gp1988 Trusted Contributor.
Trusted Contributor.
8028 views

How SCA counts Lines Of Codes ?

Jump to solution

Is there an article it is possible to study how Fortify counts the number of Lines of Code ? I am doing an integration between Fortify and Sonarqube and Fortify LOCs is different than Sonar LOCs.

Thanks in advance,

Best Regards

Tags (3)
0 Likes
1 Solution

Accepted Solutions
mlacasse Super Contributor.
Super Contributor.

Re: How SCA counts Lines Of Codes ?

Jump to solution

Hi,

Total LOC is counted by third party step counter tool, and Executable LOC is counted by SCA itself. SCA only count executable code and it doesn't contains the following code elements.

- blank line
- comment
- brace {}
- import statement
- annotation
- #define, #include
- HTML
- data definition langauge directive

Thank you

Mark LaCasse
Fortify Customer Support
Micro Focus

 

3 Replies
mlacasse Super Contributor.
Super Contributor.

Re: How SCA counts Lines Of Codes ?

Jump to solution

Hi,

Total LOC is counted by third party step counter tool, and Executable LOC is counted by SCA itself. SCA only count executable code and it doesn't contains the following code elements.

- blank line
- comment
- brace {}
- import statement
- annotation
- #define, #include
- HTML
- data definition langauge directive

Thank you

Mark LaCasse
Fortify Customer Support
Micro Focus

 

gp1988 Trusted Contributor.
Trusted Contributor.

Re: How SCA counts Lines Of Codes ?

Jump to solution

Thanks very much!

Could you tell me if SCA analyzes also comments even if it does not include them in Executable LOCs? For example information disclosure in client-side Javascript comments could give information about database structures, or passwords. 

Thanks again! 

0 Likes
mlacasse Super Contributor.
Super Contributor.

Re: How SCA counts Lines Of Codes ?

Jump to solution

Yes, SCA will be analyzing the comments for key information like passwords and will flag this. 

Thank you

Mark LaCasse
Fortify Customer Support
Micro Focus

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.