Minified JavaScript Not Scanned
Question
What does the Fortify scan issue “Minified JavaScript Not Scanned” mean, how can I detect it, and how can I fix it?
Answer
This scan issue indicates that the developer scanned custom developed JavaScript, but only included the minified (*.min.js) version in the scan. Fortify ignores minified JavaScript files, so the developer will need to ensure the non-minified versions are included in the scan and included in the code review submission package.
How to detect
Detect this issue by determining if Fortify has scanned all custom-developed JavaScript code. You can see what has been scanned by Fortify by looking at the Build Information tab in the Project Summary page of Fortify Audit Workbench. The scanned code can also be extracted as described in this technical note.
How to resolve
Ensure that the non-minified version of any custom-developed JavaScript code is included in the scan. Fortify will ignore any minified files.