Best Way to Scan a Java Project using only Ant (no Maven)

We get a lot of Java projects that use Ant as their build tool. These projects however, do not use Maven. I'm looking for guidance on the best way to scan these projects. Would using ScanCentral - SAST with "-bt none" work better than a local SCA scan with or without build integration. There are several choices and each returns very different results. What is the best scanning procedure for the cases? 

Thanks!

Parents
  • Bueller? Bueller?? Bueller???

    Does anyone else scan Java applications that uses Ant, but does not use Maven? If so, how do you perform a static scan on these applications? (ScanCentral - SAST, SCA with/without build integration, etc.)

  • Verified Answer

    ScanCentral does not support Ant but SCA does, you have to use ant with SourceAnalyzer as argument, build file name (optional if build.xml is used)  or you can also use ScanWizard and select ant as build tool. Ex -

    sourceanalyzer -b buildid ant -file build.xml

    Best Regards,

    Vikas Johari

    Technical Enablement Lead,
    Solutions Development, Enablement, and Education Services

Reply
  • Verified Answer

    ScanCentral does not support Ant but SCA does, you have to use ant with SourceAnalyzer as argument, build file name (optional if build.xml is used)  or you can also use ScanWizard and select ant as build tool. Ex -

    sourceanalyzer -b buildid ant -file build.xml

    Best Regards,

    Vikas Johari

    Technical Enablement Lead,
    Solutions Development, Enablement, and Education Services

Children