Fatal编程技术网
  • gradle/
  • SCA和gradle包装器集成

SCA和gradle包装器集成

gradle

SCA和gradle包装器集成,gradle,fortify,sourceanalyser,Gradle,Fortify,Sourceanalyser,注意到我可以使用gradle和SCA在文档中使用 sourceanalyzer -b build gradle clean build 但我正在尝试使用包装器,但我一直得到sourceanalyzer error=2 >>>>>>>sourceanalyzer -b buildxyz ./gradlew clean build starting init script TaskListener registered. Configuration on

注意到我可以使用gradle和SCA在文档中使用

sourceanalyzer -b build gradle clean build
但我正在尝试使用包装器,但我一直得到sourceanalyzer error=2

>>>>>>>sourceanalyzer -b buildxyz ./gradlew clean build
starting init script
TaskListener registered.
Configuration on demand is an incubating feature.
> Task :clean


FAILURE: Build failed with an exception.

* Where:
Initialization script '/Users/.../.fortify/sca17.2/build/buildxyz/init-script4841163810233991317.gradle' line: 203

* What went wrong:
java.io.IOException: Cannot run program "sourceanalyzer": error=2, No such file or directory
> Cannot run program "sourceanalyzer": error=2, No such file or directory

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

Deprecated Gradle features were used in this build, making it incompatible with Gradle 5.0.
See https://docs.gradle.org/4.8.1/userguide/command_line_interface.html#sec:command_line_warnings
即使只是使用gradle,我也会得到一个不同的错误

>>>>>>>sourceanalyzer -b buildxyz gradle clean build
[warning]: File clean not found
我使用三步流程强化和升级:

  • 干净的

    sourceanalyzer-b${SEC\u REPORT\u NAME}-verbose-clean

  • 建造

    sourceanalyzer -b ${SEC_REPORT_NAME} -gradle -verbose gradle -Dorg.gradle.java.home=/opt/jdk8 ${SEC_BUILD_TARGETS}
  • 扫描

    • 其中,
    ${SEC_REPORT_NAME}
    是一个应用程序报告id-每个步骤都应相同 
    ${SEC_BUILD_TARGETS}
    是gradle(“干净构建”)的标准构建目标 
    ${SEC_TARGET}
    是输出目录

    看起来“sourceanalyzer”不在路径中,因为基于此消息在系统上找不到它:

    • 出了什么问题: java.io.IOException:无法运行程序“sourceanalyzer”:错误=2,没有这样的文件或目录 无法运行程序“sourceanalyzer”:错误=2,没有此类文件或目录

    确保sourceanalyzer安装在本地和路径中

    sourceanalyzer -b ${SEC_REPORT_NAME} -verbose -scan -f ${SEC_TARGET}/${SEC_REPORT_NAME}.fpr