in** - (read-only) Whether the runtime contains an application server for use in the build process.- **Version** - (read-only) The framework version the runtime is targeting.- **Build Tools** - (optional) The build tool to use when using the runtime. Valid values are `latest` and `managed` for runtimes targeting .NET, and `ant` and `maven` for runtimes targeting Java.- **Encoding** - (optional) The encoding to use when using the runtime. Valid values are the IANA name of an encoding, such as `big5`, `shift_jis`, `windows-1252`, or `utf-8`.- **Uploaded Time** - (read-only) The time the runtime was created.Commands:- **Save** - Save changes made to the runtime.- **Cancel** - Cancel and close the dialog.- **Delete Runtime** - Navigate to the runtime deletion dialog.This action requires Full Access permission to the Runtime API interfaces.#### Index {#runtime-index}To view all runtimes, go to **Settings** > **Runtimes**.Top row fields of the runtime box:- **Name** - The name of the runtime.Bottom row fields of the runtime box:- **Identifier** - The identifier of the runtime.This action requires Full Access permission to the Runtime API interfaces.### ScanThe `Scan` feature includes the following actions: `Create`, `Delete`, `Details`, `Index`, `Remediate`, `Report`, and `Suppress`.#### Create {#scan-create}To create a new scan, navigate to **Applications**, point to the application, and select the **Create** icon. Alternatively, go to the scan list page or scan details page of the application, and select **New Scan** on the Action Bar.Options:- **Tags** - (optional) Tags of the application. Each tag should be separated by a semicolon.- **Analysis Method** - Select **Static Code Analysis** to use Lucent Sky AVM for vulnerability identification and remediation, or select **Analysis Report Import** to import a third-party scan report for archiving, comparison, or remediation.- **Source Code** - The archive file, directory, or repository connection string containing the source code.- **Report File** - The report file of a third-party scan, only available when importing a third party scan reportMore options:- **Analysis Target** - (optional) The analysis entry point of the scan. Typically a project file or a binary file.- **Scan Arguments** - (optional) The scan arguments of the scan.- **Weakness Policies** - (optional) The weakness policies of the scan.- **Vectors** - (optional) The vectors of the scan.Commands:- **Upload** - Create the new scan, upload the source code archive or the source code directory, and start the scan.- **Cancel** - Cancel and close the dialog.This action requires the Member or Owner role of the application, or Read permission of the Application API interface. It also requires membership of the built-in Users group.To learn about preparing an application for scanning, view the following article in the Lucent Sky Knowledge Base: [Prepare an application for scanning]({{ site.baseurl }}/en/avm/how-to/prepare-application-for-scan)To learn about scanning an application with advanced options, such as analysis target, weakness policies, vectors, and scan arguments, view the following article in the Lucent Sky Knowledge Base: [Scan an application with advanced options]({{ site.baseurl }}/en/avm/how-to/scan-with-advanced-options)#### Delete {#scan-delete}To delete a scan, navigate to the scan list page of the application of the scan, point to the scan, and select the **Delete** icon.Options:- **Application Name** - (read-only) The name of the application the scan belongs to.- **Scan Tags** - (read-only) Tags of the scan.- **Time** - (read-only) The time the scan was created.Commands:- **Delete** - Delete the scan.- **Cancel** - Cancel and close the dialog.This action requires the Owner role of the application or the scan, or Write permission of the Scan API interface.#### Details {#scan-details}To view details of a scan, go to the scan list page, and select the scan.Fields:- **Stage** - The stage the scan is currently in and the progress within that stage. Only visible when the scan is ongoing.- **Secure Score** - The secure score of the scan, with 1 being the least secure and 100 being the most secure.- **Efficiency Snapshot** - The amount of cost and time saved through automatic vulnerability remediation.- **Vulnerability Trend** - The vulnerability trend comparing to the previous scan of the application. The number to the left indicates changes of vulnerabilities with Instant Fixes, and the number to the right indicates changes of total vulnerabilities.- **Result Charts** - Charts illustrating the priority and rule distribution of identified results.- **Dependencies** - The number of dependencies discovered in the scan.- **Framework** - The framework of the application.- **Time** - The time the scan was created.- **Duration** - The duration of the scan. If the scan is ongoing, the duration might not be accurate.- **Files and Lines of Code Equivalent** - The lines of code equivalent, a metric indicating the true size of the code base, of the scan, followed by the actual lines of code, number of files, and size of referenced libraries.- **Weakness Policies** - Whether the built-in weakness policies were used for the scan. If not, the custom weakness policies used for the scan.- **Vectors** - The vectors used for the scan.- **Rule Package Setting** - Whether the built-in rule package was used for the scan. If not, the custom rule package used for the scan.- **Analysis Target** - Whether the analysis target was detected automatically or specified. If specified, the custom analysis target used for the scan.- **Scan Arguments** - Whether the default scan arguments were used for the scan. If not, the scan arguments used for the scan.- **Analysis Engines** - The type of analysis engine(s) used for the scan.- **Intelligence System** - The Intelligence System features used for the scan.- **Scan Instance** - The name, version, and scan agent settings of the instance conducted the scan.This action requires the Member or Owner role of the application, or Read permission of the Scan API interface.#### Index {#scan-index}To view all scans of an application, navigate to **Applications**, point to the application, and select the **History** icon. The basic information of the application is shown as fields on the header, and each scan is presented as an scanapplication box. Use the pagination at the bottom to navigate between pages.Header fields:- **Scan Count** - The number of scans of the application.- **Application Name** - The name of the application.- **Application Tags** - The tags of the application, if any.Top row fields of the scan box:- **Status** - A circular icon indicating the status of the scan. The color of the icon represents the secure score range of the scan- **Timestamp** - The time the scan was created.- **Tags** - The tags of the scan, if any.Bottom row fields of the application box (the bottom row shows **No Data** when low data mode is enabled):- **Unactionable results** - The number of results in the most recent scan that are unactionable, meaning those without Instant Fixes, Guided Fixes, nor Guided Updates.- **Actionable results** - The number of results in the most recent scan that are actionable, meaning those with either Instant Fixes, Guided Fixes, or Guided Updates.- **Total results** - The number of all results in the most recent scan.This action requires the Member or Owner role of the application, or Execute and Read permissions of the Scan API interface.#### Remediate {#scan-remediate}To generate remediated source code of a scan, go to the scan details page, and select **Remediate** on the Action Bar.Options:- **Application Name** - (read-only) The name of the application.- **Time** - (read-only) The time the scan was created.- **Extension** - The extension of the remediated source code archive.- **Options** - Options for generating the remediated source code archive.Commands:- **Download** - Download a previously generated remediated source code archive.- **Generate** - Generate the remediated source code archive with the specified options.- **Close** - Close the dialog. If a remediated source code archive is being generated, it will not be interrupted.This action requires the Member or Owner role of the application, or Read permissions of the Scan API interface.#### Report {#scan-report}To generate a report of a scan, go to the scan details page, and select **Report** on the Action Bar.Options:- **Application Name** - (read-only) The name of the application.- **Time** - (read-only) The time the scan was created.- **Report Format** - The format of the report.- **Verbose Mode** - Whether to include verbose information when generating the HTML or PDF report.- **Include Hidden Vulnerabilities** - Whether to include hidden vulnerabilities when generating the HTML or PDF report.- **Dark Mode** - Whether to use the dark theme when generating the HTML report.- **Quality Mode** - Whether to use high quality settings when generating the PDF report.- **Quick Mode** - Whether to enable quick viewing when generating the HTML report, which has results collapsed and syntax highlighting deactivated.Commands:- **Download** - Download a previously generated report.- **Generate** - Generate a report in the specified format.- **Close** - Close the dialog. If a report is being generated, it will not be interrupted.This action requires the Member or Owner role of the application, or Read permissions of the Scan API interface.#### Suppress {#scan-suppress}Suppressing a result presents it from appearing in future scans. To generate the suppression XML signatures of all hidden results of a scan, navigate to the scan details page, and select **Bulk Suppress** on the Action Bar.Fields:- **XML** - The XML signatures that will suppress results similar to the hidden results in future scans.- **Instructions** - A brief instruction on how to use the suppression XML.Commands:- **Learn More** - Learn more about how to use result suppression.- **Close** - Close the dialog. This action requires the Member or Owner role of the application, or Read permissions of the Scan API interface.### SettingsThe `Settings` feature includes the following actions: `Account`, `ActivateProductKey`, `Cleanup`, `DownloadLogs`, `InstallLicenseFile`, `RestartApplication`, `RestartServer`, `SystemInfo`, and `UpdateApplication`.#### Account {#settings-account}To view and change account settings, navigate to **Settings** > **Account**.Fields:- **Email** - The email of your account.Options:- **Language** - The language of the Web UI. It also controls the language of reports generated by you.- **Dark Mode** - When turned on, the dark theme is used on the Web UI.- **Word Wrap** - When turned on, code in fields such as Statements and Instant Fixes will wrap-around.- **Open Results in New Tabs** - When turned on, result details on the result list page will open in new tabs.- **Low Data Mode** - When turned on, scan details will not be loaded when viewing the list of applications or scans.- **Receive Broadcast** - When turned on, instance-wide broadcast will be visible on the Web UI.Commands:- **Disable MFA** - Disable multi-factor authentication for the user.- **Enable MFA** - Enable multi-factor authentication for the user.- **Reset MFA** - Reset multi-factor authentication for the user.This action does not require specific permission.#### ActivateProductKey {#settings-activateproductkey}To activate or deactivate a product key, navigate to **Settings** > **License and Usage**, and select **Change Product Key**. It is only available if you belong to the built-in Administrators group or have the necessary API permissions.Options:- **Product Key** - The product key to activate. To deactivate the currently installed product key, enter **00000-00000-00000-00000-00000**.- **Offline Activation** - When checked, a request file will be generated. Provide this file to Lucent Sky support for offline activation.Commands:- **Change** - Activate the product key online and install the license file, or generate a request file for offline activation.- **Cancel** - Cancel and close the dialog.This action requires Full Access permission to the Settings API interface.To learn about activating a product key, view the following article in the Lucent Sky Knowledge Base: [Install Lucent Sky AVM license]({{ site.baseurl }}/en/avm/how-to/install-license)#### Cleanup {#settings-cleanup}To cleanup disk space used by Lucent Sky AVM, navigate to **Settings** > **System**, and select **Cleanup**. It is only available if you belong to the built-in Administrators group or have the necessary API permissions.Options:- **Cleanup Threshold** - The age of older scans, in days, to archive or purge. Valid value is a number between 7 and 10,000.- **Purge Scans** - Whether to archive or purge scans. Archived scans are still present, takes up less disk space, but only have limited actions available. Purged scans are permanently deleted.- **Cascade Purge** - Whether to delete applications that have no scan after purging scans. Only available when purging scans.- **Warning** - Confirm that scans will be archived or purged. Valid value is `yes`.Commands:- **Cleanup** - Start the cleanup process using the specified options.- **Cancel** - Cancel and close the dialog.This action requires Full Access permission to the Project and Settings API interfaces.#### InstallLicenseFile {#settings-installlicensefile}To install a license file, navigate to **Settings** > **License and Usage**, and select **Instll a License File**. It is only available if you belong to the built-in Administrators group or have the necessary API permissions.Options:- **License File** - The license file you received from Lucent Sky support.Commands:- **Install** - Install the license file.- **Cancel** - Cancel and close the dialog.This action requires Full Access permission to the Settings API interface.To learn about installing a license file, view the following article in the Lucent Sky Knowledge Base: [Install Lucent Sky AVM license]({{ site.baseurl }}/en/avm/how-to/install-license)#### DownloadLogs {#settings-downloadlogs}To download system logs of Lucent Sky AVM, navigate to **Settings** > **System**, and select **Download Logs**. It is only available if you belong to the built-in Administrators group or have the necessary API permissions.Options:- **Date** - The date of the system logs to download. Valid value is a date no later than today.Commands:- **Download** - Download the system logs of the specified date.- **Cancel** - Cancel and close the dialog.This action requires Full Access permission to the Settings API interfaces.#### InstallLicenseFile {#settings-installlicensefile}To install a license file, navigate to **Settings** > **License and Usage**, and select **Instll a License File**. It is only available if you belong to the built-in Administrators group or have the necessary API permissions.Options:- **License File** - The license file you received from Lucent Sky support.Commands:- **Install** - Install the license file.- **Cancel** - Cancel and close the dialog.This action requires Full Access permission to the Settings API interface.To learn about installing a license file, view the following article in the Lucent Sky Knowledge Base: [Install Lucent Sky AVM license]({{ site.baseurl }}/en/avm/how-to/install-license)#### License {#settings-license}To view usage and license, or manage license, navigate to **Settings** > **License and Usage**. It is only available if you belong to the built-in Administrators group or have the necessary API permissions.Fields:- **Serial Number** - The serial number of the installed license.- **Type** - The type of the installed license.- **Expiration Date** - The expiration date of the installed license.- **CPU** - The number of processors available on the system, and the number of cores allowed by the installed license.- **Applications** - The number of applications created on the instance or cluster, and the number of applications allowed by the installed license.- **Scans** - The number of scans consumed from the installed license, and the number of scans allowed by the installed license.- **User** - The number of users created on the instance or cluster, and the number of users allowed by the installed license.- **Application Lines of Code Limit** - The lines of code per scan allowed by the installed license.- **Application Library Size Limit** - The size of libraries per scan allowed by the installed license.Options:- **Change Product Key** - Navigate to the Change Product Key dialog.- **Install License File** - Navigate to the Install License File dialog.This action does not require specific permission, but managing license requires Full Access permission to the Settings API interface.#### RestartApplication {#settings-restartapplication}To restart the CLEAR Engine service, navigate to **Settings** > **System**, and select **Restart Service**. It is only available if you belong to the built-in Administrators group or have the necessary API permissions.Options:- **Warning** - Confirm that the CLEAR Engine service will be restarted. Valid value is `yes`.Commands:- **Restart** - Restart the CLEAR Engine service.- **Cancel** - Cancel and close the dialog. This action requires Full Access permission to the Settings API interface.#### RestartServer {#settings-restartapplication}To restart the server running CLEAR Engine, navigate to **Settings** > **System**, and select **Restart Server**. It is only available if you belong to the built-in Administrators group or have the necessary API permissions.Options:- **Warning** - Confirm that the server running CLEAR Engine will be restarted. Valid value is `yes`.Commands:- **Restart** - Restart the server running CLEAR Engine.- **Cancel** - Cancel and close the dialog.This action requires Full Access permission to the Settings API interface.#### SystemInfo {#settings-systeminfo}To view and change system settings, navigate to **Settings** > **System**. It is only available if you belong to the built-in Administrators group or have the necessary API permissions.Fields:- **Serial Number** - The serial number of the CLEAR Engine instance.- **Instance Domain Name** - The domain name of the CLEAR Engine instance.- **Version** - The version of the CLEAR Engine instance.- **System Time** - The system time of the server.- **CPU Usage** - The CPU usage of the server.- **Available Memory** - The available memory of the server.- **Free Disk Space** - The free disk space of the server.- **Runtime Settings** - The runtime settings of the CLEAR Engine instance.- **Current Scan Count** - The number of ongoing scans on the CLEAR Engine instance.Commands:- **Restart Service** - Navigate to the Restart CLEAR Engine dialog.- **Restart Server** - Navigate to the Restart Server dialog.- **Update Software** - Navigate to the Update Software dialog.This action does not require specific permission, but changing system settings requires Full Access permission to the Settings API interface.#### UpdateApplication {#settings-updateapplication}To update the Lucent Sky AVM software running on the instance, navigate to **Settings** > **System**, and select **Update Software**. It is only available if you belong to the built-in Administrators group or have the necessary API permissions.Options:- **Update File** - The update package to install.Commands:- **Update** - Start the update process using the selected update package.- **Cancel** - Cancel and close the dialog.This action requires Full Access permission to the Settings API interface.### UserThe `User` feature includes the following actions: `Create`, `Delete`, `Edit`, `Index`, and `SetPassword`.#### Create {#user-create}To create a new runtime, navigate to **Settings** > **Users**, and select **Create a new user**.Options:- **Email** - The email of the account.- **Organizational Account** - (optional) Whether the account is synced from Active Directory.- **Password** - (optional) The password of the account. The password for an organizational account cannot be set.- **Confirm Password** - (optional) The password of the account for confirmation. The password for an organizational account cannot be set.Commands:- **Create** - Create the new user.- **Cancel** - Cancel and close the dialog.This action requires Full Access permission to the User API interface.#### Delete {#user-delete}To delete a user, navigate to **Settings** > **Users**, point to the user, and select the **Delete** icon.Options:- **Email** - (read-only) The email of the user.- **Migrate Data** - (optional) whether to migrate the data of the user being deleted, including their applications, scans, and hidden results, to another user.- **Warning** - Confirm that the user, the applications and scans owned by the user will be deleted. Valid value is `yes` when not migrating data, and the email of any user belonging to the Administrators or Users group when migrating data.Commands:- **Delete** - Delete the user.- **Cancel** - Cancel and close the dialog.This action requires Full Access permission to the User API interface.#### Edit {#user-edit}To edit a user, navigate to **Settings** > **Users**, point to the user, and select the **Edit** icon.Options:- **User ID** - (read-only) The ID of the user.- **Email** - (read-only) The email of the user.- **Membership Provider** - (read-only) The source of the user account.- **Enabled** - Whether the user account is enabled. A disabled user account still count toward the number of licensed users.- **Expiration** - The expiration date of the user account.- **Groups** - The groups the user account belongs to. A user account should belong to at least the `Administrators` or `Users` built-in group.Commands:- **Save** - Save changes made to the user.- **Cancel** - Cancel and close the dialog.- **Delete User** - Navigate to the user deletion dialog.This action requires Full Access permission to the User API interface.#### Index {#user-index}To view all users, go to **Settings** > **Users**.Fields of the user box:- **Source** - A icon representing the source of the account. The database icon represents a local account, while the Windows icon represents an organizational account.- **Identifier** - The identifier, usually an email address, of the account.This action requires Full Access permission to the Users API interface.#### SetPassword {#user-setpassword}To change the password of a user, navigate to **Settings** > **Users**, point to the user, and select the **Password** icon. This action is not available to organizational accounts.Options:- **Email** - (read-only) The email of the user.- **Password** - the new password.- **Confirm Password** - the new password for confirmation.Commands:- **Save** - Save changes made to the user.- **Cancel** - Cancel and close the dialog.This action requires Full Access permission to the User API interface.### VulnerabilityThe `Vulnerability` feature includes the following actions: `Details` and `Index`.#### Details {#vulnerability-details}To view the details of a dependency vulnerability, navigate to **Dependencies** > **Vulnerabilities**, then select the vulnerability.Fields:- **Identifier** - The identifier of the vulnerability.- **CVSS Score** - The CVSS base score of the vulnerability.- **Published** - The date when the vulnerability was published.- **First Seen** - The first time when a dependency with this vulnerability was discovered in a scan.- **Last Seen** - The most recent time when a dependency with this vulnerability was discovered in a scan.- **Dependencies** - The list of dependencies with this vulnerability.- **Applications** - The list of applications of which the most recent scan contains dependencies with this vulnerability.This action require Full Control of the Dependency API interface.#### Index {#vulnerability-index}To view all vulnerabilities from dependencies, navigate to **Dependencies** > **Vulnerabilities**.Top row fields of the vulnerability box:- **CVSS Score** - The CVSS score of the vulnerability, if available. The color of the score represents the CVSS rating of the vulnerability.- **Identifier** - The identifier of the vulnerability.Bottom row fields of the vulnerability box:- **Number of dependencies** - The number of dependencies with this vulnerability.- **Timeline** - The dates, if available, a dependency with the vulnerability was first seen and most recently seen in a scan.This action require Full Control of the Dependency API interface.", "keywords": "avm, reference, interface, webui" } , "/en/avm/get-started/web-ui": { "id": "575123", "url": "/en/avm/get-started/web-ui", "title": "Get started with Lucent Sky AVM Web UI", "description": "", "date": "2024/01/29", "content" : "Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.This article describes the basic features of the Web UI, and guides you through the process of scanning an application using the Web UI. To learn about other functionalities of the Web UI, view the following article in the Lucent Sky Knowledge Base: [Lucent Sky AVM Web UI reference]({{ site.baseurl }}/en/avm/reference/web-ui)In this article, you will learn how to:- Create a zip file containing the source code of an application.- Scan an application- Review the identified result and their Instant Fixes- Download the remediated source code- Download the reportAt the end, you will be able to use the Web UI to scan applications and generate remediated source code and reports.### Prerequisites- **Web browser** - The latest version of Google Chrome, Microsoft Edge, and Mozilla Firefox are supported by the Web UI.## Create a zip file containing the source code of an application.To learn about creating the source code archive of an application, view the following article in the Lucent Sky Knowledge Base: [Prepare an application scanning]({{ site.baseurl }}/en/avm/how-to/prepare-application-for-scan)## Scan an application1. Go to the Web UI in your browser, and then sign in with your credentials.1. Under the Action Bar on the left, select **New Application**. Enter the name of the application, and optionally enter one or more tags (separated by commas) to categorize the application. Then, select the application framework and select **Create**. You can also change the default build, analysis and, remediation parameters for this application by selecting **More Options**. You can change these parameters at a later stage as well.1. Select **Static Code Analysis** for **Analysis Method**. Then, select **Archive File** for **Source Code**, and select **Browse…** to select the archive file containing the source code of the application. You can also change the build, analysis, and remediation parameters for this application by selecting **More Options**. Finally, select **Upload**. To learn more about scan options, view the following article in the Lucent Sky Knowledge Base:[Scan an application with advanced options]({{ site.baseurl }}/en/avm/how-to/scan-with-advanced-options)1. The web page will refresh itself. An Application Box will display the name of the application and the progress of the scan. There are 11 stages: - Queued - Extracting - Checking - Preparing analysis - Building - Analyzing (S-1) - Analyzing (S-2) - Analyzing (S-3) - Analyzing (S-4) - Analyzing (S-5) - Analyzing (S-6)1. Depends on the size and complexity of the application, the scan can take anytime from a few seconds to a few hours to complete. Generally, it takes around 30 minutes to scan an application with a millions line of code.1. Once the scan is completed, the Application Box will display three numbers in the format of _M_ + _A_ / _T_. _M_ is the number of vulnerabilities requiring developer action, _A_ is the number of results that can be automatically remediated, and _T_ is the total number of results.## Review the identified result and their Instant Fixes or remediation suggestions1. Select the Application Box of the application you want to review. You will be taken to the **Scan Summary** page.1. The **Scan Summary** page has three parts: Secure Score and Efficiency Snapshot, Vulnerabilities, and Additional Information. - **Secure Score and Efficiency Snapshot** includes the Secure Score of the application, and the remediation cost and time saved by automatic remediation. - **Vulnerabilities** includes a chart showing the distribution of vulnerabilities by their priorities, and a chart showing the distribution of vulnerability by CWE classification. Selecting a priority category or a CWE category will navigate to the **Vulnerability List** page showing vulnerabilities of the selected category. - **Additional Information** includes information about this scan, as well as the number of vulnerabilities compared with the previous scan of the same application.1. The **Vulnerability List** page is a list of all the vulnerabilities in that category. Selecting a vulnerability will take you to the **Vulnerability Details** page.1. The title of the **Vulnerability Details** page shows the classification and the file and line number of the vulnerability. The **Statements** shows the flow of the vulnerability in the application. The **Instant Fix**, **Guided Fix**, **Guided Update**, or **Suggestion** shows how to fix the vulnerability. - **Instant Fix** remediates the vulnerability directly, and the developer can apply it to the file and line shown to fix the vulnerability - **Guided Fix** is remediation guidance generated specifically for the vulnerability, and the developer can follow its guidance to fix the vulnerability - **Guided Update** is guidance for updating software components, and the developer can follow its guidance to update the vulnerable software components to a secure version - **Suggestion** is a general description on how to fix the vulnerabilityTo learn about suppressing a result so it does not appear in a future scan, view the following article in the Lucent Sky Knowledge Base: [Suppress results from appearing in future scans]({{ site.baseurl }}/en/avm/how-to/suppress-result)## Download the remediated source code1. Select the Application Box of the application you want to review. You will be taken to the **Scan Summary** page.1. Under the Action Bar on the left, select **Remediate**. In the pop-up dialog, choose if you want to include remediation information and original source code in the generated source code as comments. The generated source code might be similar to ```csharp Response.Write(HtmlEncode(Request["foo"])); // CWE79 remediated (confidence: 13). OriginalStatement: "Response.Write(Request["Foo"]);". ``` where _`CWE79 remediated (confidence: 13)`_ is the remediation information and _`OriginalStatement: "Response.Write(Request["Foo"]);"`_ is the original source code.1. Select **Remediate**. Once the remediated source code has been generated, select **Download**.## Download the report1. Select the Application Box of the application you want to review. You will be taken to the **Scan Summary** page.1. Under the Action Bar on the left, select **Report**. In the pop-up dialog, choose the format of the report, then select **Generate**. Once the report has been generated, select **Download**.", "keywords": "avm, getstarted, interface, webui" } , "/en/avm/troubleshoot/web-ui": { "id": "692080", "url": "/en/avm/troubleshoot/web-ui", "title": "Troubleshoot Lucent Sky AVM Web UI errors", "description": "", "date": "2023/6/20", "content" : "## Symptoms When you access Lucent Sky AVM Web UI, you receive an error message.## CauseVarious reasons can cause the Web UI to return an error. This article describes common causes and solutions to Web UI errors.For Web UI errors that occurs after uploading the source code archive, view the following article in the Lucent Sky Knowledge Base: [Troubleshoot source code archive upload errors]({{ site.baseurl }}/en/avm/troubleshoot/source-code-archive)## Resolution- When you access the Web UI, you may see one of the following error messages: An error has occurred. Server Error in '/' Application. When the Web UI encountered an error and ASP.NET Custom Errors is set to on (the default setting), this error message is displayed in place of the actual error message. Temporarily turning off Custom Errors will allow the Web UI to display the actual error message. To turn off Custom Errors, follow these steps: 1. Open _C:Program FilesLucent SkyCLEAR Webweb.config_ with a text editor. 1. Locate the `` element in _web.config_, and set the `mode` attribute to `Off`. Detailed error messages are now available. Follow troubleshooting steps to resolve the error. Once the error is resolved, turn on Custom Errors: 1. Open _C:Program FilesLucent SkyCLEAR Webweb.config_ with a text editor. 1. Locate the `` element in _web.config_, and set the `mode` attribute to `On`. - When you access the Web UI, you are unable to create a scan and all applications are showing **Loading**. This issue occurs when JavaScript is disabled in the web browser. This issue is commonly encountered when accessing Web UI using Internet Explorer on Windows Server, as Internet Explorer is running in Enhanced Protected Mode (EPM) on Windows Server. To resolve this issue, follow the following steps: - Using Internet Explorer with EPM enabled 1. In Internet Explorer, add the URL of Lucent Sky AVM Web UI (such as _https://clear.contoso.com/_) to the **trusted sites zone**. - Using Internet Explorer with EPM disabled or another browser 1. In the browser's settings, make sure JavaScript is enabled. 1. If a JavaScript security extension (such as NoScript) is installed, add the URL of the Web UI to its allow-list. - When you access Lucent Sky AVM Web UI, you may see the following error message: Could not load file or assembly … An attempt was made to load a program with an incorrect format. This error occurs when the Web UI is running on a 32-bit IIS Server, or a 64-bit IIS Server running on 32-bit mode. To resolve this issue, follow these steps: - The Web UI is running on a 32-bit IIS Server 1. Install the Web UI on a 64-bit IIS Server. Running Web UI on a 32-bit IIS Server is not supported. - The Web UI is running on a 64-bit IIS Server running on 32-bit mode 1. Open IIS Manager, navigate to the IIS Server that has the Web UI installed, then select **Application Pools**. 1. Right click on the Application Pool **CLEAR Web**, then select **Advanced Settings...**. 1. Make sure **.NET CLR Version** is set to **4.0**, and **Enable 32-Bit Applications** is set to **False**. - When you access the Web UI, you may see one of the following error messages: ERROR_SERVICE_NOT_ACTIVE. The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state. This error occurs when the Web UI cannot connect to the CLEAR Engine, or the communication between the Web UI and CLEAR Engine faulted. This could either be caused by incorrect WCF endpoint configurations, or because CLEAR Engine is not running. To resolve this issue, follow these steps: - Make sure CLEAR Engine is running 1. On the CLEAR Engine instance, open PowerShell as administrator, and enter the following command to start the CLEAR Engine service: ```powershell Start-Service "CLEAR Engine" ``` - Validate WCF endpoint settings 1. Open the Web UI configuration file (_web.config_) with a text editor, and make sure WCF endpoints are configured properly. 1. To learn more about the installation and configuration of Lucent Sky AVM Web UI, view the following article in the Lucent Sky Knowledge Base: [Administration guide to CLEAR Engine and Web UI]({{ site.baseurl }}/en/avm/admin-guides/clear-engine-and-web-ui)- When deleting a large number of applications on the Web UI, you may see one of the following error messages: The resource cannot be found. HTTP Error 404.15 - Not Found This error occurs because the length of the identifiers of the application to be deleted exceeds the URL length allowed by the Web UI. To resolve this issue, follow these steps: 1. Open _C:Program FilesLucent SkyCLEAR Webweb.config_ with a text editor. 1. Locate the `` element in _web.config_, set the `maxQueryStringLength` attribute to `16384`, and add an attribute named `maxUrlLength` and set its value to `16384`. 1. Locate the `` element in _web.config_, set the `maxQueryString` attribute to `16384`, and add an attribute named `maxUrl` and set its value to `16384`.- When performing long-running operations on the Web UI, such as purging scans, you may see the following error message: ERROR_SERVICE_REQUEST_TIMEOUT This error occurs because the connection between the Web UI and CLEAR Engine times out before the operation is completed. The operation will continue to run on CLEAR Engine. There is no need to perform the operation again.", "keywords": "avm, troubleshoot, webui" } }