[英]Fortify includes generated-sources in analysis
Is there a way to exclude generated-sources out of Fortify scan? 有没有办法将生成的源排除在Fortify扫描之外? I tried sourcepath option mentioned in the guide but it never seem to work for me.
我尝试了指南中提到的sourcepath选项,但它似乎对我不起作用。
-Dfortify.sca.sourcepath="**/target/generated-sources/**/*.java" or
-Dfortify.sca.sourcepath="**/target/generated-sources/**"
Both the above options ended up with the below warning 以上两种选择均以以下警告告终
[WARNING] Bad value provided for option -sourcepath.
Do not add ** to sourcepath, specify the directories instead: 不要在源路径中添加**,而是指定目录:
-Dfortify.sca.sourcepath="module1/target/generated-sources" -Dfortify.sca.sourcepath="module2/target/generated-sources"
If you are using sourceanalyzer you can add the -exclude parameter, with this you can use wildchars, like 如果您正在使用sourceanalyzer,则可以添加-exclude参数,并可以使用通配符,例如
-exclude module1/target/generated-sources/**/*.java
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.