GUI: Settings

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

GUI Reference: Settings; Admin Settings

View various settings; modify them if you have sufficient permissions. These settings include:

Properties of your own hub user account.
HTTP and SMTP configuration for the hub.
Default settings for new warnings.
Display properties for the web GUI.

The CodeSonar GUI provides two slightly different page types for managing settings. "Admin Settings" and "Settings" provide identical functionality, but differ in their handling of cases where the user does not hold sufficient permissions to access particular pieces of functionality.

"Settings" only displays functionality that is available to the user: functionality that requires permissions that the user does not hold is not displayed at all.
"Admin Settings" displays all functionality, but disables those pieces that are not available and marks them with a icon.

Since the same functionality is available from both "Settings" and "Admin Settings, and is subject to the same restrictions in both cases, you can use whichever page you prefer. In particular, while this manual generally refers to the Settings page when describing how to access the functionality contained on these pages; the Admin Settings page is always an acceptable alternative.

Important Note: the CodeSonar Web GUI makes extensive use of JavaScript. Make sure JavaScript is enabled in your web browser.

Navigating to

Note that both Settings and Admin Settings are only available to signed-in users. If you attempt to access either page while not signed in, you will be directed via a Sign In screen.

Settings	From any page:	Click the Settings icon in the page header.
By URL:	http://hub_location/settings.html
Admin Settings	By URL:	http://hub_location/admin_settings.html

Page Properties

Page Contents

Standard Header	See GUI Reference: Standard Header.
Breadcrumbs	Home > Settings Where Home links to the GUI Home page.
Page Heading	*Settings for user "user_name"* Where user_name is the username of the hub user account that is currently signed in.
Page Tabs	The page is divided into "tabs" that group related content. Use these links to move between the tabs. The available tabs are Account (the default), Content, HTTP, SMTP, Analysis, User Administration, Password Policy, and Other Links.
Tab Contents	The contents of this pane depend on the selected tab, as described below.
Standard Footer	See GUI Reference: Standard Footer.

Account Tab

The Account tab contains fields for changing password and email settings for the hub user account that is currently signed in.

To change settings for a different hub user account, use the corresponding Account Editor.

Fields for Changing Password

To change the account password, fill in these fields and click Update.
This functionality requires G_CHANGE_OWN_PASSWORD permission.

Administrator only: Note that changing the Administrator password will also change the password for special PostgreSQL user cshubuser.

Old Password	Enter the old password in this field.
New Password	Enter the new password in this field.
Verify Password	Re-enter the new password in this field. Must match the password entered in the New Password field. If the password entered in this field does not match the one in the New Password field, CodeSonar will print a warning instead of creating a new account when Update is clicked.
Sign out sessions?	Select Yes to delete all user sessions associated with your hub user account when you click Update to change the password. Select No to keep all your existing sessions. If you are changing your password because of a security breach or similar, we recommend also deleting your user sessions. In other cases, you might decide that it is convenient to keep existing sessions. All of your user sessions will be deleted except the GUI session you are using to perform the password change.

Fields for Changing Email Settings

Email Address	The account Email. Modifying this requires G_CHANGE_OWN_EMAIL permission.
Email Alerts	The Email Alerts? setting for the account. Modifying this requires G_CHANGE_OWN_EMAIL_ALERTS permission.

Access Control Settings

Roles	Click View and Edit Roles to navigate to the User Roles page for the account.
Default Role for Saved Resources	The default role for the account. To modify, select a role from the menu and click the Update button. Note that the menu only contains roles that are currently assigned to the account. No permissions are required to change your own default role.

Authentication Settings

Mutual TLS Auth Certificates	Click Manage My Certificates to navigate to the User Certificates page for the account. This field is only available if HTTPS is enabled.
Sessions	Click Manage My Sessions to navigate to the User Sessions page for the account.

Update Button

Content Tab

Functionality on this tab requires G_ADMINISTER_CONTENT_SETTINGS and G_LIST_PROPERTIES permissions.
The Settings page will not include the tab at all if the signed-in user does not have these permissions.

Display Settings
	Default Character Encoding	The default HTTP character encoding for the hub. Select Other to specify an encoding that is not on the list provided.
	Preferred Font for Charts	The font to use for chart labels and legends.
	Default Language	Specifies the default setting of the GUI language selector for all users, and thus the default language for rendering warning report annotations. GUI links to warning class documentation will navigate to documentation in the appropriate language (where available). There are currently two available languages: English (en) and Japanese (ja).
	Default Color Theme	Specifies the default setting of the GUI light/dark mode selector for all users. There are currently two available color themes: Light (dark text on light background) and Dark (light text on dark background).
	Spaces Per Tab	The tab spacing to use for source code in Source Listing and Warning Report pages.
Date Settings
	Date Display Format	A date format string that specifies how CodeSonar should display dates.
	Date Parse Formats	A list of date format strings, one per line. When CodeSonar is interpreting dates in search strings, it will start at the top of this list and try each format string until it finds a match.
	Show Relative Dates?	If this box is checked, dates will be displayed using relative phrases, such as "15 days ago" (any specified Date Display Format will be ignored). There is one exception: the page processing message in the standard page footer always uses Date Display Format.
	Relative Date Formats	A list of relative date format strings, one per line. When CodeSonar cannot match a date in a search string against any of the date format strings in the Date Parse Formats list, it will move to the top of this list and try each format string until it finds a match. This is not affected by the Show Relative Dates setting, which controls date display only.
	Example Date Formats	A table containing the hub's current list of format strings, with an example for each.
Update button	Click to save your changes.

HTTP Tab

Functionality on this tab requires G_ADMINISTER_HTTP_SETTINGS permission.
The Settings page will not include the tab at all if the signed-in user does not have this permission.

HTTP Settings
	Serve Pages Using HTTPS	Reads Disabled if HTTPS is currently disabled (in which case all pages will be served using HTTP), Enabled if HTTPS is currently enabled. Click configure to navigate to the Configure HTTPS page.
	Public URL	A URL of the form http://hostname:port (or https://hostname:port, if HTTPS is enabled). This is used in several contexts. When the hub sends email to users, the Public URL will be used as the base URL when referring to individual warning reports and other GUI pages. If you configure a single sign-on (SSO) hub authentication service, the SSO SAML authentication plug-in will use your Public URL to generate information that will identify your hub to the SSO service. (HTTPS hubs only) If you are using a hub server certificate, its Subject Common Name must match the Public URL if a Public URL is specified. The same requirement applies to the hub client authentication certificate.
	HTTP Session Timeout	User sessions and anonymous sessions will terminate after this many seconds of inactivity. This setting is particularly useful for ensuring that abandoned anonymous sessions will eventually time out and become available to other users. If a session is started with a specific Expires value, it will take precedence over this setting.
	Sessions expire on browser close?	When selected, user sessions and anonymous sessions that are browsing the web GUI will terminate if the user closes the corresponding browser, unless the browser prevents this.
	HTTP Connection Timeout	HTTP connections will disconnect after this many seconds of inactivity. It is not recommended that users alter this value.
	HTTP TCP Listen Backlog	If there are this many connection requests waiting to be serviced, further connection requests will be rejected.
Hub Process Thresholds
	Max Processes	If this many hub slaves are running, the hub master will not start any further slaves. If the setting is too high, the hub processes may exhaust the free memory on the hub machine. If this setting is too low relative to the volume of HTTP requests on your hub the hub may not be able to service all requests. If this occurs, you will see a Warning: The web server's process pool was exhausted... message above the footer in all Web GUI pages. To estimate a suitable Max Processes value for your hub, allow for a worst case of 700MB of RAM per hub process. If you prefer to experiment rather than estimate, we recommend that you run the hub under typical load for a week or more in order to get representative measurements. New hub processes typically use less memory, so a snapshot of memory usage for a newly-started hub will not provide sufficient information.
	Min Idle Processes	If the number of idle hub slaves is below this value, and fewer than Max Processes hub slaves are running, the hub master will start one hub slave at a time until either the number of idle hub slaves reaches this value or the total number of hub slaves reaches Max Processes.
	Max Idle Processes	If the number of idle hub slaves exceeds this value, the hub master will end one idle slave process at a time until this is no longer the case.
Hub Database Communication Settings
	Allow satellite hubs?	When selected, satellite hubs can connect to the hub database. When not selected, only one hub (the primary hub) can be connected to the hub database. This option is only present on primary hubs that are using the database shipped with CodeSonar.
	Use TLS for database communication?	When selected, the hub will connect to the hub database with a certificate and traffic between hub and database will be encrypted. This may slow down database communication. Certificate and key files hubdir/client.crt, hubdir/client.key, and hubdir/root.crt will be used, where hubdir is the hub directory. If any of these are not present, CodeSonar will generate them when the hub is started or restarted. To use your own versions of these files, copy them to the hub directory. If you are using TLS for database communication and have one or more satellite hubs, make sure you copy these three files from the primary hub directory to the satellite hub directory for each satellite hub. When not selected, the hub will connect to the hub database with a password, and traffic between hub and database will not not be encrypted. This option is only present on primary hubs that are using the database shipped with CodeSonar.
Update button	Click to save your changes.

SMTP Tab

Functionality on this tab requires G_ADMINISTER_SMTP_SETTINGS permission.
The Settings page will not include the tab at all if the signed-in user does not have this permission.

If you are configuring SMTP settings for the hub, make sure that Public URL is set to a suitable value: this ensures that email messages sent by the hub contain valid URLs.

SMTP Server	The address of the SMTP server that the hub will use to send email to users.
SMTP Server Port	The port on SMTP Server on which the server runs. The conventional SMTP port is 25.
From Address	The email address that will be used in the From: line of email messages from the hub.
Connect Using TLS?	When this option is selected, the hub will communicate with the SMTP server using TLS.
Timeout	The number of seconds the SMTP client will wait for network operations to complete.
Connect As User	If your SMTP server requires authentication, enter the account name for the server in this field.
Password	If you entered an SMTP server account name in the Connect As User field, enter the corresponding password here.
Confirm Password	If you entered an SMTP server account name in the Connect As User field, re-enter the corresponding password here.
Send test email to	The CodeSonar hub will send a test email using the specified settings. Use this field to specify a recipient for the test email.
Update button	Click to save your changes and send a test email.

Analysis Tab

The Settings page will not include the tab at all if the signed-in user does not have all these permissions.

[Priority \| Finding \| State] for New Warnings	Select from the appropriate list to set the default priority, finding or state for new warning groups. To change the available priorities/findings/states, click the associated manage... link to navigate to the appropriate page.
Share annotations between projects	Select to specify that warning group scope should be hub-wide. If instances of "the same" warning are issued for multiple projects, they will all be assigned to the same group. Deselect if you prefer that each warning group contains instances from exactly one project. For full information, see Warning Group Scope. Note that the setting does not apply retroactively. We strongly recommend that the group sharing setting for each hub be decided early in the hub's lifetime, and then kept unchanged. Changing the setting back and forth as projects are analyzed can result in a mixture of hub- and project-scoped warning groups that leads to user confusion.
Project links...	Controls the linking behavior of tables of projects in Home, Project Search Results, and Project Tree pages. Selected: each table row links to the Analysis page for the most recent analysis of the project. Deselected: each table row links to the Project page for the project.
Autodeletion Settings	This section allows you to view and modify the hub-wide analysis auto-deletion and analysis log auto-deletion settings. For full details, see Setting Up Analysis Auto-Deletion: Hub-Wide. All projects use the hub-wide settings by default; project-wide auto-deletion settings are also available. Note also that individual analyses can be protected from auto-deletion.
Update button	Click to save your changes.

User Administration Tab

The User Administration tab contains a menu of links to useful user administration information and functionality.

Functionality on this tab requires G_ADMINISTER_USERS permission.
The Settings page will not include the tab at all if the signed-in user does not have these permissions.

The following table describes the links available in this tab, including the permissions required for each. The "Settings" page will not display any links for which the corresponding permissions are not held; the "Admin Settings" page will display all links and mark those that are unavailable with a lock

icon.

Link	Description	Permissions Required
Security Dashboard	Security dashboard	G_ADMINISTER_USERS
Users	Manage Users: list all hub users; access the Account Editor.	G_ADMINISTER_USERS
Roles	Roles: view all roles on the hub; delete roles; add new roles.	G_ADMINISTER_USERS
Global Permissions	Global Role-Permissions: view and edit the global role-permission assignments for each role on the hub.	G_ADMINISTER_USERS
Root Project Tree Permissions	Resource Role-Permissions page for the root project tree.	G_ADMINISTER_USERS or PTREE_ADMINISTER on the root project tree
Root Launch Daemon Group Permissions	Resource Role-Permissions page for the root launchd group.	G_ADMINISTER_USERS or LAUNCHDGROUP_ADMINISTER on the root launchd group
Authentication Services	Authentication Services: view and configure authentication services for the hub.	G_ADMINISTER_USERS
Create Account	Create Account: create a new hub user account.	G_CREATE_USER
Bulk Add Users	Bulk Add Users: create new hub user accounts in bulk.	G_ADMINISTER_USERS

Password Policy Tab

The Password Policy tab contains security settings for password-based hub authentication.

User Account Password Requirements	These settings specify constraints that are checked when a hub user account password is changed. Existing hub user account passwords are not affected. Passwords used for authentication through third party authentication services are not affected.
	Minimum Password Length	The password must contain at least this many characters Must be a non-negative integer.
	Minimum Password Character Classes	The password must contain at characters from at least this many character classes, where the set of character classes is {Upper, Lower, Digit, Symbol}. Must be an integer in the range 0-4, inclusive.
PBKDF2 Iterations	The number of iterations of PBKDF2 (Password-Based Key Derivation Function 2) that will be applied to a password to create the password hash. A higher value will generally confer a higher degree of security. This setting directly affects the CPU cost of password-based hub authentication (including authentication for analyses and other authenticated operations). On a fast machine, a setting of 100000 corresponds to an authentication time of about one second. Password hashes are stored with their iteration counts: changing this value will not affect hashing for passwords set before the change.
Authentication Retry Limits	Specify limits on the number of unsuccessful password-based authentication attempts a single user may make within a specified time frame. Limits are managed on a per-specified-username basis, whether or not the specified username is associated with an existing hub user account.
Update button	Click to save your changes.

Link	Description	Permissions Required
Vacuum Database	Perform the vacuum full operation (described in the PostgreSQL documentation) on the hub database. CodeSonar will display a dialog warning that vacuuming will take a long time and asking for confirmation. Click Vacuum Database in the dialog to confirm that you want to proceed with vacuuming, or Cancel to close the dialog without vacuuming the database.	G_HUB_VACUUM
Backup Hub	Perform a pg_dump operation (described in the PostgreSQL documentation) to back up the hub database. The backup file will be streamed to your local machine: use your browser's standard download controls to specify a location to save the file. Once the backup has finished you can use the saved file to relocate, restore, or copy a hub. Note that we recommend using streaming replication in preference to pg_dump for backing up a hub: Back Up And Restore A Hub: Unencrypted Communication Back Up And Restore A Hub: TLS Communication	G_HUB_BACKUP
License Utilization	License Utilization: view the licensed limits on CodeSonar resources and the current utilization of those resources.	G_LIST_USERS
Saved Searches	Saved Searches	none
Warning Processors	Manage Warning Processors: enable and disable warning processors; add new warning processors.	none
Administrative Hub Settings	Admin Settings	none
Analysis Cloud	Analysis Cloud: view information about the hub's analysis cloud register.	LAUNCHDGROUP_EXISTS for root launchd group, LAUNCHDGROUP_READ for root launchd group,
Hub Shutdown	hub shutdown command	G_HUB_SHUTDOWN
Hub Log	hub log command	G_HUB_LOGS
User Log	hub userlog.txt command	G_HUB_LOGS
Traffic Log	hub traffic.txt command	G_HUB_LOGS
Processes Log	hub processes.txt command	G_HUB_LOGS
SQL Console	SQL Console: interact directly with the hub database, both reading and writing.	G_SQL_CONSOLE