Fortify includes generated-sources in analysis

1.7k Views Asked by techalfie At 10 April 2025 at 16:58

Is there a way to exclude generated-sources out of Fortify scan? I tried sourcepath option mentioned in the guide but it never seem to work for me.

-Dfortify.sca.sourcepath="**/target/generated-sources/**/*.java" or

-Dfortify.sca.sourcepath="**/target/generated-sources/**"

Both the above options ended up with the below warning

[WARNING] Bad value provided for option -sourcepath.

Original Q&A

There are 1 best solutions below

bvamos On 23 October 2013 at 08:21

Do not add ** to sourcepath, specify the directories instead:

-Dfortify.sca.sourcepath="module1/target/generated-sources" -Dfortify.sca.sourcepath="module2/target/generated-sources"

If you are using sourceanalyzer you can add the -exclude parameter, with this you can use wildchars, like

-exclude module1/target/generated-sources/**/*.java

Fortify includes generated-sources in analysis

There are 1 best solutions below

Related Questions in JAVA

Related Questions in FORTIFY

Trending Questions

Popular # Hahtags

Popular Questions