Skip to main content
Skip table of contents

Why Do You See Different Scan Results Between GitHub Integration and Unified Agent?

Ideally, the GitHub integration and the Unified Agent scans will produce the same inventory results when scanning the same project. However, on some occasions, you may notice some differences in terms of the library count or security alerts.

This article describes two possibilities that could explain the differences.

Configuration

The default settings that are used for GitHub and the Unified Agent scans are different. Please see the details in the table below.

Configuration File Parameter

Default Value for GitHub

Default Value for Unified Agent

bower.ignoreSourceFiles

False

True

go.ignoreSourceFiles

False

True

gradle.ignoreSourceFiles

False

True

maven.ignoreSourceFiles

False

True

nuget.runPreStep

False

True

Environment

The Package Manager versions can differ from one environment to another.

In the example below, a setup.py file requires Python 3:

CODE
extras_require = {
    ':python_version < "3.5"': 'backports.ssl_match_hostname >= 3.5',
    ':python_version < "3.3"': 'ipaddress >= 1.0.16',
}

By default, both GitHub and the Unified Agent use Python 2 version. However, the GitHub scanners have both Python 2 and 3 installed. To resolve the above example in GitHub, you would need to set the python 3 under python.path and python.pipPath parameters in the configuration file.

python.path=python3
python.pipPath=pip3

To resolve the same in the regular Unified Agent scan you would need to make sure you have the right version of Python installed in addition to setting up the python.path and python.pipPath parameters correctly.

For example, if the machine that runs the Unified Agent has a python version 3.6, but you didn’t specify the python.path and python.pipPath parameters for GitHub scan, you will see different packages resolved in your inventory:

With Github: ipaddress-v1.0.16

With UA: backports.ssl_match_hostname-v3.5

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.