Configuring the Electronic Update to Skip the Post-Update Phase

The Electronic Update includes a post-Update phase that processes security vulnerabilities against your Code Insight instance. Specifically, this phase determines whether new vulnerabilities included in the Update affect any inventory in the instance’s projects. For those projects affected, the phase generates alerts in the user interface for the inventory items associated with the new vulnerabilities and issues email notifications to the project owners, identifying the specific inventory associated with each new vulnerability. Additionally, remediation tasks can be automatically created for the rejected inventory during this phase, as dictated by the project’s policy profile and remediation options (see Setting Project Defaults).

The post-Update can take time if a large number of inventory items are impacted by one or more vulnerabilities. (You can check the log to track the numbers of vulnerabilities and inventory items being processed.)

You have the option to bypass the post-Update phase during the Electronic Update. Skipping this phase can significantly shorten the Electronic Update process. However, without this phase, project owners will not receive notifications about which inventory items are impacted by new vulnerabilities; nor will remediation tasks for these items be automatically created as part of the Update. (By default, the post-Update phase is enabled.)

To disable or re-enable the post-Update phase, do the following:

In the PAS_GLOBAL_PROPERTIES table in the Code Insight database, locate the skip.post.pdl.vul.processing property.
Update the property as required:
- To disable the post-Update phase, set property to true.
- To re-enable the post-Update phase, set the property to false.
Restart the server.