Scanning a jar
Is it possible to scan a .jar file with SCA. I'm trying to do the following and it's not working.
sourceanalyzer -b iasveo -source 1.6 -show-build-warnings -Dcom.fortify.sca.fileextensions.jar=ARCHIVE "C:\Program Files (x86)\JAD\iasveo-2.1.jar"
TL;DR: No. You need the sources.
Mostly, JARs are used to bundle the binaries/byte code/compiled stuff. Since Fortify is a static code analysis tool, it needs the source code.
For the rare case that you have a JAR, which contains the source code only, you first need to unzip it. Than run the sourceanalyzer from the root folder with a file filter, e.g. in your case something like this:
sourceanalyzer -b iasveo -source 1.6 -show-build-warnings **/*.java