We're using FortiFY 4.21 version on linux platform for Java Projects.
Yesterday we've scanned for one project, which contains 1019 files, and it has taken almost 3 hours to complete.
i gave "-Xmx16G" since this machine has a 24 GB Ram, and other than FortiFy no other application is running on this machine.
Today on the same project, i've ran again but by excluding "HPE Security Fortify Secure Coding Rules. Extended JavaScript" from Configure RulesPack.
With this, the scan is went to 63% in an hour but it remains the same even after 6 hours. So How i can know what was the issue. How we can see on which stage it was stopped or how to see the Logs etc.
Please help.
Usually this happens because of various reasons and memory issue is one of them, can you please check fortify log if you see any heap space error then you need to increase memory size. (btw fortify 4.21 has improved memory management , you can use multiple workers for parallel scan for faster scanning)
to check log...
go to Fortify installation folder core\config\fortify.properties and see the value of com.fortify.WorkingDirectory , that will be your fortify root folder path in your machine.
go to the \Fortify\sca6.21\log\sca.log to view the scan log.
once you open the log file , check if translation is successfully completed or not , or issue is there in scan phase ?
you can manually generate log in different location by adding flag -logfile in both translation and scan phase.
Hope this helps ....