Fortify includes generated-sources in analysis
Question
Is there a way to exclude generated-sources out of Fortify scan? I tried sourcepath option mentioned in the guide but it never seem to work for me.
-Dfortify.sca.sourcepath="**/target/generated-sources/**/*.java" or
-Dfortify.sca.sourcepath="**/target/generated-sources/**"
Both the above options ended up with the below warning
[WARNING] Bad value provided for option -sourcepath.
1 answers
solution1
1 2013-10-23 08:21:20
Do not add ** to sourcepath, specify the directories instead:
-Dfortify.sca.sourcepath="module1/target/generated-sources" -Dfortify.sca.sourcepath="module2/target/generated-sources"
If you are using sourceanalyzer you can add the -exclude parameter, with this you can use wildchars, like
-exclude module1/target/generated-sources/**/*.java
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Maven generated-sources/annotations
Add generated-sources as source folder to Eclipse
Compile generated maven project in generated-sources directory
Eclipse doesn't see classes from target/generated-sources
Appengine Endpoints Maven Build Error with /generated-sources
IntelliJ maven project generated-sources not picked up (only some)
Avoid building project in a loop for target/generated-sources
Maven: Exclude generated-sources from jar artifact
Maven Not able to resolve dependencies for classes generated inside target/generated-sources/javacc folder
How to create a Spring Boot fat JAR containing classes from target/generated-sources
Related Tags