SCA and gradle wrapper integration
Question
Noticed that I can use gradle with SCA on the documentation using
sourceanalyzer -b build gradle clean build
But I am trying to use a wrapper but I keep getting sourceanalyzer error=2...
>>>>>>>sourceanalyzer -b buildxyz ./gradlew clean build
starting init script
TaskListener registered.
Configuration on demand is an incubating feature.
> Task :clean
FAILURE: Build failed with an exception.
* Where:
Initialization script '/Users/.../.fortify/sca17.2/build/buildxyz/init-script4841163810233991317.gradle' line: 203
* What went wrong:
java.io.IOException: Cannot run program "sourceanalyzer": error=2, No such file or directory
> Cannot run program "sourceanalyzer": error=2, No such file or directory
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
Deprecated Gradle features were used in this build, making it incompatible with Gradle 5.0.
See https://docs.gradle.org/4.8.1/userguide/command_line_interface.html#sec:command_line_warnings
Even by just using gradle, I get a different error...
>>>>>>>sourceanalyzer -b buildxyz gradle clean build
[warning]: File clean not found
3 answers
solution1
0 ACCPTED 2018-10-04 14:33:34
I use three step process with Fortify & gradle:
Clean
sourceanalyzer -b ${SEC_REPORT_NAME} -verbose -cleanBuild
sourceanalyzer -b ${SEC_REPORT_NAME} -gradle -verbose gradle -Dorg.gradle.java.home=/opt/jdk8 ${SEC_BUILD_TARGETS}Scan
sourceanalyzer -b ${SEC_REPORT_NAME} -verbose -scan -f ${SEC_TARGET}/${SEC_REPORT_NAME}.fpr
where ${SEC_REPORT_NAME} is an application report id - should be the same for each step ${SEC_BUILD_TARGETS} are standard build targets for gradle ("clean build") ${SEC_TARGET} is output directory
solution2
0 2019-01-25 15:42:08
It looks like 'sourceanalyzer' is not in the path because it cannot be found on the system based on this message:
- What went wrong: java.io.IOException: Cannot run program "sourceanalyzer": error=2, No such file or directory
Cannot run program "sourceanalyzer": error=2, No such file or directory
Ensure sourceanalyzer is installed locally and in the path.
solution3
0 2021-08-16 06:30:33
If you are experiencing this error, it's basically due to Fortify installation not added to the system's PATH .
You can technically do any of the following:
MAC/Linux
zsh:
export PATH="/Application/<Fortify Installation Dir>/bin:$PATH" >> ~/.zshrc
bash:
export PATH="/Application/<Fortify Installation Dir>/bin:$PATH" >> ~/.bashrc
Windows:
Add the bin installation directory to the GUI path.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.