Support
Last updated
Last updated
The following contains instructions for handling common issues reported on the Xygeni platform.
Q: When running the installation script under Windows, does Powershell complain because its configuration does not allow running scripts?
PowerShell's execution policy is a safety feature that controls the conditions under which PowerShell loads configuration files and runs scripts. This feature helps prevent the execution of malicious scripts.
In this case you probably want to set an Execution Policy of RemoteSigned. Open your Powershell terminal and run:
For more information, visit
Q: The scanner ends with a message Error [_CODE_]
and sends me here. What can I do?
There was a non-recoverable error in the scan. This can happen due to different causes: invalid arguments, error during setting up the scanner, post-processing error, error while generating output, or simply a generic fatal error.
There was a non-recoverable error in the scan. This can happen due to different causes: invalid arguments, error during setting up the scanner, post-processing error, error while generating output, or simply a generic fatal error.
NOTE: The --never-fail
forces the scanner to end with a zero error code, even with fatal error. This could be useful to avoid a scan error to break the build or pipeline where the scanner is invoked.
Q: The scanner is not working appropriately. How can I increase the logging level for troubleshooting?
The scanner logs its actions at two targets: console (which prints the output to the system console) and logfile (which is sent to the platform for troubleshooting).
The logging levels are, in increasing order of verbosity: FATAL, ERROR, WARN, INFO, DEBUG and TRACE
. Two special levels are OFF
(disable logging) and ALL
(same as TRACE
). The default logging levels are WARN
for the console and INFO
for the logfile.
These default levels work well under normal circumstances, but if you experience errors or misbehaviors while scanning a given software, you may want to increase the logging level.
You may use the -v|--verbose
option, which sets DEBUG
level for both targets, or the -q|--quiet
option, which sets the level to ERROR
for the console only, keeping the default for the logfile.
If you want to configure the default levels to use by the scanner, for example setting ERROR
for the console and WARN
for the logfile, you may edit the conf/log4j2.yml
file:
Q: We need to run the scanner at different places, typically on ephemeral containers. How can we define a central shared configuration so that each scanner run will use that configuration?
Remember that the central configuration is the set of scanner's configuration files, which includes things like include/exclude patterns, scanner authentication to the service api, proxy settings, and configuration for each scan type. Each detector / standard is customized by the organization's [Xygeni Policy], which
First, create your configuration by editing the configuration files (they are YAML files with comments that help with the process).
Then run the scanner's conf-upload
command, which will upload the configuration files to the Xygeni service. The scanner will then automatically download the configuration (unless instructed not to do so).
At any time you may call the conf-update
to download the central configuration, but keeping existing authentication credentials from local configuration. You may change configuration and re-run conf-upload
again.
Q: I pasted my Xygeni account credentials / API token / proxy credentials in the xygeni.yml
configuration file. How can I encrypt this to not leak the credentials?
Q: The scanner or API endpoint fails with an "API token expired" message.
See for the full reference to the error codes and recommended corrective actions.
Use the for the configuration to be transferred to all scanner instances in your organization.
Read for full details.
Use the to protect the credentials. For example:
Go to using the dashboard. Existing expired tokens could be renewed, or a new one could be created.
Please take care that for security reasons, the token is never stored by Xygeni after generation/renewal, and you have to copy the value to the point where it is needed: secret vault in CI/CD, scanner configuration (protect it with !),