Excluding Source Code from the FPR

You can reduce the size of the FPR file by excluding the source code information from the FPR. This is especially valuable for large source files or codebases. Typically, you do not get a scan time reduction for small source files using this method.

There are properties you can use to prevent Fortify Static Code Analyzer from including source code in the FPR. You can set either property in the <sca_install_dir>/Core/config/fortify-sca.properties file or specify an option on the command line. The following table describes these settings.

Property Name Description

com.fortify.sca.
FPRDisableSourceBundling=true

Command-Line Option:
-disable-source-bundling

Excludes source code from the FPR.

com.fortify.sca.
FVDLDisableSnippets=true

Command-Line Option:
–fvdl-no-snippets

Excludes code snippets from the FPR.

The following command-line example uses both options to exclude both the source code and code snippets from the FPR:

sourceanalyzer -b MyProject -disable-source-bundling
-fvdl-no-snippets -scan -f MySourcelessResults.fpr