ShiftLeftSecurity / sast-scan

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
https://discord.gg/DCNxzaeUpd
Apache License 2.0
809 stars 111 forks source link

Unable to scan a Jar file using Shared commands #399

Open StevenKitavi opened 1 year ago

StevenKitavi commented 1 year ago

When i follow shared procedure to scan a jar file i get blank reports please assist point to the Jar file command Scan Java project For Java and JVM language-based projects, it is important to compile the projects before invoking sast-scan in the dev and CI workflow.

docker run --rm -e "WORKSPACE=${PWD}" -v ~/.m2:/.m2 -v <source path>:/app shiftleft/scan scan --src /app --type java

It returns an empty report, should the argument <source path>:/app point to the file jar or point to the folder where the Jar file is Because it does not seem to work