How to scan Java files only in HP Fortify Audit Workbench 16.10

Recently I needed to run a Fortify scan on a project with several modules. I was told to scan only Java files (*.java) but with the constraint that this files should not be the ones inside test directories (*\test\*)

After doing some research and reading the documentation I came up with the following command:


It is very simple, you are basically telling Fortify to scan all Java whose file path contains \src\main\java\ and are inside C:\MyProjects\SiryProject\

I know it could be a little complex to understand but once you get it, it comes in handy for future scans, I always use the Audit Workbench to run my scans, so I set this command in the Advance Static Analysis dialog, right after selecting the project folder:


After this, you just have to wait until the scan is completed. For more information you can read page 44 on the user guide provided below.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: