Unified Agent - Scan Flow
This article describes all of the steps completed by the Unified Agent during a scan.
Unified Agent Scan Flow:
Read Configuration Step - After the scan is triggered the Unified Agent reads the configuration. The configuration priority is as follows:
Command line
Environment variables
Configuration file specified under "-c" parameter in the command line
Offline determined by offline=true in the configuration file
Resolver Detection Step - the Unified Agent runs the Package Manager Dependency resolvers. During this step it searches for the manifest files, like pom.xml, package.json, build.gradle, requirements.txt, packages.config, go.mod and others. It then uses the relevant Package Manager commands to pull the list of the dependencies
For a Java project where mvn.resolveDependencies=true
and mvn.runPreStep=true
, the Unified Agent will look for pom.xml and if found will execute 'mvn install
' command to get the dependency tree
Effective Usage Analysis Step - If Effective Usage Analysis is enabled, then the dependencies resolved in step 2 will be sent through the Effective Usage Analysis to help identify effective and ineffective vulnerabilities
File System Scan Step (also known as a Flat Scan) - The Unified Agent scans the file system according to the provided includes/excludes parameter values in the configuration file (binary and source files). The scan file system is defined under "-d" parameter in the command line
If includes=**/*.js
in the configuration file and "-d C:\Project1\" is added as a command line parameter, then the Unified Agent scans the entire directory under "C:\Project1\" looking for .js files and includes them into the update request file
Update Mend Inventory Step - The Unified Agent sends the update request to Mend servers, where Policies are checked, Source Files are mapped to the Source File Libraries and the inventory is updated