Former HPE Products
cancel
Showing results for 
Search instead for 
Did you mean: 

Fortify Local Scan

 
JayDev
Visitor

Fortify Local Scan

Hi team ,

We are using Fortify Static code analyzer version 17.2.0.Our Project is too huge and full scan takes 8 Hours of time We are trying to find some alternatives to scan the files Incremenatlly(Scan only the changed Files instead of Whole Project)

We wrote a plugin incorporating the Source Analyzer Command as Below

sourceanalyzer -b !BuildId! -source 1.6 -verbose -cp "!codeDirectory!/CODE/LIB/*.jar !codeDirectory!/CODE/ModuleLIB/*.jar"  !modifiedFileList!

Where modifiedFileList is the list of FIles which we changed 

The Problem is 

1)The scan is listing only few Issues like Password Hard coded/Key hardcoded

2)The scan is not finding all the Issue category(Like XSS Related Issues)

Please help us on this.Can we use local scan to find out all the issues on incremental Scan itself.

 

 

 

 

Regards,

Jay.

 

 

 

 

 

1 REPLY 1
Parvez_AL
Community Manager

Re: Fortify Local Scan

Hi,

Fortiy and HPE software is now part of the new company, Micro Focus. So you will need to repost your question to the new Micro Focus Community at https://community.softwaregrp.com/ 

 Or, 

https://community.softwaregrp.com/t5/Fortify/ct-p/fortify

Thanks,
Parvez_AL
I am a HPE Employee
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
CM_Cert_Logo_Color.png