我目前正在使用 HP Fortify 工具扫描项目中的安全漏洞。在扫描 Fortify 的 CLI 时,允许构建工具集成到其 CLI 命令中,以便构建并同时扫描项目中存在的文件。我正在使用以下命令:
sourceanalyzer -b mcapbookvalue -gradle -verbose ./gradlew -x test --console=verbose -debug --continue assemble
但构建陷入困境:
2020-01-14T12:31:39.836-0500 [DEBUG] [org.gradle.cache.internal.DefaultFileLockManager] Lock acquired on daemon addresses registry.[0K
2020-01-14T12:31:39.836-0500 [DEBUG] [org.gradle.cache.internal.DefaultFileLockManager] Releasing lock on daemon addresses registry.
2020-01-14T12:31:39.836-0500 [DEBUG] [org.gradle.cache.internal.DefaultFileLockManager] Waiting to acquire shared lock on daemon addresses registry.
2020-01-14T12:31:39.836-0500 [DEBUG] [org.gradle.cache.internal.DefaultFileLockManager] Lock acquired on daemon addresses registry.
2020-01-14T12:31:39.836-0500 [DEBUG] [org.gradle.cache.internal.DefaultFileLockManager] Releasing lock on daemon addresses registry.
如果我在不使用 Fortify 的集成命令的情况下构建项目,则构建成功,仅使用:
./gradlew -x test --console=verbose -debug --continue …