Highest Voted 'sourceanalyser' Questions

2

votes

0 answers

How to solve Fortify 19.1 low memory error?

I'm using fortify to scan python and php code base. The sourceanalyzer complains about insufficient memory. I have 8 GB now. I'm planning to upgrade to 16 GB. My question is should I use the option -Xmx after the upgrade. The docs say fortify makes…

fortify fortify-source sourceanalyser

asked Oct 17 '19 at 04:21

3lokh

891
4
17
39

2

votes

3 answers

SCA and gradle wrapper integration

Noticed that I can use gradle with SCA on the documentation using sourceanalyzer -b build gradle clean build But I am trying to use a wrapper but I keep getting sourceanalyzer error=2... >>>>>>>sourceanalyzer -b buildxyz ./gradlew clean…

gradle fortify sourceanalyser

asked Aug 16 '18 at 20:53

Bao Thai

533
1
6
25

2

votes

2 answers

HP Fortify Android SCA build

I'm trying to use Fortify sourceanalyser binary to scan an Android project. The problem is even if I set the classpath correctly, classes are not found... Here is my command : sourceanalyzer -b MS.ANDROID -clean; sourceanalyzer -b MS.ANDROID…

android security build fortify sourceanalyser

asked Apr 13 '16 at 06:56

jaumard

8,202
3
40
63

1

vote

0 answers

How to get a list of lint rules only for dart or analyser in specific version?

I use the Analyzer package in my project to perform a static code analysis and modify some rules. For each version of this package (or dart version), How can I find the total list of rules already defined? I found this site:…

flutter dart static-analysis sourceanalyser

asked Jan 31 '22 at 18:20

Dev Loots

708
9
28

1

vote

1 answer

How can I extract a very simple sourceanalyzer / fortify report that only gives defect counts?

I need to be able to easily track a change in defect counts between builds. My idea was to extract the counts for critical, high, medium, and low severity defects with a report. All of the report templates I can find are complex, and I'm not seeing…

birt fortify sourceanalyser

asked May 18 '18 at 18:13

Ginger McMurray

1,275
2
20
42

1

vote

1 answer

Is it possible to set the properties on the command line for sourceanalyzer?

I'd like to change the scan properties on only one project for our build server. I've found tons of references for what to change in the various fortify ".properties" files, but I don't want to make any changes that will be universal. Is it possible…

fortify sourceanalyser

asked Oct 17 '17 at 22:34

Ginger McMurray

1,275
2
20
42

1

vote

0 answers

(PyCharm) Tool to understand python code

we have a programming project on our college in Python and are using PyCharm. There is already an existing code which we have to understand at the first step. Our project team don't know how to begin analyse the code. Is there a tool for PyCharm…

python view pycharm inspection sourceanalyser

asked Sep 05 '16 at 14:26

user6451039

1

vote

2 answers

Sonar analysis prior to code check in

I need to run Sonar analysis on Java file before committing code to svn. Is there any mechanism to ensure that code having sonar issues doesn't gets checked into svn unless all sonar issues get resolved.

java sonarqube analysis sourceanalyser

asked Jun 15 '16 at 06:43

Sam

21
3

0

votes

3 answers

How to recognize that TypeScript code is generated

I maintain some analysers for C# code and TypeScript code. Those analysers shall skip generated code. In C# it is rather simple because such class has attrribute System.CodeDom.Compiler.GeneratedCode. But how about TypeScript? How can I generically…

typescript code-generation sourceanalyser

asked Feb 28 '22 at 16:58

Tomas Kubes

23,880
18
111
148

0

votes

1 answer

How can I combine Fortify FPRs?

I am trying to combine the fprs from multiple different application scans. I have tried FPRUtility -merge -project foo.fpr -source bar.fpr -f foobar.fpr But that doesn't seem to do the trick. When I generate a report of…

static-analysis fortify sourceanalyser

asked Aug 03 '21 at 20:50

jrobles_e36

1
3

0

votes

1 answer

What is the difference between reportgenerator and BIRTreportgenerator?

Is BIRTreportgenerator just a newer approach to reportgenerator? Or are there differences to what they report and their intended use.

fortify reportgenerator sourceanalyser

asked Sep 22 '20 at 19:24

Leejo

107
2
4
7

0

votes

0 answers

Is reportgenerator in fortify exist some command to filter issue?

to shorten the work time on handling fortify scanning, i am trying to do some automatic bat. now i have some trouble on filtering the issue of scanning result(*.fpr). the command i try is sourceanalyzer -b %FileName% -scan -filter filter.txt…

fortify sourceanalyser

asked May 22 '19 at 11:59

Hsu Amanda

31
1
1
9

0

votes

0 answers

Query analyser to find source code location

Im having trouble debugging/finding the source of a query. Is there a free/open source query analyser software which can connect with PHP to find the source location of a query. (like source location feature described here:…

php mysql debugging stack sourceanalyser

asked Feb 11 '18 at 22:01

rosh3000

309
2
16

0

votes

1 answer

What causes unknown property attribute 'class' with fortify xcodebuild (Objective-C)?

I have an iOS project that I want to run fortify on. Building it with xcodebuild works fine and has for years. Building it with sourceanalyzer xcodebuild fails. Command to build that actually works: xcodebuild Command that fails sourceanalyzer -b…

objective-c xcodebuild sourceanalyser

asked Oct 19 '17 at 17:03

Ginger McMurray

1,275
2
20
42

0

votes

1 answer

Why can't BIRTReportGenerator find my source file?

I'm trying to build a fortify report using BIRTReportGenerator as outlined in the SCA user guide. The scans work fine and generate an fpr file, but when I run the report generator I get the following error. FPR source file not found or not…

android fortify sourceanalyser

asked Oct 18 '17 at 15:11

Ginger McMurray

1,275
2
20
42

Questions tagged [sourceanalyser]