Monday, July 21, 2014

Unrecognized or invalid command line argument '-disable-sourcerendering'

If you are seeing the following error while scanning your projects using Fortify Maven plugin, there is a simple fix.

[error]: Unrecognized or invalid command line argument '-disable-sourcerendering'
Fortify Static Code Analyzer
Copyright (c) 2003-2013 Fortify Software

For command-line help, type 'sourceanalyzer -h'

[ERROR] Error invoking sourceanalyzer. Exit code: 1.
Verify your project settings and your SCA installation.

Open the file, and replace the following code:

If (!renderSources) {

With the following lines

If (!renderSources) {

Recompile, package, and install using:

mvn compile package install.

And rerun your scans.


  1. I ran into many issues reported by Fortify not applicable to our project merely because we are using Java 7 and later versions to run our java software. One example of this is "Denial of Service : Parse Double " violation reported in code. The description of this violation says that it is not applicable to Java 7. In this case we are eager to allow Fortify to suppress all violations not applicable to Java 7+ versions. How can we do this ? I tried passing but that did not help. Thanks

  2. You should be able to create a custom rule for this. Fortify has a rule editor which you can use.

  3. Thanks so much for this tip. I was getting rather frustrated with this one. Much appreciated.