Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
When i follow shared procedure to scan a jar file i get blank reports please assist point to the Jar file command
Scan Java project
For Java and JVM language-based projects, it is important to compile the projects before invoking sast-scan in the dev and CI workflow.
It returns an empty report, should the argument <source path>:/app point to the file jar or point to the folder where the Jar file is
Because it does not seem to work
When i follow shared procedure to scan a jar file i get blank reports please assist point to the Jar file command Scan Java project For Java and JVM language-based projects, it is important to compile the projects before invoking sast-scan in the dev and CI workflow.
docker run --rm -e "WORKSPACE=${PWD}" -v ~/.m2:/.m2 -v <source path>:/app shiftleft/scan scan --src /app --type javaIt returns an empty report, should the argument
<source path>:/apppoint to the file jar or point to the folder where the Jar file is Because it does not seem to work