I am trying to run SCA analyzer, it runs for 4.37 Hours to scan around 23 MB of jars. When I verified log it shows below message:
The Data Flow Analyzer did not follow some virtual or indirect function calls of call type Virtual. See the user manual for information about increasing the number of indirect function calls to be explored.
Some more details regarding SCA:
For Fortify, I have used -Xmx=20G and then also its taking more time.
I have tried to use "-j" option to scan but I am getting memory error.
I ran into this same problem. According to the user guide, the resolution is to add the com.fortify.sca.limiters.MaxIndirectResolutionsForCall Fortify property. The default value is 128. For my scans I set the value to 200 and it resolved the issue. Also, if you are running this from the command line, to set the tag properly, use -Dcom.fortify.sca.limiters.MaxIndirectResolutionsForCall.