Xygeni User Guides
  • Welcome to Xygeni
  • Getting Started
    • Create a Free Trial Account
    • Quick start with your code repository
    • Quick start with Xygeni CLI
    • Quick start with a preloaded project
    • Log in to Xygeni
    • Subscribe to Xygeni
  • Introduction to Xygeni
    • Key Concepts
      • Projects in Xygeni
      • Project Baseline
      • Detected Issues
      • Remediation Actions
      • Policies
      • Risk Level
      • SDLC Inventory
      • Standards Compliance
      • GuardRails
    • Xygeni Products
    • How Xygeni works
    • Xygeni Web UI Overview
      • Projects Screen
        • Risk Level
    • Integrating Xygeni into your Workflow
    • Prioritization Funnels
      • Custom Funnels
      • Prioritization Criteria (Stages)
        • Reachability
        • Exploitability
        • Fixable
    • Guardrails
    • Generate a SBOM
    • Reports
      • Trends
      • Scan History
    • Supported Integrations
    • Customizations
  • Xygeni Products
    • Application Security Posture Management (ASPM)
      • ASPM User Interface Guide
      • All Risks
        • Statistics
        • Issues Evolution
        • Issue Comparison Between Different Scans
      • Governance
      • Inventory
        • All Assets
        • Repositories
        • Components
        • CI/CD Assets
        • Delivery Assets
        • Systems & Tools
        • Collaborators
      • Health Check
      • Inventory Scanner
        • Inventory Scanner Configuration
        • Inventory Collaborators Scan
      • Importing reports from 3rd party tools
        • External Scanners Supported
          • Report upload for Kiuwan
            • ExportRule (.java)
    • Code Security (SAST)
      • Code Security (SAST) User Interface Guide
        • Risks (SAST)
        • Malicious Code
      • Malware Scanner
        • Malware Scanner Configuration
        • Malware Detectors
      • SAST Scanner
        • SAST Scanner Configuration
    • Open Source (SCA)
      • Open Source (SCA) User Interface Guide
      • Open Source Components
      • Supported Package Managers for dependency resolution
      • Risks (SCA)
      • OSS Prioritization Funnels
      • OSS Auto-Remediation
      • Malware Early Warning (MEW)
        • How Malware Early Warning works
        • Common types of Malware found in open source packages
      • Dependency Scanner
        • Dependency scanner configuration
        • Dependency Analyzers
      • Suspect Dependencies Scanner
        • Suspect Deps Scanner Configuration
        • Suspect Deps Detectors
    • CI/CD Security
      • CI/CD Security User Interface Guide
      • CI/CD Details
      • Build Attestations
      • CI/CD Scanner
        • CI/CD Misconfigurations Scanner Configuration
      • Compliance Scanner
        • Supported compliance standards
    • Secrets Security
      • Secrets User Interface Guide
      • Secrets Scanner
        • Secrets scanner configuration
      • Secret Leaks Handling
        • Secret Leaks Handling
        • How to Prevent Hard-Coded Secrets
        • Secret Leaks Handling CheatSheet
      • Secrets Auto-Remediation
    • IaC Security
      • IaC User Interface Guide
      • IaC Scanner
        • IaC Scanner Configuration
    • Malware
    • Build Security
      • Build Security Concepts
      • Build Attestations
      • Attestation format
      • How SALT works
      • Installing Salt CLI
      • Salt Command-Line Reference
      • SALT Architecture
      • SALT How To…​
    • Anomalous Activity Detection
      • Anomalous Activity Detection User Interface Guide
      • Xygeni Sensors
        • Xygeni Sensor for Azure
        • Xygeni Sensor for BitBucket
        • Xygeni Sensor for GitHub
          • GitHub Audit Log Processing
        • Xygeni Sensor for GitLab
        • Xygeni Sensor for Jenkins
        • Anomaly Detection's Detectors
      • Code Tampering Scanner
        • Code Tampering Scanner Configuration
    • Compliance & Malware Insights
      • SSCS Compliance
      • Malicious Packages DB
  • Scan Management
    • Manage Scans
    • Scan History
  • Xygeni Scanner CLI
    • Xygeni Scanners
    • Xygeni CLI Overview
      • Xygeni CLI Prerequisites
      • Xygeni CLI Installation
      • Xygeni CLI Docker Image
      • Xygeni CLI Authentication
        • CLI Authentication with Xygeni
      • SCM, CI/ CD and Container Registry tokens
      • Xygeni CLI Operation Modes
        • Single scan
          • Scanning a docker image
        • Multi Scan
        • Organization scan
      • Xygeni CLI Configuration options
      • Xygeni CLI Output Formats
      • Exporting Xygeni results to 3rd party tools
      • Automatic Remediation
      • Generate SBOM with the Xygeni CLI
      • CLI utils
        • Credentials Encryption
        • Central Configuration
      • Xygeni Guardrails
        • CI/CD Audit Analysis
      • Xygeni CLI Error Codes
      • Xygeni Scanner Reference
  • Xygeni Administration
    • Platform Administration
      • Profile
      • Subscription
      • Users Management
      • Projects Management
      • Groups Management
      • Policies
      • Integrations
        • Xygeni Single Sign-On (SSO) Authentication
          • SSO - OKTA
          • SSO - Microsoft Entra ID
        • Integrate Scanner CLI into CI/CD Systems
          • Azure Pipelines Integration
          • BitBucket Integration
          • CircleCI Integration
          • GitHub Actions Integration
          • GitLab Runner Integration
          • Jenkins Integration
          • Travis CI Integration
        • Git Hooks with Xygeni
        • Collaboration & communication Tools
        • Ticketing Systems
        • Remediation systems
      • Notifications
    • Rest API
  • Support
  • Changelog
    • Version 5.11 - April 11, 2025
    • Version 5.9 – March 26, 2025
Powered by GitBook
On this page
  • Troubleshooting common issues
  • Installation issues
  • Scanner issues
  • Integrations issues
Export as PDF

Support

PreviousRest APINextChangelog

Last updated 28 days ago

Troubleshooting common issues

The following contains instructions for handling common issues reported on the Xygeni platform.

Installation issues

Powershell Execution Policy

Q: When running the installation script under Windows, does Powershell complain because its configuration does not allow running scripts?

PowerShell's execution policy is a safety feature that controls the conditions under which PowerShell loads configuration files and runs scripts. This feature helps prevent the execution of malicious scripts.

In this case you probably want to set an Execution Policy of RemoteSigned. Open your Powershell terminal and run:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

For more information, visit

Scanner issues

The scanner terminates with error

Q: The scanner ends with a message Error [_CODE_] and sends me here. What can I do?

There was a non-recoverable error in the scan. This can happen due to different causes: invalid arguments, error during setting up the scanner, post-processing error, error while generating output, or simply a generic fatal error.

There was a non-recoverable error in the scan. This can happen due to different causes: invalid arguments, error during setting up the scanner, post-processing error, error while generating output, or simply a generic fatal error.

NOTE: The --never-fail forces the scanner to end with a zero error code, even with fatal error. This could be useful to avoid a scan error to break the build or pipeline where the scanner is invoked.

How to change the scanner logging level ?

Q: The scanner is not working appropriately. How can I increase the logging level for troubleshooting?

The scanner logs its actions at two targets: console (which prints the output to the system console) and logfile (which is sent to the platform for troubleshooting).

The logging levels are, in increasing order of verbosity: FATAL, ERROR, WARN, INFO, DEBUG and TRACE. Two special levels are OFF (disable logging) and ALL (same as TRACE). The default logging levels are WARN for the console and INFO for the logfile.

These default levels work well under normal circumstances, but if you experience errors or misbehaviors while scanning a given software, you may want to increase the logging level.

You may use the -v|--verbose option, which sets DEBUG level for both targets, or the -q|--quiet option, which sets the level to ERROR for the console only, keeping the default for the logfile.

If you want to configure the default levels to use by the scanner, for example setting ERROR for the console and WARN for the logfile, you may edit the conf/log4j2.yml file:

    Console:
      ThresholdFilter:
        #level: "${ctx:console_level:-WARN}"
        level: "${ctx:console_level:-ERROR}"
        # ...
    File:
      ThresholdFilter:
        #level: "${ctx:file_level:-INFO}"
        level: "${ctx:file_level:-WARN}"

How to create and register a central configuration

Q: We need to run the scanner at different places, typically on ephemeral containers. How can we define a central shared configuration so that each scanner run will use that configuration?

Remember that the central configuration is the set of scanner's configuration files, which includes things like include/exclude patterns, scanner authentication to the service api, proxy settings, and configuration for each scan type. Each detector / standard is customized by the organization's [Xygeni Policy], which

First, create your configuration by editing the configuration files (they are YAML files with comments that help with the process).

Then run the scanner's conf-upload command, which will upload the configuration files to the Xygeni service. The scanner will then automatically download the configuration (unless instructed not to do so).

At any time you may call the conf-update to download the central configuration, but keeping existing authentication credentials from local configuration. You may change configuration and re-run conf-upload again.

How to encrypt sensitive data in scanner configuration

Q: I pasted my Xygeni account credentials / API token / proxy credentials in the xygeni.yml configuration file. How can I encrypt this to not leak the credentials?

$ xygeni util encrypt

Integrations issues

API token expired

Q: The scanner or API endpoint fails with an "API token expired" message.

See for the full reference to the error codes and recommended corrective actions.

Use the for the configuration to be transferred to all scanner instances in your organization.

Read for full details.

Use the to protect the credentials. For example:

Go to using the dashboard. Existing expired tokens could be renewed, or a new one could be created.

Please take care that for security reasons, the token is never stored by Xygeni after generation/renewal, and you have to copy the value to the point where it is needed: secret vault in CI/CD, scanner configuration (protect it with !),

PowerShell Execution Policies
Xygeni CLI Error Codes
Central Configuration
Central Configuration
scanner encryption command
Generate token for scanner
scanner encryption command