我必须在SCA服务器基于Ant的项目上运行强化扫描
但是我无法在ant target中为JDK 8中的源代码运行sourceanalyzer任务。
以下是运行sourceanalyzer任务的ant目标,因为将jdk参数更改为jdk =“ 1.8”没有帮助。
<target name="translate" if="fortify.present">
<echo>Running Translation</echo>
<sourceanalyzer buildid="${sourceanalyzer.buildid}" jdk="1.8">
<classpath> </classpath>
<fileset dir="C:\Projects\TIM_CONSIP\TICP">
<include name="**/*.*"/>
</fileset>
</sourceanalyzer>
</target>
以下是运行上述目标的结果
C:\Projects\MY_PROJECT\Project\build>ant translate
Buildfile: build.xml
translate:
[echo] Running Translation
[sourceanalyzer] [warning]: A compiler command may not be used in
conjuction with directly specified source files.
[sourceanalyzer] HPE Security Fortify Static Code Analyzer 17.10.0156
[sourceanalyzer] Copyright (c) 2003-2017 Hewlett Packard Enterprise
Development LP
[sourceanalyzer]
[sourceanalyzer] For command-line help, type 'sourceanalyzer -h'
[sourceanalyzer]
[sourceanalyzer] Result: 1
BUILD SUCCESSFUL
Total time: 18 seconds
以下是Fortify扫描属性
<!-- HP Fortify Scan Properties -->
<property name="sourceanalyzer.buildid" value="5.0"/>
<property name="sourceanalyzer.fpr" value="issues2.fpr"/>
<!-- For debugging in a separate HP Fortify SCA log file -->
<property name="fortify.debug" value="false" />
<!-- HP Fortify Setup -->
<available classname="com.fortify.dev.ant.SourceanalyzerTask" property="fortify.present"/>
<typedef name="sourceanalyzer" classname="com.fortify.dev.ant.SourceanalyzerTask"/>
我已经使用命令行语法设置了build.compiler属性:-
ant -Dbuild.compiler="com.fortify.dev.ant.SCACompiler" -Dsourceanalyzer.buildid =5.0
以前我在JDK 1.6 / 1.7中的SCA服务器项目上进行过强化扫描,是否需要使用任何其他版本的sourceAnalyser jar在jdk 1.8上为源代码运行强化功能
感谢您的帮助!