gradle - SCA 和 gradle 包装器集成
问题描述
注意到我可以在文档中使用 gradle 和 SCA
sourceanalyzer -b build gradle clean build
但是我正在尝试使用包装器,但我不断收到 sourceanalyzer error=2 ...
>>>>>>>sourceanalyzer -b buildxyz ./gradlew clean build
starting init script
TaskListener registered.
Configuration on demand is an incubating feature.
> Task :clean
FAILURE: Build failed with an exception.
* Where:
Initialization script '/Users/.../.fortify/sca17.2/build/buildxyz/init-script4841163810233991317.gradle' line: 203
* What went wrong:
java.io.IOException: Cannot run program "sourceanalyzer": error=2, No such file or directory
> Cannot run program "sourceanalyzer": error=2, No such file or directory
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
Deprecated Gradle features were used in this build, making it incompatible with Gradle 5.0.
See https://docs.gradle.org/4.8.1/userguide/command_line_interface.html#sec:command_line_warnings
即使只是使用 gradle,我也会得到一个不同的错误......
>>>>>>>sourceanalyzer -b buildxyz gradle clean build
[warning]: File clean not found
解决方案
我使用 Fortify & gradle 的三步过程:
干净的
sourceanalyzer -b ${SEC_REPORT_NAME} -verbose -clean
建造
sourceanalyzer -b ${SEC_REPORT_NAME} -gradle -verbose gradle -Dorg.gradle.java.home=/opt/jdk8 ${SEC_BUILD_TARGETS}
扫描
sourceanalyzer -b ${SEC_REPORT_NAME} -verbose -scan -f ${SEC_TARGET}/${SEC_REPORT_NAME}.fpr
应用程序报告 ID在哪里${SEC_REPORT_NAME}
- 每个步骤都应该相同
${SEC_BUILD_TARGETS}
是 gradle 的标准构建目标(“干净构建”)
${SEC_TARGET}
是输出目录
推荐阅读
- elasticsearch - 用于索引数组元素的 Elasticsearch
- java - spring如何在不传递参数的情况下实例化@Autowired构造函数
- sql-server - 无法通过从备份还原创建具有新名称的数据库副本:“数据库正在使用中”
- angular - Firebase:云Firestore规则:权限被拒绝
- javascript - 将点击事件绑定到动态生成的内容(Angular 4)
- c# - Ical.net 在 .net 和 c# 中查看日历中的事件数据
- php - php exec('alpr') 返回一个安装了 openALPR 的空数组
- origen-sdk - 编译器可以避免重新加载目标吗?
- python - 如何调用名称以数字分隔的函数?从 t1 到 t20 的示例调用函数 - Python?
- drupal-7 - 革命滑块 Drupal 仅在我以管理员身份登录时工作