Frequent Contributor.. Ed Macke Frequent Contributor..
Frequent Contributor..
5396 views

Fortify 18.20 - Ignores Typescript (.ts) files

Jump to solution

Supposedly, Fortify 18.20 supports Typescript.

But when I run the Scan Wizard, I don't see TypeScript listed as a supported language.
wizard.png

You can see there are typescript files in the same root folder as files that are recognized.

wizard2.png

But it's not just an issue with the Scan Wizard. Even if I simply run SCA from the command prompt, it still doesn't scan the .ts files.

As far as I know, I have nothing specified the excludes my TypeScript files. Nothing on the command line. Nothing I can find in the core properties files.

What do I have to do to get Fortify 18.20 SCA to include and scan .ts source files?

0 Likes
1 Solution

Accepted Solutions
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: Fortify 18.20 - Ignores Typescript (.ts) files

Jump to solution

I finally was able to scan a Typescript project (Angular). Looks like the only way right now is to explicitly tell the analyzer that you want to scan .ts files. This is how I did it:

sourceanalyzer -b <build_id> clean 
sourceanalyzer -b <build_id> <path_to_code_root>/**/*.ts
sourceanalyzer -Xmx14745M -Xms400M -Xss24M -b <build_id> -quick -scan -f results.fpr

Note that in the last step I used the "quick" option and specified some max memory. That's because I'm running this on my laptop. If you want to run the full scan without sacrificing accuracy (not a quick scan), don't use that flag, but make sure you have more than 16 GB of memory available, and you don't have to specify -X** flags.

4 Replies
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: Fortify 18.20 - Ignores Typescript (.ts) files

Jump to solution

Hi Ed,

There is indeed an issue with Scan Wizard not showing the .ts files and I have reported this to our development.team. However, the .ts files should be scanned anyway using Scan Wizard or not. Per the SCA guide, you should also have this property set for the scan:
-Dcom.fortify.sca.Phase0HigherOrder.Languages=javascript,typescript 

Note that Scan Wizard does not currently include this property in the script.

 

0 Likes
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: Fortify 18.20 - Ignores Typescript (.ts) files

Jump to solution

I have included that property, and still the sourceanalyzer does NOT scan any .ts files.

These are the properties I have added so that typescript files are scanned, which according to the documentation are needed, but still no typescript files are scanned:

com.fortify.sca.Phase0HigherOrder.Languages=javascript,typescript  # I have also tried just typescript without success
com.fortify.sca.hoa.Enable=true
com.fortify.sca.EnableDOMModeling=true # docs say is needed 4 AngularJS (using Angular--not sure I need it)

Please tell me how I can scan a Typescript project.

0 Likes
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: Fortify 18.20 - Ignores Typescript (.ts) files

Jump to solution

I finally was able to scan a Typescript project (Angular). Looks like the only way right now is to explicitly tell the analyzer that you want to scan .ts files. This is how I did it:

sourceanalyzer -b <build_id> clean 
sourceanalyzer -b <build_id> <path_to_code_root>/**/*.ts
sourceanalyzer -Xmx14745M -Xms400M -Xss24M -b <build_id> -quick -scan -f results.fpr

Note that in the last step I used the "quick" option and specified some max memory. That's because I'm running this on my laptop. If you want to run the full scan without sacrificing accuracy (not a quick scan), don't use that flag, but make sure you have more than 16 GB of memory available, and you don't have to specify -X** flags.

Raphael Hagi Super Contributor.
Super Contributor.

Re: Fortify 18.20 - Ignores Typescript (.ts) files

Jump to solution
Great tip!! Thank you!

Data, or do not.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.