Highlighted
Jason F
New Member.
921 views

Audit Workbench advanced scan does not exclude folders I tell it to

I am new to Fortify, but even reading the documentation and other questions I still can not find a solution for this problem.  The app I am testing is a .Net/Angular 6 app that has a library of js extensions of which only a few are even used.  I want to exclude the folder as it takes hours to scan mostly never used code.  I see the exclude tags do appear in the Translation commands, but the scan insists on running them anyway.  

I saw another user had the exclude work after adding –Dcom.fortify.sca.follow.imports=false, but still is not working for me on Audit Workbench.  Please let me know if I am doing anything wrong.

Here is the commands it shows at start

-b "<project>" -clean

 

"-b"
"<project>"
"-machine-output"
"-exclude"
"<Path to folder 1 to exclude>"
"-exclude"
"<Path to folder 2 to exclude>"
"<project path>"

 

"-b"
"<project>"
"-machine-output"
"-format"
"fpr"
"-f"
"<fpr path>"

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.