On 09/25/2013 10:56 AM, Dante Avery wrote: > Good morning, > > I just want to make sure I am running the correct command to compare > previous scans and to include false positives > > This is the current command I use where fp is the false positive > config file. Also I am using the jenkins plugin > > Brakeman sourcecode -I fp --compare brk.json –o brakeman-output.tabs > –o brk.json –o brk.html > > > Also is there anyway to display the number of false positives in tabs > format?
Hi Dante, I believe you just need to make some minor changes to the command: brakeman sourcecode -i fp --compare brk.json –o brk.json –o brakeman-output.tabs –o brk.html -I is the "interactive ignore mode" which you don't want if running with Jenkins. When using --compare, Brakeman outputs the results to the first -o option, no matter what its name is, so put the json file first. Currently, there is no way to display ignored warnings in Jenkins, and therefore no way to show them in the tabs format. There are no plans to change this, especially since most of the Jenkins view code is in a parent plugin I have no control over. -Justin
