Resolving Prescan Warnings and Errors

Getting Started Guide

Resolving Prescan Warnings and Errors

Note: During a scan, you may receive warning or error messages about the uploaded files. This page provides tips on how to resolve these messages.

Supporting Files Missing

If this message is displayed, carefully review the list of missing files--shown as "Not Found"--to make sure that none of the files you want to analyze are missing. If any missing supporting files are identified, click Add Files and add the libraries containing the dependencies.

Note: For C/C++ applications supporting files are required and must be uploaded. If the supporting files for a module are not uploaded, you will not be able to scan that module.

Missing Debug Information

If any modules are shown as missing debug information (in red), you need to recompile the associated binaries according to the compilation instructions and uploaded again. Although debug information is not required for every language, it is required to report the source file and line number for flaws.

Missing Entry Point

For a successful static scan, each application (or executable module) needs a starting point. For a C application, this might be a main() function and for a web application, it might be one or more JSPs or ASPX pages.

No Precompiled Files Located

To analyze ASP.NET applications, Veracode requires that you precompile the dynamically generated pages, which are typically prepared at runtime by the application server. If you do not submit precompiled forms, the scan may produce incomplete or incorrect results. For more information, refer to the compilation instructions for .NET web applications.

Veracode recommends that you use the Veracode Visual Studio Extension to prepare your .NET application for uploading to Veracode. Learn how to do this here.

Unsupported Architecture, Platform, or Compiler

If any modules show an Unsupported Architecture, Platform, or Compiler message (in red), the Veracode Platform will not be able to analyze these modules. If you get this message, please review the list of supported platforms and compilers. If possible, try to recompile the binaries with a supported compiler or platform. For instance, if the binary is for Linux, try compiling on a Red Hat platform. If the binary is for 64-bit Windows, try compiling for 32-bit.

Unsupported Frameworks (non-blocking)

This message is informational only, which means that your scan proceeds even if your scan request is for an application that has one or more unsupported frameworks. After the scan of an unsupported framework, Veracode typically produces an incomplete list of the flaws in the application. These flaws are valid, but because the use of the unsupported framework(s) can prevent Veracode from creating a complete model of the application prior to scanning, there are parts of the application that were not scanned, which leads to an incomplete flaw list.

Deprecated Platform

The module is built with a platform (for instance, compiler) that is not actively supported by Veracode. Results from the analysis of this module will not be as accurate as results produced from supported platforms, and attempting to analyze this module may cause the analysis to fail. If this is a primary module (e.g. an executable rather than a supporting library), try to recompile the module for a supported platform.

Incrementally Linked Libraries

The module is built with incremental linking turned on. In some cases, this can impair the quality of the analysis. If possible, try to recompile the module without incremental linking.

Corrupt Headers

The module appears to have corrupt headers, and may have been modified after compilation. Try to recompile the module.

JSP Compilation Errors

Veracode cannot analyze JSP files that cannot be compiled. If you receive this message, verify that all files and classes on which the JSP files depend have been uploaded and upload any that are missing.

Additional guidance regarding JSP files is available in the Java compilation instructions.

Obfuscated or Optimized Code

The Veracode Platform cannot analyze code compiled with optimizations, or code that has been obfuscated. The binaries should be recompiled without optimizations or obfuscation and resubmitted.

Web.xml Errors

If you are uploading a Java WAR (web archive) for analysis, you may receive one of several messages regarding a missing, empty, or incorrect WEB-INF/web.xml file. As detailed in the packaging guidance for WAR, EAR, and JAR files in the Java compilation instructions, the WAR must contain a valid XML deployment descriptor. Review the instructions and resubmit with a correct WEB-INF/web.xml file.