Noticed that I can use gradle with SCA on the documentation using
sourceanalyzer -b build gradle clean build
But I am trying to use a wrapper but I keep getting sourceanalyzer error=2...
>>>>>>>sourceanalyzer -b buildxyz ./gradlew clean build
starting init script
TaskListener registered.
Configuration on demand is an incubating feature.
> Task :clean
FAILURE: Build failed with an exception.
* Where:
Initialization script '/Users/.../.fortify/sca17.2/build/buildxyz/init-script4841163810233991317.gradle' line: 203
* What went wrong:
java.io.IOException: Cannot run program "sourceanalyzer": error=2, No such file or directory
> Cannot run program "sourceanalyzer": error=2, No such file or directory
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
Deprecated Gradle features were used in this build, making it incompatible with Gradle 5.0.
See https://docs.gradle.org/4.8.1/userguide/command_line_interface.html#sec:command_line_warnings
Even by just using gradle, I get a different error...
>>>>>>>sourceanalyzer -b buildxyz gradle clean build
[warning]: File clean not found
I use three step process with Fortify & gradle:
Clean
sourceanalyzer -b ${SEC_REPORT_NAME} -verbose -clean
Build
sourceanalyzer -b ${SEC_REPORT_NAME} -gradle -verbose gradle -Dorg.gradle.java.home=/opt/jdk8 ${SEC_BUILD_TARGETS}
Scan
sourceanalyzer -b ${SEC_REPORT_NAME} -verbose -scan -f ${SEC_TARGET}/${SEC_REPORT_NAME}.fpr
where ${SEC_REPORT_NAME}
is an application report id - should be the same for each step ${SEC_BUILD_TARGETS}
are standard build targets for gradle ("clean build") ${SEC_TARGET}
is output directory
It looks like 'sourceanalyzer' is not in the path because it cannot be found on the system based on this message:
Cannot run program "sourceanalyzer": error=2, No such file or directory
Ensure sourceanalyzer is installed locally and in the path.
If you are experiencing this error, it's basically due to Fortify installation not added to the system's PATH
.
You can technically do any of the following:
MAC/Linux
zsh:
export PATH="/Application/<Fortify Installation Dir>/bin:$PATH" >> ~/.zshrc
bash:
export PATH="/Application/<Fortify Installation Dir>/bin:$PATH" >> ~/.bashrc
Windows:
Add the bin installation directory to the GUI path.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.