Cadet 3rd Class
Cadet 3rd Class
182 views

Upload file failed with missing required option f

Running fortify scan on gitlab pipeline. I used the following commands in my script. It runs until the last step and then it throws an error that reads "Missing required option: f" and the job is terminated. Can someone help me understand what's wrong in my code? And what does option f mean?

$ fortifyupdate
$ export OPTS="-Dcom.fortify.sca.EnableDOMModeling=true -Dcom.fortify.hoa.Enable=true -Dcom.fortify.sca.Phase0HigherOrder.Languages=javascript,typescript"
$ mkdir fortify-scan-results
$ fortifyupdate
$ sourceanalyzer -b ${FORTIFY_BUILD_ID} -clean ${OPTS}
$ sourceanalyzer -b ${FORTIFY_BUILD_ID} src/**/*.ts -exclude src/**/*.spec.ts ${OPTS}
$ sourceanalyzer -b ${FORTIFY_BUILD_ID} -build-label ${CI_COMMIT_SHA} -export-build-session fortify-scan-results/${FORTIFY_BUILD_ID}@${CI_COMMIT_SHA}.mbs ${OPTS}
$ sourceanalyzer -Xmx4G -Xms2G -b ${FORTIFY_BUILD_ID} -scan -f ${CI_PROJECT_NAME}.fpr ${OPTS}
$ fortifyclient uploadFPR ‑url ${my_URL} ‑authtoken ${FORTIFY_TOKEN} ‑file ${CI_PROJECT_NAME}.fpr -application ${CI_PROJECT_NAME} -version ${APP_VERSION}

 

 

0 Likes
1 Reply
Vice Admiral Vice Admiral
Vice Admiral

I believe -file and -f are interchangeable and refer to the FPR file you are uploading via the fortifyclient uploadFPR command, perhaps try changing the last command to:

$ fortifyclient uploadFPR ‑url ${my_URL} ‑authtoken ${FORTIFY_TOKEN} ‑f ${CI_PROJECT_NAME}.fpr -application ${CI_PROJECT_NAME} -version ${APP_VERSION}

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.