Fortify SCA deleting the source files during translation

I am facing a really wierd issue during translation phase of Fortify source code static analysis. When the translation reaches a particular project it starts deleting the files source files from the disk. All the files in the source directory gets deleted and finally we get the build error saying file not found. I have tried various versions of fortify since 17.2 , 18.2 and 19.2. But all versions gives me the same result.

My source code is in .Net. Has anyone else ever faced such an issue? Does anyone have any suggestions for me? Any help with this is highly appreciated.



  • Really odd for SCA to delete files. It will if
    1] you specify a clean step - but these are the NST files NOT the source code

    2] your build system jas a clean step (generally a good idea) BUT it has generated some source
    In this case it is not Fortify that is deleting it but the clean step. Again, presenting the clean code to Fortify is generally best step.

    Would help to know what build tool you are using. Mvn? Gradle? Make?

    Generic example

    sourceanalyzer -b pants -clean

    sourceanalyzer -b pants <<sca options>> <<put your build command here>>

    That should be the translate done - it should NOT have removed any source files unless the build command tells it to.

    If you were building on Linux you could strace the sourceanalyzer process and see where IT is triggering a delete - but I seriously doubt it is. I have been using SCA since 3.2 for about 12 years and never hit such an issue. So likely it is your build process that removes the files? You could have a unique scenario but I doubt it.

    Start debugging your build first.