gpt4 book ai didi

java - 为什么 Fortify SCA 针对我的项目中不再存在的文件报告问题?

转载 作者:可可西里 更新时间:2023-10-31 23:21:25 24 4
gpt4 key购买 nike

我使用 sca-maven-plugin 为我的项目设置了一个 SCA 扫描设置,它​​是我从源代码构建并安装到我的本地存储库中的。我的构建是通过安装了 Fortify 的服务器上的 TeamCity 构建代理运行的。

运行扫描没有任何问题,我很高兴使用 ReportGenerator 从生成的 .fpr 生成报告。早期的报告表明我有一些来自 PHP 文件的漏洞,这些漏洞被错误地包含在项目(这是一个 Java 项目)中。删除这些文件后,为什么 Fortify 仍然报告这些文件的漏洞,即使它们不再存在于我的项目中?

我已经确认构建代理配置为在检查最新版本之前清理所有源,事实上我可以在服务器本身上看到这些 PHP 文件不再存在,但是报告和 .fpr 仍然报告问题他们。

是否存在我还需要清除的跟踪/趋势持续存在的问题,或者是否还有其他我遗漏的问题?

构建的输出,显示文件确实丢失但仍包含在分析范围内,如下所示:

[07:40:16][com.....myapp:web] [INFO] --- sca-maven-plugin:3.90:scan (default-cli) @ web ---
[07:40:16][com.....myapp:web] [INFO] Packaging -> war
[07:40:16][com.....myapp:web] [INFO] Top-Level Artifact ID -> web
[07:40:16][com.....myapp:web] [INFO] Build Label -> web-2.0.0-SNAPSHOT
[07:40:16][com.....myapp:web] [INFO] Build Version -> 2.0.0-SNAPSHOT
[07:40:16][com.....myapp:web] [INFO] Build Project Name -> web
[07:40:16][com.....myapp:web] [INFO] Build ID -> web-2.0.0-SNAPSHOT
[07:40:16][com.....myapp:web] [INFO] Results File -> C:\...\buildAgent\work\c649372994269e88/myapp.fpr
[07:40:16][com.....myapp:web] [INFO] Location of SCA Executable -> sourceanalyzer
[07:40:16][com.....myapp:web] [INFO] Scan Log -> C:\...\buildAgent\work\c649372994269e88\web\target/sca-scan.log
[07:40:16][com.....myapp:web] [INFO] FindBugs Results -> false
[07:40:16][com.....myapp:web] [INFO] Fail on Error -> false
[07:40:16][com.....myapp:web] [INFO] Upload to SSC -> false
[07:40:16][com.....myapp:web] [INFO] Issues will not be tracked and trended without uploading to SSC.
[07:40:16][com.....myapp:web] [INFO] *** !! Scanning aggregate project - web !! ***
[07:40:16][com.....myapp:web] [INFO] Created output dir C:\...\buildAgent\work\c649372994269e88\web\target
[07:40:16][com.....myapp:web] [INFO] cmd: "cmd.exe /X /C "sourceanalyzer -scan @C:\...\buildAgent\work\c649372994269e88\web\target/sca-scan-args.txt""
[07:40:19][com.....myapp:web] Fortify Static Code Analyzer 6.00.0096
[07:40:25][com.....myapp:web] [error]: File C:/.../buildAgent/work/c649372994269e88/web/target/myapp/WEB-INF/views/components/datatables/media/unit_testing/templates/dom_data_th.php not found
[07:40:25][com.....myapp:web] [error]: File C:/.../buildAgent/work/c649372994269e88/web/target/myapp/WEB-INF/views/components/datatables/media/unit_testing/controller.php not found
[07:40:25][com.....myapp:web] [error]: File C:/.../buildAgent/work/c649372994269e88/web/target/myapp/WEB-INF/views/components/datatables/media/unit_testing/performance/large.php not found
[07:40:25][com.....myapp:web] [error]: File C:/.../buildAgent/work/c649372994269e88/web/target/myapp/WEB-INF/views/components/datatables/media/unit_testing/templates/-complex_header.php not found
[07:40:25][com.....myapp:web] [error]: File C:/.../buildAgent/work/c649372994269e88/web/target/myapp/WEB-INF/views/components/datatables/media/unit_testing/templates/2512.php not found
[07:40:25][com.....myapp:web] [error]: File C:/.../buildAgent/work/c649372994269e88/web/target/myapp/WEB-INF/views/components/datatables/media/unit_testing/templates/6776.php not found
[07:40:25][com.....myapp:web] [error]: File C:/.../buildAgent/work/c649372994269e88/web/target/myapp/WEB-INF/views/components/datatables/media/unit_testing/templates/complex_header_2.php not found
[07:40:25][com.....myapp:web] [error]: File C:/.../buildAgent/work/c649372994269e88/web/target/myapp/WEB-INF/views/components/datatables/media/unit_testing/templates/deferred_table.php not found
[07:40:25][com.....myapp:web] [error]: File C:/.../buildAgent/work/c649372994269e88/web/target/myapp/WEB-INF/views/components/datatables/media/unit_testing/templates/dom_data.php not found

最佳答案

SCA 正在使用构建缓存。你也应该用

sourceanalyzer -b buildID -clean

命令。当然,您可以通过调用 sca-maven-plugin:clean 目标或将 sca-maven-plugin:clean 目标附加到 maven 阶段“clean”并调用 clean 目标来使用 maven 插件来完成此操作。

运行时要小心。它将删除第一次扫描创建的所有现有文件。

关于java - 为什么 Fortify SCA 针对我的项目中不再存在的文件报告问题?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/19448704/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com