HPE Community
Other HPE Product Questions
1819870 Members
2458 Online
109607 Solutions
New Discussion

Fortify Local Scan

 
JayDev
Visitor

‎04-23-2018 02:27 AM

‎04-23-2018 02:27 AM

Fortify Local Scan

Hi team ,

We are using Fortify Static code analyzer version 17.2.0.Our Project is too huge and full scan takes 8 Hours of time We are trying to find some alternatives to scan the files Incremenatlly(Scan only the changed Files instead of Whole Project)

We wrote a plugin incorporating the Source Analyzer Command as Below

sourceanalyzer -b !BuildId! -source 1.6 -verbose -cp "!codeDirectory!/CODE/LIB/*.jar !codeDirectory!/CODE/ModuleLIB/*.jar"  !modifiedFileList!

Where modifiedFileList is the list of FIles which we changed 

The Problem is 

1)The scan is listing only few Issues like Password Hard coded/Key hardcoded

2)The scan is not finding all the Issue category(Like XSS Related Issues)

Please help us on this.Can we use local scan to find out all the issues on incremental Scan itself.

 

 

 

 

Regards,

Jay.

 

 

 

 

 

0 Kudos
Reply
1 REPLY 1
Parvez_Admin
Community Manager

‎04-23-2018 03:47 AM

‎04-23-2018 03:47 AM

Re: Fortify Local Scan

Hi,

Fortiy and HPE software is now part of the new company, Micro Focus. So you will need to repost your question to the new Micro Focus Community at https://community.softwaregrp.com/ 

 Or, 

https://community.softwaregrp.com/t5/Fortify/ct-p/fortify


Thanks,
Parvez_Admin
I work for HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
CM_Cert_Logo_Color.png
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.