0
我的Java-Maven項目是在Java 1.8中實現的。我已經將我的Maven構建與Fortify SCA集成,通過安裝Fortify並在我的項目的pom.xml中添加依賴項。然而,在掃描過程中,它給了我下面的日誌如何在Fortify SCA中更改Java版本
[INFO] --- sca-maven-plugin:4.30:scan (default-cli) @ projectname ---
[INFO] Packaging -> jar
[INFO] Top-Level Artifact ID -> null
[INFO] Build Label -> projectname-0.1.SNAPSHOT
[INFO] Build Version -> 0.1.SNAPSHOT
[INFO] Build Project Name -> projectname
[INFO] Build ID -> projectname-0.1.SNAPSHOT
[INFO] Results File -> /Users/workspaceneon/projectname/target/projectname-0.1.SNAPSHOT.fpr
[INFO] Location of SCA Executable -> sourceanalyzer
[INFO] Scan Log -> /Users/workspaceneon/projectname/target/sca-scan.log
[INFO] FindBugs Results -> true
[INFO] Fail on Error -> true
[INFO] Upload to SSC -> false
[INFO] Issues will not be tracked and trended without uploading to SSC.
[INFO] *** !! Scanning individual sub-project - projectname !! ***
[INFO] Created output dir /Users/workspaceneon/projectname/target
[INFO] cmd: "/bin/sh -c sourceanalyzer -scan -Xmx800M @/Users/workspaceneon/projectname/target/sca-scan-args.txt"
Fortify Static Code Analyzer 6.30.0086
Fortify Static Code Analyzer 6.30.0086
此外,Java版本據報道
[INFO] Source Version -> 1.6
你可以看到我的Fortify的版本在上面的控制檯日誌。
我覺得Fortify正在掃描我的項目,假設它是一個Java 1.6項目。我的問題是,我怎麼能告訴Fortify將它掃描爲1.8項目,並據此報告錯誤?
非常感謝。這非常有幫助 – PepperBoy