Troubleshooting
This article includes troubleshooting steps you can use to identify and fix issues that may come up when using ShiftLeft CORE's NG SAST.
General troubleshooting tips
Run
sl check-environment
to see if there are issues related to your environment (be sure to pass in your language-specific option).Create an environment variable called
SHIFTLEFT_SHOW_HIDDEN
and set it totrue
to show the hidden flags supported by the ShiftLeft CLI.When running
sl analyze
, include the--cpg-output-dir
flag to specify your CPG output directory. ShiftLeft will place the CPG in this directory after analysis.Get verbose logs for additional information by including the
--verbose
and/or--diagnostic
flags when invokingsl analyze
(i.e.,sl analyze --verbose --diagnostic
).If your scan does not complete or nothing gets uploaded to ShiftLeft:
- Check that your antivirus/anti-malware program isn't preventing ShiftLeft from performing correctly
- (For macOS users) Ensure that ShiftLeft can access the necessary directory (e.g., by default, ShiftLeft may not be able to access files in Documents or on the Desktop without explicit permission)
Working with monorepos
Please keep the following in mind when analyzing a monorepo:
Depending on the size of your monorepo, you may need to scan individual components of the app (e.g., UI, API, CLI) separately instead of scanning the monorepo as a whole
The ShiftLeft CLI accepts only one language at a time, so if your monorepo utilizes multiple components, you must scan each component on a per-language basis (i.e., you cannot scan JavaScript components alongside Python components)
- While you can run sequential scans, you can also implement parallel scans with a CI system to save time
You can use the ShiftLeft Dashboard's app groups functionality to group all of the individual scans for your monorepo so that you can view them simultaneously
For Windows users
On Windows platforms, sl.exe
doesn't auto-update. Please begin your code analysis or troubleshooting steps by checking your ShiftLeft version and updating if necessary:
Path argument positioning
The path argument used with sl analyze
should be the last value. If any other argument follows the path, sl analyze
will fail.
The following is an example of an incorrect invocation (notice that the path argument value comes before the --verbose
flag):
The correct invocation is:
sl analyze
Specifying additional arguments to The sl cli
tool accepts standard arguments, such as --app
and --verbose
. In addition to this, the CPG generator plugins accept additional arguments for each language. To specify these arguments, you must provide a double hyphen (--
), then additional arguments.
For example, you can choose to ignore test and docs directories during analysis of a JavaScript app:
See the language-specific pages for your application for additional information.