Static Code analysis for different types of configuration file
Storing a password in a configuration file is very common practice followed by developer. The properties file used by developer can be various format.
By default fortify SCA is configured with below values
com.fortify.sca.fileextensions.properties = JAVA_PROPERTIES
com.fortify.sca.fileextensions.ini = JAVA_PROPERTIES
Does anyone know the mapping for file types with extension .json, .conf, .local , .yaml? Surprisingly, some of the configuration file don't have extensions. How do we make sure Fortify SCA will scan these files?