Monday, July 21, 2014

Unrecognized or invalid command line argument '-disable-sourcerendering'


If you are seeing the following error while scanning your projects using Fortify Maven plugin, there is a simple fix.

[error]: Unrecognized or invalid command line argument '-disable-sourcerendering'
Fortify Static Code Analyzer 5.16.0.0042
Copyright (c) 2003-2013 Fortify Software

For command-line help, type 'sourceanalyzer -h'

[ERROR] Error invoking sourceanalyzer. Exit code: 1.
Verify your project settings and your SCA installation.

Open the file com.fortify.ps.maven.plugin.sca.ScanMojo.java, and replace the following code:

com.fortify.ps.maven.plugin.sca.ScanMojo

If (!renderSources) {
addArg(“-disable-sourcerendering");
}

With the following lines

If (!renderSources) {
addArg(“-disable-source-rendering");
}

Recompile, package, and install using:

mvn compile package install.

And rerun your scans.