How to scan Java files only in HP Fortify Audit Workbench 16.10

Recently I needed to run a Fortify scan on a project with several modules. I was told to scan only Java files (*.java) but with the constraint that this files should not be the ones inside test directories (*test*).

After doing some research and reading the documentation I came up with the following command:

"-b"
"SiryProject"
"-machine-output"
"-source"
"1.8"
"C:MyProjectsSiryProject**srcmainjava***.java"

It is very simple, you are basically telling Fortify to scan all Java whose file path contains srcmainjava and are inside C:MyProjectsSiryProject.

I know it could be a little complex to understand but once you get it, it comes in handy for future scans, I always use the Audit Workbench to run my scans, so I set this command in the Advance Static Analysis dialog, right after selecting the project folder:

After this, you just have to wait until the scan is completed. For more information you can read page 44 on the user guide provided below.

Sources:

• GHOST_URL/content/files/2022/03/HP_Fortify_SCA_User_Guide.pdf