Wednesday, 18 September 2013
Tuesday, 17 September 2013
Steps to integrate fortify scan tool with Maven
Pre-requisites - Maven and Java needs to be install and configured correctly
The Fortify provides the source code to create the Maven plugin. You need to build the plugin locally and use the same for anlyzing source code using maven
Step # 1 Build fortify maven plugin
Opend command prompt cd %FORTIFY_INSTALLATION_DIRECTORY%\HP_FORTIFY\HP_Fortify_SCA_and_Apps_3.90\Samples\advanced\maven-plugin
mvn clean install
After sucessful build fortify plugin will be present into your local maven repository
Step # 2 Add fortify source code analyzer dependency to your project pom file
Step # 3 Create .fpr / report file
mvn sca:translate
mvn sca:scan
This will generate fortify scan report file in the target directory
The Fortify provides the source code to create the Maven plugin. You need to build the plugin locally and use the same for anlyzing source code using maven
Step # 1 Build fortify maven plugin
Opend command prompt cd %FORTIFY_INSTALLATION_DIRECTORY%\HP_FORTIFY\HP_Fortify_SCA_and_Apps_3.90\Samples\advanced\maven-plugin
mvn clean install
After sucessful build fortify plugin will be present into your local maven repository
Step # 2 Add fortify source code analyzer dependency to your project pom file
<build>
<plugins>
<plugin>
<groupId>com.fortify.ps.maven.plugin</groupId>
<artifactId>sca-maven-plugin</artifactId>
<version>3.90</version>
</plugin>
</plugins>
</build>
Step # 3 Create .fpr / report file
mvn sca:translate
mvn sca:scan
This will generate fortify scan report file in the target directory
Subscribe to:
Posts (Atom)