Closed MattFaz closed 5 months ago
@MattFaz , this is working as designed. scanner run dfa
performs graph-based analysis, and the graph must contain all the code in the codebase, not just the files you included in --target
, otherwise it can't conduct its analysis properly. If you specify --projectdir
, the directory you specify will be used to build the graph. Otherwise, we'll dynamically determine one based on a few different attributes.
Regardless, we recommend that you simply remove the unreachable code, as that will resolve the problem.
Hi @jfeingold35 ,
Thanks for the response, that makes sense.
Given that it must contain all the codebase, what is the purpose of --target
then? I must be confused about its functionality.
Description:
When running the following command:
sf scanner run dfa --target "force-app/main/default/classes/ActionItemTriggerHandler.cls,force-app/main/default/classes/ActionItemTriggerHandlerUtility.cls" -f sarif -o dfa-results.sarif
the scanner is running on files that are not included in the--target
.As an example the above gives me:
That
AccountStructure.cls
file is not part of the classes passed into--target
.Expected Behavior:
Only the 2 classes provided in the example are scanned.
Desktop:
Urgency: N/A - Have excluded from our pipeline until resolved.