java基础安全规则扫描报错

[closetou]

选择官方规则包【java基础安全】 扫描开源java靶场java-sec-code，扫描未报错，没有任何漏洞结果，下载执行日志，发现如下报错 2025-02-28 14:07:00,505-INFO: [debug] cmd: python3 -m semgrep scan --config /var/opt/tca/tools/custom-semgrep/config_rules --no-git-ignore --no-rewrite-rule-ids --json --output /CodeAnalysis/client/data/taskdirs/task_72/workdir/error_output.json /CodeAnalysis/client/data/sourcedirs/git_oxcjt22g 2025-02-28 14:07:00,505-INFO: start data handle 2025-02-28 14:07:00,505-INFO: [error]: { 2025-02-28 14:07:00,505-INFO: "code": 7, 2025-02-28 14:07:00,505-INFO: "level": "error", 2025-02-28 14:07:00,505-INFO: "message": "No config given. Run with --config auto or see https://semgrep.dev/docs/running-rules/ for instructions on running with a specific config\n", 2025-02-28 14:07:00,505-INFO: "type": "SemgrepError" 2025-02-28 14:07:00,506-INFO: } 2025-02-28 14:07:00,506-INFO: -- end ... 2025-02-28 14:07:00,517-INFO: 格式化结果 ... 2025-02-28 14:07:00,518-INFO: done_analyze start. 2025-02-28 14:07:00,518-INFO: done_analyze done.

[closetou]

另外cobra安全工具里面的规则，执行后日志提升工具没装成功。扫描界面还是正常完成，就是没扫描结果

[closetou]

上面都是基于docekr环境安装部署的