Errors during scan
Question
What does the Fortify scan issue “Errors during scan” mean, how can I detect it, and how can I fix it?
Answer
This scan issue indicates that Fortify reported errors during the scan. While some scan errors are benign warnings, most may affect the results reported by Fortify.
How to detect
There are several methods to view any errors reported by Fortify. These methods are described in the technical note: How to view error messages reported by Fortify.
How to resolve
All scanning errors which may affect the results must be resolved to ensure the most accurate set of results. There are several steps you should take to try to resolve the issue:
- The technical note Troubleshooting Fortify Errors describes how to resolve some common errors reported by Fortify.
- The Fortify Users’ Guide provides some guidance for resolving errors.
- For errors that you are not able to resolve on your own, you may contact the VA Software Assurance Program Office for support.
If these steps do not help to resolve the errors (e.g., due to Fortify bugs or unsupported versions of languages used), please include the following items in future code review validation submissions and they will be taken into consideration during the review:
- The debug log files generated during the scan
- The command options used during the translation phase of the Fortify scan
- A readme file explaining the steps taken to try to resolve the errors
Errors that cannot be resolved will not be counted against passing the review.