I'm trying to use HP Fortify SCA to scan RHEL7.5 server kernel [linux-3.10.0-862.el7]. I'm on the RHEL workstation OS which is on virtualbox.
In the working dir I'm doing:
"sourceanalyzer -b mybuild touchless make"
The kernel compiles using "make" by itself. The sourceanalyzer goes through some of the code but it seems to error out when it comes to:
CC arch/x86/purgatory/purgatory.o
Is Fortify capable of scanning the kernel? Do I need to use more complex commands to scan it?
The output error segment is:
touchless-script /home/sail/.fortify/sca18.1/build/myscan/build6382721854835965459/gcc called with args: -Wp,-MD,arch/x86/purgatory/.purgatory.o.d -nostdinc -isystem touchless-script /home/sail/.fortify/sca18.1/build/myscan/build6382721854835965459/gcc called with args: -print-file-name=include /usr/lib/gcc/x86_64-redhat-linux/4.8.5/include -I./arch/x86/include -Iarch/x86/include/generated -Iinclude -I./arch/x86/include/uapi -Iarch/x86/include/generated/uapi -I./include/uapi -Iinclude/generated/uapi -include ./include/linux/kconfig.h -D__KERNEL__ -fno-strict-aliasing -Wall -Wstrict-prototypes -fno-zero-initialized-in-bss -fno-builtin -ffreestanding -c -MD -Os -mcmodel=large -m64 -DKBUILD_STR(s)=#s -DKBUILD_BASENAME=KBUILD_STR(purgatory) -DKBUILD_MODNAME=KBUILD_STR(purgatory) -c -o arch/x86/purgatory/.tmp_purgatory.o arch/x86/purgatory/purgatory.c /usr/lib/gcc/x86_64-redhat-linux/4.8.5/include [warning]: File called not found [warning]: File with not found [warning]: File args: not found [warning]: File /usr/lib/gcc/x86_64-redhat-linux/4.8.5/include not found gcc: error: called: No such file or directory gcc: error: with: No such file or directory gcc: error: args:: No such file or directory objdump: 'arch/x86/purgatory/.tmp_purgatory.o': No such file mv: cannot stat ‘arch/x86/purgatory/.tmp_purgatory.o’: No such file or directory make[1]: * [arch/x86/purgatory/purgatory.o] Error 1 make: * [archprepare] Error 2
sourceanalyzer.exe? – p4r1