How to scan Java files only in HP Fortify Audit Workbench 16.10

Recently I needed to run a Fortify scan on a project with several modules. I was told to scan only Java files (*.java) but with the constraint that this files should not be the ones inside test directories (*\test\*)

After doing some research and reading the documentation I came up with the following command:

"-b"
"SiryProject"
"-machine-output"
"-source"
"1.8"
"C:\MyProjects\SiryProject\**\src\main\java\**\*.java"

It is very simple, you are basically telling Fortify to scan all Java whose file path contains \src\main\java\ and are inside C:\MyProjects\SiryProject\

I know it could be a little complex to understand but once you get it, it comes in handy for future scans, I always use the Audit Workbench to run my scans, so I set this command in the Advance Static Analysis dialog, right after selecting the project folder:

hp_fortify_scan_java_files_only

After this, you just have to wait until the scan is completed. For more information you can read page 44 on the user guide provided below.

Sources

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: