SCA 和 gradle 包装器集成
SCA and gradle wrapper integration
注意到我可以在使用
的文档中将 gradle 与 SCA 一起使用
sourceanalyzer -b build gradle clean build
但我正在尝试使用包装器,但我不断收到 sourceanalyzer error=2...
>>>>>>>sourceanalyzer -b buildxyz ./gradlew clean build
starting init script
TaskListener registered.
Configuration on demand is an incubating feature.
> Task :clean
FAILURE: Build failed with an exception.
* Where:
Initialization script '/Users/.../.fortify/sca17.2/build/buildxyz/init-script4841163810233991317.gradle' line: 203
* What went wrong:
java.io.IOException: Cannot run program "sourceanalyzer": error=2, No such file or directory
> Cannot run program "sourceanalyzer": error=2, No such file or directory
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
Deprecated Gradle features were used in this build, making it incompatible with Gradle 5.0.
See https://docs.gradle.org/4.8.1/userguide/command_line_interface.html#sec:command_line_warnings
即使只使用 gradle,我也会得到一个不同的错误...
>>>>>>>sourceanalyzer -b buildxyz gradle clean build
[warning]: File clean not found
我使用 Fortify & gradle 的三步流程:
清洁
sourceanalyzer -b ${SEC_REPORT_NAME} -verbose -clean
建造
sourceanalyzer -b ${SEC_REPORT_NAME} -gradle -verbose gradle -Dorg.gradle.java.home=/opt/jdk8 ${SEC_BUILD_TARGETS}
扫描
sourceanalyzer -b ${SEC_REPORT_NAME} -verbose -scan -f ${SEC_TARGET}/${SEC_REPORT_NAME}.fpr
其中 ${SEC_REPORT_NAME}
是应用程序报告 ID - 每个步骤都应该相同
${SEC_BUILD_TARGETS}
是 gradle ("clean build") 的标准构建目标
${SEC_TARGET}
是输出目录
看起来 'sourceanalyzer' 不在路径中,因为根据此消息无法在系统上找到它:
- 出了什么问题:
java.io.IOException: 无法 运行 程序 "sourceanalyzer": error=2, 没有那个文件或目录
Cannot run program "sourceanalyzer": error=2, No such file or directory
确保在本地和路径中安装了 sourceanalyzer。
如果您遇到此错误,基本上是由于 Fortify 安装未添加到系统 PATH
。
从技术上讲,您可以执行以下任一操作:
MAC/Linux
zsh:
export PATH="/Application/<Fortify Installation Dir>/bin:$PATH" >> ~/.zshrc
bash:
export PATH="/Application/<Fortify Installation Dir>/bin:$PATH" >> ~/.bashrc
Windows:
将bin安装目录添加到GUI路径。
注意到我可以在使用
的文档中将 gradle 与 SCA 一起使用sourceanalyzer -b build gradle clean build
但我正在尝试使用包装器,但我不断收到 sourceanalyzer error=2...
>>>>>>>sourceanalyzer -b buildxyz ./gradlew clean build
starting init script
TaskListener registered.
Configuration on demand is an incubating feature.
> Task :clean
FAILURE: Build failed with an exception.
* Where:
Initialization script '/Users/.../.fortify/sca17.2/build/buildxyz/init-script4841163810233991317.gradle' line: 203
* What went wrong:
java.io.IOException: Cannot run program "sourceanalyzer": error=2, No such file or directory
> Cannot run program "sourceanalyzer": error=2, No such file or directory
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
Deprecated Gradle features were used in this build, making it incompatible with Gradle 5.0.
See https://docs.gradle.org/4.8.1/userguide/command_line_interface.html#sec:command_line_warnings
即使只使用 gradle,我也会得到一个不同的错误...
>>>>>>>sourceanalyzer -b buildxyz gradle clean build
[warning]: File clean not found
我使用 Fortify & gradle 的三步流程:
清洁
sourceanalyzer -b ${SEC_REPORT_NAME} -verbose -clean
建造
sourceanalyzer -b ${SEC_REPORT_NAME} -gradle -verbose gradle -Dorg.gradle.java.home=/opt/jdk8 ${SEC_BUILD_TARGETS}
扫描
sourceanalyzer -b ${SEC_REPORT_NAME} -verbose -scan -f ${SEC_TARGET}/${SEC_REPORT_NAME}.fpr
其中 ${SEC_REPORT_NAME}
是应用程序报告 ID - 每个步骤都应该相同
${SEC_BUILD_TARGETS}
是 gradle ("clean build") 的标准构建目标
${SEC_TARGET}
是输出目录
看起来 'sourceanalyzer' 不在路径中,因为根据此消息无法在系统上找到它:
- 出了什么问题:
java.io.IOException: 无法 运行 程序 "sourceanalyzer": error=2, 没有那个文件或目录
Cannot run program "sourceanalyzer": error=2, No such file or directory
确保在本地和路径中安装了 sourceanalyzer。
如果您遇到此错误,基本上是由于 Fortify 安装未添加到系统 PATH
。
从技术上讲,您可以执行以下任一操作:
MAC/Linux
zsh:
export PATH="/Application/<Fortify Installation Dir>/bin:$PATH" >> ~/.zshrc
bash:
export PATH="/Application/<Fortify Installation Dir>/bin:$PATH" >> ~/.bashrc
Windows:
将bin安装目录添加到GUI路径。