Monday, July 21, 2014

Unrecognized or invalid command line argument '-disable-sourcerendering'


If you are seeing the following error while scanning your projects using Fortify Maven plugin, there is a simple fix.

[error]: Unrecognized or invalid command line argument '-disable-sourcerendering'
Fortify Static Code Analyzer 5.16.0.0042
Copyright (c) 2003-2013 Fortify Software

For command-line help, type 'sourceanalyzer -h'

[ERROR] Error invoking sourceanalyzer. Exit code: 1.
Verify your project settings and your SCA installation.

Open the file com.fortify.ps.maven.plugin.sca.ScanMojo.java, and replace the following code:

com.fortify.ps.maven.plugin.sca.ScanMojo

If (!renderSources) {
addArg(“-disable-sourcerendering");
}

With the following lines

If (!renderSources) {
addArg(“-disable-source-rendering");
}

Recompile, package, and install using:

 mvn compile package install.

 And rerun your scans.

3 comments:

  1. AnonymousAugust 20, 2014 at 6:01 PM

    I ran into many issues reported by Fortify not applicable to our project merely because we are using Java 7 and later versions to run our java software. One example of this is "Denial of Service : Parse Double " violation reported in code. The description of this violation says that it is not applicable to Java 7. In this case we are eager to allow Fortify to suppress all violations not applicable to Java 7+ versions. How can we do this ? I tried passing -Dfortify.sca.source.version=1.7 but that did not help. Thanks

    ReplyDelete
  2. Meera SubbaraoAugust 27, 2014 at 2:41 PM

    You should be able to create a custom rule for this. Fortify has a rule editor which you can use.

    ReplyDelete
  3. AnonymousSeptember 16, 2014 at 9:06 AM

    Thanks so much for this tip. I was getting rather frustrated with this one. Much appreciated.

    ReplyDelete

Subscribe to: Post Comments (Atom)