Azure DevOps Extension 8.6.6 and 8.7.1 Error - Failed cp: cp: dest is not a directory (too many sources)

All of our Fortify ADO pipeline tasks started failing with the following error after the recent updates to version 8.6.6 and 8.7.1 of the FortifySCA@7 extension.

2022-07-25T13:29:03.4956295Z ##[section]Starting: Running/Publishing Fortify Scan on XXXXXX
2022-07-25T13:29:03.5339704Z ==============================================================================
2022-07-25T13:29:03.5340102Z Task         : Fortify Static Code Analyzer Assessment
2022-07-25T13:29:03.5340382Z Description  : Run Fortify Static Code Analyzer
2022-07-25T13:29:03.5340626Z Version      : 7.2.2
2022-07-25T13:29:03.5340854Z Author       : Micro Focus
2022-07-25T13:29:03.5341059Z Help         : 
2022-07-25T13:29:03.5341327Z ==============================================================================
2022-07-25T13:29:04.2889058Z Copying license C:\fortify\fortify.license to C:\Program Files\Fortify\Fortify_SCA_and_Apps_19.2.0\fortify.license
2022-07-25T13:29:04.2955161Z cp: dest is not a directory (too many sources)
2022-07-25T13:29:04.3007896Z ##[error]Failed cp: cp: dest is not a directory (too many sources)
2022-07-25T13:29:04.3199956Z ##[section]Finishing: Running/Publishing Fortify Scan on  XXXXXX


Anyone else experiencing issues with this update and/or have suggested fixes/workarounds?
  • We are currently experiencing this issue with our on premise DevOps as well.  We haven't identified any workaround yet, but management has submitted a ticket with Micro Focus to get it on their radar.

  • Same issue here as well. The workaround for us was to leave the 'Fortify SCA license file' field blank to prevent the Fortify task from trying to copy the license file. This works for us because we run the scans on on premise servers and the license file is already in the directory.

    If you need to copy the the license file every time the task runs you could try doing it with a separate pipeline task that runs just before the Fortify scan task (and leave the field blank in the Fortify task).

  • Thank you for the work around. That error went away but now Fortify returns a "No rules file found" error. This was working before the recent update so I'm not sure what to do. I tried reuploading the rules but it still returns the same error whenever I attempt a scan...

  • I haven't seen this error in our environment but I can think of some things to try:

    • On the build/scan server, go to your Fortify directory (C:\Program Files\Fortify\Fortify_SCA_and_Apps_[version]\bin\) and try running fortifyupdate.cmd. This should update the rules in [fortify dir]\Core\config\rules.
    • Check the PATH variable and make sure there is only one entry pointing to the latest Fortify bin directory and another one to its /jre/bin directory. If there are entries pointing to older versions, delete them.
    • If you have recently updated Fortify and installed it into the default directory (with the version number), restart the build agent or the build server to make the agent aware of the new paths.

    Good luck!

  • We just released, July 26, 2022, version 8.8.2 of the Fortify Azure DevOps Extension that should fix this. It addresses the following two issues:

  • Thank you for the update. The original issue seems to be resolved now. However, now the error is "No rules files found".  I can see the rules in the SSC and I even reloaded them from our local file system but no joy. The error remains....