gpt4 book ai didi

java - 如何使用 Synopsys detect 扫描 Java Maven 项目

转载 作者:行者123 更新时间:2023-12-04 15:30:51 25 4
gpt4 key购买 nike

我的任务是了解 blackduck 的工作原理以及它如何用于扫描基于 Maven 的 Java 项目。到目前为止,据我所知,最好的方法是为此使用 Synopsys detect。因此,我创建了一个 application.properties 文件并尝试扫描一个基于 Maven 的项目。问题是,它什么都不做。我错过了什么?

这是我的 application.properties:

blackduck.url=xxx
detect.project.name=MyProject
blackduck.api.token=xxx
detect.test.connection=true
blackduck.trust.cert=true
detect.bash.path=/usr/bin/bash
detect.bdio.output.path=output
detect.output.path=output
detect.java.path=/usr/bin/java
detect.maven.path=/usr/bin/mvn
#detect.cleanup=false
detect.required.detector.types=MAVEN
detect.notices.report=true
logging.level.com.synopsys.integration=DEBUG
detect.source.path=/ap
detect.tools=SIGNATURE_SCAN,BINARY_SCAN
detect.detector.search.depth=5

输出如下:

Detect Shell Script 2.3.0                                                                                                                                                                   
Will look for : https://sig-repo.synopsys.com/bds-integrations-release/com/synopsys/integration/synopsys-detect/6.2.1/synopsys-detect-6.2.1.jar
You have already downloaded the latest file, so the local file will be used.
Java Source: PATH
running Detect: "java" -jar "/tmp/synopsys-detect-6.2.1.jar"
______ _ _
| _ \ | | | |
| | | |___| |_ ___ ___| |_
| | | / _ \ __/ _ \/ __| __|
| |/ / __/ || __/ (__| |_
|___/ \___|\__\___|\___|\__|

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.codehaus.groovy.reflection.CachedClass (jar:file:/tmp/synopsys-detect-6.2.1.jar!/BOOT-INF/lib/groovy-all-2.4.12.jar!/) to method java.lang.Object.
WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.reflection.CachedClass
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
2020-04-17 07:44:02 DEBUG [main] --- Initializing detect.
2020-04-17 07:44:02 DEBUG [main] --- You seem to be running in a LINUX operating system.
2020-04-17 07:44:02 DEBUG [main] --- Detect boot begin.

Detect Version: 6.2.1

2020-04-17 07:44:03 DEBUG [main] --- Configuration processed completely.
2020-04-17 07:44:03 INFO [main] ---
2020-04-17 07:44:03 INFO [main] --- Current property values:
2020-04-17 07:44:03 INFO [main] --- --property = value [notes]
2020-04-17 07:44:03 INFO [main] --- ------------------------------------------------------------
2020-04-17 07:44:03 INFO [main] --- blackduck.api.token = **************************************************************************************************** [applicationConfig: [file:./
]

2020-04-17 07:44:03 INFO [main] --- blackduck.trust.cert = true [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- blackduck.url = xxx [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.bash.path = /usr/bin/bash [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.bdio.output.path = output [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.detector.search.depth = 5 [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.java.path = /usr/bin/java [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.maven.build.command = clean install [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.maven.path = /usr/bin/mvn [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.notices.report = true [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.output.path = output [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.project.name = MyProject [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.required.detector.types = MAVEN [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.source.path = /app [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.test.connection = true [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- detect.tools = SIGNATURE_SCAN,BINARY_SCAN [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- logging.level.com.synopsys.integration = DEBUG [applicationConfig: [file:./application.properties]]
2020-04-17 07:44:03 INFO [main] --- ------------------------------------------------------------
2020-04-17 07:44:03 INFO [main] ---
2020-04-17 07:44:03 DEBUG [main] --- Initializing Detect.
2020-04-17 07:44:03 INFO [main] --- Tilde's will be automatically resolved to USER HOME.
2020-04-17 07:44:03 INFO [main] --- Source directory: /app
2020-04-17 07:44:03 INFO [main] --- Output directory: /app/output
2020-04-17 07:44:03 INFO [main] --- Run directory: /app/output/runs/2020-04-17-07-44-02-908
2020-04-17 07:44:03 DEBUG [main] --- Main boot completed. Deciding what Detect should do.
2020-04-17 07:44:03 INFO [main] ---
2020-04-17 07:44:03 DEBUG [main] --- Black Duck will run: A Black Duck url was found.
2020-04-17 07:44:03 DEBUG [main] --- Polaris will NOT run because it is excluded.
2020-04-17 07:44:03 DEBUG [main] --- Decided what products will be run. Starting product boot.
2020-04-17 07:44:03 DEBUG [main] --- Detect product boot start.
2020-04-17 07:44:03 DEBUG [main] --- Will boot Black Duck product.
2020-04-17 07:44:04 DEBUG [main] --- Detect will check communication with the Black Duck server.
2020-04-17 07:44:04 INFO [main] --- Connection to the Black Duck server was successful.
2020-04-17 07:44:04 WARN [main] --- Automatically trusting server certificates - not recommended for production use.
2020-04-17 07:44:05 INFO [main] --- Successfully connected to Black Duck (version 2019.6.0)!
2020-04-17 07:44:06 DEBUG [main] --- Connected as: xxx
2020-04-17 07:44:06 DEBUG [main] --- Roles: BOM Manager, Project Manager, Policy Violation Reviewer, Project Code Scanner, Security Manager, Project Viewer
2020-04-17 07:44:06 DEBUG [main] --- Group:
2020-04-17 07:44:06 DEBUG [main] --- Test Connection to Black Duck is set to 'true' so Detect will not run.
2020-04-17 07:44:06 INFO [main] --- No products to run, Detect is complete.
2020-04-17 07:44:06 DEBUG [main] --- Detect boot completed.
2020-04-17 07:44:06 DEBUG [main] --- Detect will NOT attempt to run.
2020-04-17 07:44:06 INFO [main] --- Creating status file: output/runs/2020-04-17-07-44-02-908/status/status.json
2020-04-17 07:44:06 DEBUG [main] --- Detect shutdown begin.
2020-04-17 07:44:06 DEBUG [main] --- Detect will cleanup.
2020-04-17 07:44:06 DEBUG [main] --- Cleaning up directory: /app/output/runs/2020-04-17-07-44-02-908
2020-04-17 07:44:06 DEBUG [main] --- Cleaning up: /app/output/runs/2020-04-17-07-44-02-908/status
2020-04-17 07:44:06 INFO [main] --- Cleaning up directory: /app/output/runs/2020-04-17-07-44-02-908
2020-04-17 07:44:06 DEBUG [main] --- Detect shutdown completed.
2020-04-17 07:44:06 DEBUG [main] --- All Detect actions completed.
2020-04-17 07:44:06 INFO [main] ---
2020-04-17 07:44:06 INFO [main] ---
2020-04-17 07:44:06 INFO [main] --- ======== Detect Status ========
2020-04-17 07:44:06 INFO [main] ---
2020-04-17 07:44:06 INFO [main] --- Overall Status: SUCCESS
2020-04-17 07:44:06 INFO [main] ---
2020-04-17 07:44:06 INFO [main] --- ===============================
2020-04-17 07:44:06 INFO [main] ---
2020-04-17 07:44:06 INFO [main] --- Detect duration: 00h 00m 04s 065ms
Result code of 0, exiting

最佳答案

好吧,经过多次试验和错误后,我发现我误解了 detect.test.connection=true 参数。它不只是在扫描之前测试与 blackduck 的连接(这是我的理解),而是将检测设置为一种试运行,这样它就不会执行和检测器等。因此省略参数解决了我的问题。

关于java - 如何使用 Synopsys detect 扫描 Java Maven 项目,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61266695/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com