New Member..
New Member..

Cloudscan combine scan multiple build ids

I am using Fortify 17.10

By doing the scan as below, I am able to combine and scan multiple build ids.

sourceanalyzer -b mysqlibuild -b hotelbuild -scan -f results.fpr


However If I do the following with cloudscan, only mysqlibuild gets scanned:

cloudscan.bat -sscurl http://win-gyie1d8a225:8080/ssc -ssctoken xxxxxxxx-xxxx-43cf-a085-36703ae1e3c5 start -upload -versionid 10005 -uptoken xxxxxxxx-xxxx-43be-9e5f-969cdc35eff5 -b mysqlibuild -b hotelbuild -scan


How do I combine and scan multiple build ids with cloudscan?

Labels (1)
1 Reply
Valued Contributor.. Valued Contributor..
Valued Contributor..

cloudscan did not support scanning with multiple mbs. We ended up using Jenkins.

cloudscan has since added support for weighted pools but am not sure which version it will be supported from.

The approaches to scan are mentioned in https://community.softwaregrp.com/t5/Protect-Your-Assets/SCA-Various-approaches-for-including-dependency-source-code/bc-p/1497813#M1399

There will new few differences in results when scanning the project with sources as one MBS versus scanning with multiple MBS files.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.