Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Respected Contributor.. JuliaVII Respected Contributor..
Respected Contributor..
3755 views

Scanning NodeJS support on 18.20: How does it works?

Hello guys. I recently updated the whole Fortify pack from 18.10 to 18.20 because of the anouncement on the 'What's new' docs talking about new NodeJS support. We have a few projects in Node that have been a nightmare to perform scans, but we got used to them. 

After just updating i noticed that documentation SCA guide does not tells anything about scanning node. Okay... 

The scans ive already configured for node projects did not showed any signs of problem, except when audited the results, as it was dropped the file/lines number considerably, what looked like a big red flag that something was wrong.

But looking the result closely it seems to be right on the result. Still, need to look closely. 

My question is: What was really done about nodeJS on 18.20?

0 Likes
2 Replies
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: Scanning NodeJS support on 18.20: How does it works?

Node.js falls under the Translating JavaScript Technologies section of the Fortify Static Code Analyzer user guide. Scanning node.js should be the same as any other JavaScript project. Be sure to set the following property to include javascript for the scan phase: -Dcom.fortify.sca.Phase0HigherOrder.Languages=javascript

I hope that helps.

0 Likes
Respected Contributor.. JuliaVII Respected Contributor..
Respected Contributor..

Re: Scanning NodeJS support on 18.20: How does it works?

Thanks for answering Karene! 

I already scan the project using this configuration default for JS since 2 version ago and it works okay like, JS is JS. 

My question was about what changes this NodeJS support brought to us, because i see nothing on documentation. However scanning the project was much faster and drop the file/line of code counting like from 4k to 350. 

Is this a result from the nodeJS support? It is now handling libraries properly and this is the result? 

Thanks

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.