Hello,
I am facing an issue when using Fortify Static Code Analyzer (SCA) with a Gradle project. Below are the steps I followed and the error encountered:
Steps Taken:
-
Running Gradle without Fortify:
./gradlew build
Output:
> Task :app:lintReportDebug Wrote HTML report to file:///path/to/project/app/build/reports/lint-results-debug.html BUILD SUCCESSFUL in 7s 85 actionable tasks: 85 executed
The build completed successfully without any errors.
-
Running Gradle with Fortify SCA:
sourceanalyzer -b android ./gradlew build
Output:
> Task :app:compileDebugKotlin FAILED FAILURE: Build failed with an exception. * Where: Initialization script '/Users/username/.fortify/sca23.1/build/android/init-script123456.gradle' line: 103 * What went wrong: Execution failed for task ':app:compileDebugKotlin'. > Could not find method getClasspath() for arguments [] on task ':app:compileDebugKotlin' of type org.jetbrains.kotlin.gradle.tasks.KotlinCompile. * Try: > Run with --stacktrace option to get the stack trace. > Run with --info or --debug option to get more log output. > Run with --scan to get full insights. * Get more help at https://help.gradle.org BUILD FAILED in 586ms 12 actionable tasks: 12 executed
Issue Description:
When running ./gradlew build
without Fortify, the build completes without any issues. However, when using sourceanalyzer
with the same command, the :app:compileDebugKotlin
task fails due to a problem with the getClasspath()
method in the initialization script generated by Fortify.
Additional Context:
This example is with an app created from scratch in Android Studio with the default build.gradle
files.
Request for Assistance:
- How can I resolve the
getClasspath()
method issue in Fortify's initialization script? - Is there any additional configuration needed to ensure Fortify SCA works correctly with my Gradle project?
Thank you in advance for any help or guidance you can provide.